Slipstream: Ebb-and-Flow Consensus on a DAG with Fast Confirmation for UTXO Transactions

TL;DR

Slipstream introduces a DAG-based BFT protocol with two ebb-and-flow orderings: an optimistic ordering that remains live in the slot-sleepy model and a final ordering that is safe and live after GST in the ELSS model. It integrates a fast UTXO transaction confirmation path and uses slot-digests, digest certificates, and a consensus path to resolve unconfirmed double spends via the DAG structure. The protocol achieves deterministic safety and liveness in the sleepy setting, with $O(n^2)$ amortized communication per transaction bit, and provides formal proofs of dynamic availability, eventual synchrony, and transaction finality. This work has practical implications for robust, high-throughput DAG-based ledgers with fast payments, while highlighting trade-offs between liveness, safety, and communication in different network models.

Abstract

This paper introduces Slipstream, a Byzantine Fault Tolerance (BFT) protocol where nodes concurrently propose blocks to be added to a Directed Acyclic Graph (DAG) and aim to agree on block ordering. Slipstream offers two types of block orderings: an optimistic ordering, which is live and secure in a sleepy model under up to 50% Byzantine nodes, and a final ordering, which is a prefix of the optimistic ordering and ensures safety and liveness in an eventual lock-step synchronous model under up to 33% Byzantine nodes. Additionally, Slipstream integrates a payment system that allows for fast UTXO transaction confirmation independently of block ordering. Transactions are confirmed in three rounds during synchrony, and unconfirmed double spends are resolved in a novel way using the DAG structure.

Figures (4)

• Figure 1: Different phases of Slipstream within a slot
• Figure 2: On the left, the past cone of a block $B$ consist of all blocks that are reachable from $B$. Blocks depicted with less opacity are not in the past cone, while blocks that appear 'fatter' do form the past cone. On the right, $B1$ and $B2$ are equivocations of the blue node. The orange node issues a block $C$ referring only to $B1$ and not to $B2$. The green sees the equivocation immediately and refers with its block $D$ to both blocks $B1$ and $B2$ and adds the blue node to its set of equivocators. The orange node adds the blue node to the set of equivocators in the next instant with block $F$, and the red one finally witnesses the equivocation with its block $E$.
• Figure 3: The block $B$ contains an honest cautious transaction $tx$, i.e., $tx \in B.\mathrm{txs}$, and thus $tx$ is $B$-ready. The block $C$ issued by the orange node is a transaction certificate for $tx$ in $B$, as its past cone contains a quorum represented by blocks $D$, $E$, and $F$, approving block $tx$ in $B$. In the same way, blocks $G$ and $H$ form transaction certificates; hence, transaction $tx$ is fast-path confirmed.
• Figure 4: The blocks of the orange, green, and red nodes created at round $\langle s-1, 3\rangle$ contain a digest of the DAG up to slot $s-2$. Here, the fat purple edges are not normal references but represent the $B.\mathrm{digest}$ entries, and this digest is depicted using a purple circle. The blue node has a different perception of what happened in slot $s-2$ and will create a different digest not shown in the image. Block $A$ does contain blocks of a quorum with the same digest in its past cone, and hence serves as a digest certificate (DC) of the "purple" digest. This digest becomes final as blocks $B$ and $C$ also form DCs.

Theorems & Definitions (50)

• Definition 2.1: Lock-step synchronous model
• Remark 1
• Definition 2.2: Eventual lock-step synchronous model
• Definition 2.3: Leader selection
• Definition 2.4: Slot-sleepy model
• Definition 2.5: Cautious account
• Remark 2
• Remark 3
• Definition 2.6: Honest account
• Definition 3.1: Reachable block