Thunderella: Blockchains with Optimistic Instant Confirmation

  • Rafael PassEmail author
  • Elaine Shi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10821)


State machine replication, or “consensus”, is a central abstraction for distributed systems where a set of nodes seek to agree on an ever-growing, linearly-ordered log. In this paper, we propose a practical new paradigm called Thunderella for achieving state machine replication by combining a fast, asynchronous path with a (slow) synchronous “fall-back” path (which only gets executed if something goes wrong); as a consequence, we get simple state machine replications that essentially are as robust as the best synchronous protocols, yet “optimistically” (if a super majority of the players are honest), the protocol “instantly” confirms transactions.

We provide instantiations of this paradigm in both permissionless (using proof-of-work) and permissioned settings. Most notably, this yields a new blockchain protocol (for the permissionless setting) that remains resilient assuming only that a majority of the computing power is controlled by honest players, yet optimistically—if 3/4 of the computing power is controlled by honest players, and a special player called the “accelerator”, is honest—transactions are confirmed as fast as the actual message delay in the network. We additionally show the 3/4 optimistic bound is tight for protocols that are resilient assuming only an honest majority.



We thank Jian Xie and Youcai Qian for inspiring conversations. We also thank Lorenzo Alvisi and Robbert van Renesse for helpful discussions and moral support. This work is supported in part by NSF grants CNS-1217821, CNS-1314857, CNS-1514261, CNS-1544613, CNS-1561209, CNS-1601879, CNS-1617676, AFOSR Award FA9550-15-1-0262, an Office of Naval Research Young Investigator Program Award, a Microsoft Faculty Fellowship, a Packard Fellowship, a Sloan Fellowship, Google Faculty Research Awards, and a VMWare Research Award.


