Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

The Latency Price of Threshold Cryptosystem in Blockchains

Zhuolun Xiang, Sourav Das, Zekun Li, Zhoujun Ma, Alexander Spiegelman

TL;DR

The paper investigates the latency cost of incorporating threshold cryptography into blockchain systems that use BFT-like consensus, showing that existing blockchain-native threshold cryptosystems incur at least one extra message delay. It distinguishes between tight thresholds, where secrecy and reconstruction thresholds match and latency can be eliminated, and ramp thresholds, where a nonzero delay is often unavoidable; it then introduces an optimistic fast-path that minimizes delay and validates it experimentally on Aptos. A key contribution is a tight-threshold protocol that achieves zero ekstra latency in error-free cases, and a ramp-threshold fast-path that reduces latency under optimistic conditions, including a formal impossibility result for the general ramp case. The authors implement the fast-path on Aptos’s distributed randomness framework (threshold VRF) and demonstrate a 71% latency reduction in randomness generation, with reasonable setup overhead. Overall, the work provides practical mechanisms to significantly lower the latency overhead of blockchain-native threshold cryptography, improving end-to-end performance for randomness, privacy, and MEV-resilience applications.

Abstract

Threshold cryptography is essential for many blockchain protocols. For example, many protocols rely on threshold common coin to implement asynchronous consensus, leader elections, and provide support for randomized applications. Similarly, threshold decryption and threshold time-lock puzzles are often necessary for privacy. In this paper, we study the interplay between threshold cryptography and a class of blockchains that use Byzantine-fault tolerant (BFT) consensus protocols with a focus on latency. More specifically, we focus on blockchain-native threshold cryptosystem, where the blockchain validators seek to run a threshold cryptographic protocol once for every block with the block contents as an input to the threshold cryptographic protocol. All existing approaches for blockchain-native threshold cryptosystems introduce a latency overhead of at least one message delay for running the threshold cryptographic protocol. In this paper, we first propose a mechanism to eliminate this overhead for blockchain-native threshold cryptosystems with tight thresholds, i.e., in threshold cryptographic protocols where the secrecy and reconstruction thresholds are the same. However, many real-world proof-of-stake-based blockchain-native threshold cryptosystems rely on ramp thresholds, where reconstruction thresholds are strictly greater than secrecy thresholds. For these blockchains, we formally demonstrate that the additional delay is unavoidable. We then introduce a mechanism to minimize this delay in the optimistic case. We implement our optimistic protocol for the proof-of-stake distributed randomness scheme on the Aptos blockchain. Our measurements from the Aptos mainnet show that the optimistic approach reduces latency overhead by 71%.

The Latency Price of Threshold Cryptosystem in Blockchains

TL;DR

The paper investigates the latency cost of incorporating threshold cryptography into blockchain systems that use BFT-like consensus, showing that existing blockchain-native threshold cryptosystems incur at least one extra message delay. It distinguishes between tight thresholds, where secrecy and reconstruction thresholds match and latency can be eliminated, and ramp thresholds, where a nonzero delay is often unavoidable; it then introduces an optimistic fast-path that minimizes delay and validates it experimentally on Aptos. A key contribution is a tight-threshold protocol that achieves zero ekstra latency in error-free cases, and a ramp-threshold fast-path that reduces latency under optimistic conditions, including a formal impossibility result for the general ramp case. The authors implement the fast-path on Aptos’s distributed randomness framework (threshold VRF) and demonstrate a 71% latency reduction in randomness generation, with reasonable setup overhead. Overall, the work provides practical mechanisms to significantly lower the latency overhead of blockchain-native threshold cryptography, improving end-to-end performance for randomness, privacy, and MEV-resilience applications.

Abstract

Threshold cryptography is essential for many blockchain protocols. For example, many protocols rely on threshold common coin to implement asynchronous consensus, leader elections, and provide support for randomized applications. Similarly, threshold decryption and threshold time-lock puzzles are often necessary for privacy. In this paper, we study the interplay between threshold cryptography and a class of blockchains that use Byzantine-fault tolerant (BFT) consensus protocols with a focus on latency. More specifically, we focus on blockchain-native threshold cryptosystem, where the blockchain validators seek to run a threshold cryptographic protocol once for every block with the block contents as an input to the threshold cryptographic protocol. All existing approaches for blockchain-native threshold cryptosystems introduce a latency overhead of at least one message delay for running the threshold cryptographic protocol. In this paper, we first propose a mechanism to eliminate this overhead for blockchain-native threshold cryptosystems with tight thresholds, i.e., in threshold cryptographic protocols where the secrecy and reconstruction thresholds are the same. However, many real-world proof-of-stake-based blockchain-native threshold cryptosystems rely on ramp thresholds, where reconstruction thresholds are strictly greater than secrecy thresholds. For these blockchains, we formally demonstrate that the additional delay is unavoidable. We then introduce a mechanism to minimize this delay in the optimistic case. We implement our optimistic protocol for the proof-of-stake distributed randomness scheme on the Aptos blockchain. Our measurements from the Aptos mainnet show that the optimistic approach reduces latency overhead by 71%.
Paper Structure (36 sections, 8 theorems, 2 equations, 3 tables, 3 algorithms)

This paper contains 36 sections, 8 theorems, 2 equations, 3 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries
  3. Blockchain Definitions
  4. Examples of Multi-shot Byzantine Broadcast with finalization threshold.
  5. Cryptography Definitions
  6. Blockchain-Native Threshold Cryptosystem
  7. Example of blockchain-native threshold cryptosystem.
  8. Blockchain-Native Threshold Cryptosystem with Finalization Threshold
  9. A Strawman Protocol
  10. Tight Blockchain-Native Threshold Cryptosystem
  11. Ramp Blockchain-Native Threshold Cryptography
  12. Impossibility
  13. Fast Path
  14. Distributed Randomness: A Case Study
  15. Evaluation Results.
  16. ...and 21 more sections

Key Result

theorem 1.1

For any $\sf BTC_{FT}\xspace=(\sf MBB_{FT}\xspace,\sf TC\xspace)$ with ramp thresholds, there always exists some execution where ${\sf GRT}_{r\xspace}>{\sf GFT}_{r\xspace}$ for each round $r\xspace\in\mathbb{N}$.

Theorems & Definitions (28)

  • definition thmcounterdefinition: Multi-shot Byzantine Broadcast
  • definition thmcounterdefinition: Execution, multivalent and univalent state
  • definition thmcounterdefinition: Global finalization
  • definition thmcounterdefinition: Finalization Threshold $t_{\sf fin}$
  • definition thmcounterdefinition: Threshold Cryptosystem
  • definition thmcounterdefinition: Ramp blakley1985security and tight thresholds
  • definition thmcounterdefinition: Global reconstruction
  • definition thmcounterdefinition: Blockchain-Native Threshold Cryptosystem
  • definition thmcounterdefinition: Latency of Blockchain-Native Threshold Cryptosystem
  • definition thmcounterdefinition: Blockchain-Native Threshold Cryptosystem with Finalization Threshold
  • ...and 18 more