  1. 1.
    Attiya, H., Dwork, C., Lynch, N., Stockmeyer, L.: Bounds on the time to reach agreement in the presence of timing uncertainty. J. ACM 41(1), 122–152 (1994)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Bentov, I., Gabizon, A., Mizrahi, A.: Cryptocurrencies without proof of work. In: Financial Cryptography Bitcoin Workshop (2016)Google Scholar
  3. 3.
    Bentov, I., Lee, C., Mizrahi, A., Rosenfeld, M.: Proof of activity: extending bitcoin’s proof of work via proof of stake. In: NetEcon (2014)Google Scholar
  4. 4.
    Birman, K.P., Joseph, T.A.: Exploiting virtual synchrony in distributed systems. In: SOSP (1987)Google Scholar
  5. 5.
    Burrows, M.: The chubby lock service for loosely-coupled distributed systems. In: OSDI (2006)Google Scholar
  6. 6.
  7. 7.
  8. 8.
    Castañeda, A., Gonczarowski, Y.A., Moses, Y.: Unbeatable consensus. In: DISC (2014)Google Scholar
  9. 9.
    Castro, M., Liskov, B.: Practical byzantine fault tolerance. In: OSDI (1999)Google Scholar
  10. 10.
    User “cunicula”, Rosenfeld, M.: Proof of stake brainstorming, August 2011.
  11. 11.
    Daian, P., Pass, R., Shi, E.: Snow white: provably secure proofs of stake. Cryptology ePrint Archive, Report 2016/919 (2016)Google Scholar
  12. 12.
    Decker, C., Seidel, J., Wattenhofer, R.: Bitcoin meets strong consistency. In: ICDCN (2016)Google Scholar
  13. 13.
    Dolev, D., Reischuk, R., Raymond Strong, H.: Early stopping in byzantine agreement. J. ACM 37(4), 720–741 (1990)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Dolev, D., Raymond Strong, H.: Authenticated algorithms for byzantine agreement. SIAM J. Comput. SIAMCOMP 12(4), 656–666 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Dwork, C., Lynch, N., Stockmeyer, L.: Consensus in the presence of partial synchrony. J. ACM 35, 288–323 (1988)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Dwork, C., Moses, Y.: Knowledge and common knowledge in a byzantine environment I: crash failures. In: TARK, pp. 149–169 (1986)Google Scholar
  17. 17.
    Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable. In: FC (2014)Google Scholar
  18. 18.
    Garay, J.A., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol with chains of variable difficulty. Cryptology ePrint Archive, 2016/1048 (2016)Google Scholar
  19. 19.
    Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). Scholar
  20. 20.
    Guerraoui, R., Knežević, N., Quéma, V., Vukolić, M.: The next 700 BFT protocols. In: Proceedings of the 5th European Conference on Computer Systems, EuroSys 2010, pp. 363–376. ACM, New York (2010)Google Scholar
  21. 21.
    Halpern, J.Y., Moses, Y., Waarts, O.: A characterization of eventual Byzantine agreement. SIAM J. Comput. 31(3), 838–865 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Herlihy, M., Moses, Y., Tuttle, M.R.: Transforming worst-case optimal solutions for simultaneous tasks into all-case optimal solutions. In: PODC (2011)Google Scholar
  23. 23.
    Herzberg, A., Kutten, S.: Early detection of message forwarding faults. SIAM J. Comput. 30(4), 1169–1196 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Junqueira, F.P., Reed, B.C., Serafini, M.: Zab: high-performance broadcast for primary-backup systems. In: DSN (2011)Google Scholar
  25. 25.
    Katz, J., Koo, C.-Y.: On expected constant-round protocols for Byzantine agreement. J. Comput. Syst. Sci. 75(2), 91–112 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    Kiayias, A., Russell, A., David, B., Oliynykov, R.: Ouroboros: a provably secure proof-of-stake blockchain protocol. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 357–388. Springer, Cham (2017). Scholar
  27. 27.
    King, S., Nadal, S.: PPCoin: peer-to-peer crypto-currency with proof-of-stake (2012).
  28. 28.
    Kokoris-Kogias, E., Jovanovic, P., Gailly, N., Khoffi, I., Gasser, L., Ford, B.: Enhancing bitcoin security and performance with strong consistency via collective signing. CoRR, abs/1602.06997 (2016)Google Scholar
  29. 29.
    Kotla, R., Alvisi, L., Dahlin, M., Clement, A., Wong, E.L.: Zyzzyva: speculative byzantine fault tolerance. In: SOSP (2007)Google Scholar
  30. 30.
    Lamport, L.: Fast paxos. Distrib. Comput. 19(2), 79–103 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  31. 31.
    Lamport, L., Malkhi, D., Zhou, L.: Vertical paxos and primary-backup replication. In: PODC, pp. 312–313 (2009)Google Scholar
  32. 32.
    Micali, S.: Algorand: the efficient and democratic ledger (2016).
  33. 33.
    Moses, Y., Raynal, M.: No double discount: condition-based simultaneity yields limited gain. Inf. Comput. 214, 47–58 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  34. 34.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)Google Scholar
  35. 35.
    Pass, R., Seeman, L., Shelat, A.: Analysis of the blockchain protocol in asynchronous networks. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 643–673. Springer, Cham (2017). Scholar
  36. 36.
    Pass, R., Shi, E.: Thunderella: blockchains with optimistic instant confirmation.
  37. 37.
    Pass, R., Shi, E.: Fruitchains: a fair blockchain. In: PODC (2017)Google Scholar
  38. 38.
    Pass, R., Shi, E.: Hybrid consensus: efficient consensus in the permissionless model. In: DISC (2017)Google Scholar
  39. 39.
    Pass, R., Shi, E.: Rethinking large-scale consensus (invited paper). In: CSF (2017)Google Scholar
  40. 40.
    Pass, R., Shi, E.: The sleepy model of consensus. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 380–409. Springer, Cham (2017). Scholar
  41. 41.
    User “QuantumMechanic”: Proof of stake instead of proof of work, July 2011.
  42. 42.
    Song, Y.J., van Renesse, R.: Bosco: one-step byzantine asynchronous consensus. In: Taubenfeld, G. (ed.) DISC 2008. LNCS, vol. 5218, pp. 438–450. Springer, Heidelberg (2008). Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.CornellTechNew YorkUSA
  2. 2.CornellIthacaUSA

Personalised recommendations