FairPoS: Input Fairness in Permissionless Consensus

Authors James Hsin-yu Chiang , Bernardo David, Ittay Eyal , Tiantian Gong

Thumbnail PDF


  • Filesize: 0.99 MB
  • 23 pages

Document Identifiers

Author Details

James Hsin-yu Chiang
  • Aarhus University, Denmark
Bernardo David
  • IT University of Copenhagen, Denmark
Ittay Eyal
  • Technion, Haifa, Israel
Tiantian Gong
  • Purdue University, West Lafayette, IN, USA

Cite AsGet BibTex

James Hsin-yu Chiang, Bernardo David, Ittay Eyal, and Tiantian Gong. FairPoS: Input Fairness in Permissionless Consensus. In 5th Conference on Advances in Financial Technologies (AFT 2023). Leibniz International Proceedings in Informatics (LIPIcs), Volume 282, pp. 10:1-10:23, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2023)


In permissionless consensus, the ordering of transactions or inputs in each block is freely determined by an anonymously elected block leader. A rational block leader will choose an ordering of inputs that maximizes financial gain; the emergence of automatic market makers in decentralized finance enables the block leader to front-run honest trade orders by injecting its own inputs prior to and after honest trades. Front-running is rampant in decentralized finance and reduces the utility of the system by extracting financial value from honest trades and increasing demand for block-space. Current proposals to prevent input order attacks by encrypting user inputs are not permissionless, as they rely on small static committees to perform distributed key generation and threshold decryption. Such committees require party authentication, knowledge of the number of participating parties or do not permit player replaceability and are therefore not permissionless. Moreover, alternative solutions based on sequencing inputs in order of their arrival cannot prevent front-running in an unauthenticated peer-2-peer network where message arrival is adversarially controlled. We present FairPoS, the first consensus protocol to achieve input fairness in the permissionless setting with security against adaptive adversaries in semi-synchronous networks. In FairPoS, the adversary cannot learn the plaintext of any client input before it is included in a block in the chain’s common-prefix. Thus, input ordering attacks that depend on observing pending client inputs in the clear are no longer possible. In FairPoS, this is achieved via Delay Encryption (DeFeo et al., EUROCRYPT 2021), a recent cryptographic primitive related to time-lock puzzles, allowing all client inputs in a given round to be encrypted under a key that can only be extracted after enough time has elapsed. In contrast to alternative approaches, the key extraction task in delay encryption can, in principle, be performed by any party in the permissionless setting and requires no distribution of secret key material amongst authenticated parties. However, key extraction requires highly specialized hardware in practice. Thus, FairPoS requires resource-rich staking parties to insert extracted keys into blocks, enabling light-clients to decrypt past inputs and relieving parties who join the execution from decrypting all inputs in the entire chain history. Realizing this in proof-of-stake is non-trivial; naive application of key extraction to proof-of-stake can result in chain stalls lasting the entire key extraction period. We overcome this challenge with a novel key extraction protocol, which tolerates adversarial delays in block delivery intended to prevent key extraction from completing on schedule. Critically, this also enables the adoption of a new longest-extendable-chain rule which allows FairPoS to achieve the same guarantees as Ouroborous Praos against an adaptive adversary.

Subject Classification

ACM Subject Classification
  • Security and privacy → Privacy-preserving protocols
  • Front-running
  • Delay Encryption
  • Proof-of-Stake
  • Blockchain


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. VDF Alliance. VDF Alliance Official Wiki. https://supranational.atlassian.net/wiki/spaces/VA/overview, 2022.
  2. Avalanche. Apricot Phase Four: Snowman++ and Reduced C-Chain Transaction Fees. https://medium.com/avalancheavax/apricot-phase-four-snowman-and-reduced-c-chain-transaction-fees-1e1f67b42ecf, 2021.
  3. Christian Badertscher, Peter Gaži, Aggelos Kiayias, Alexander Russell, and Vassilis Zikas. Ouroboros genesis: Composable proof-of-stake blockchains with dynamic availability. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pages 913-930, 2018. URL: https://doi.org/10.1145/3243734.3243848.
  4. Vivek Bagaria, Sreeram Kannan, David Tse, Giulia Fanti, and Pramod Viswanath. Prism: Deconstructing the blockchain to approach physical limits. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pages 585-602, 2019. URL: https://doi.org/10.1145/3319535.3363213.
  5. Massimo Bartoletti, James Hsin-yu Chiang, and Alberto Lluch-Lafuente. Maximizing extractable value from automated market makers. arXiv preprint arXiv:2106.01870, 2021. URL: https://arxiv.org/pdf/2106.01870.
  6. Carsten Baum, Bernardo David, Rafael Dowsley, Jesper Buus Nielsen, and Sabine Oechsner. Tardis: a foundation of time-lock puzzles in uc. In Advances in Cryptology-EUROCRYPT 2021: 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, October 17-21, 2021, Proceedings, Part III, pages 429-459. Springer, 2021. URL: https://doi.org/10.1007/978-3-030-77883-5_15.
  7. Joseph Bebel and Dev Ojha. Ferveo: Threshold Decryption for Mempool Privacy in BFT networks. Cryptology ePrint Archive, 2022. URL: https://eprint.iacr.org/2022/898.
  8. Mihir Bellare and Sara K. Miner. A forward-secure digital signature scheme. In Michael J. Wiener, editor, CRYPTO'99, volume 1666 of LNCS, pages 431-448. Springer, Heidelberg, August 1999. URL: https://doi.org/10.1007/3-540-48405-1_28.
  9. Fabrice Benhamouda, Craig Gentry, Sergey Gorbunov, Shai Halevi, Hugo Krawczyk, Chengyu Lin, Tal Rabin, and Leonid Reyzin. Can a public blockchain keep a secret? In Rafael Pass and Krzysztof Pietrzak, editors, TCC 2020, Part I, volume 12550 of LNCS, pages 260-290. Springer, Heidelberg, November 2020. URL: https://doi.org/10.1007/978-3-030-64375-1_10.
  10. Erica Blum, Aggelos Kiayias, Cristopher Moore, Saad Quader, and Alexander Russell. Linear consistency for proof-of-stake blockchains. arXiv preprint arXiv:1911.10187, 2019. URL: https://arxiv.org/abs/1911.10187.
  11. Dan Boneh and Moni Naor. Timed commitments. In Advances in Cryptology—CRYPTO 2000: 20th Annual International Cryptology Conference Santa Barbara, California, USA, August 20-24, 2000 Proceedings, pages 236-254. Springer, 2000. URL: https://link.springer.com/content/pdf/10.1007/3-540-44598-6.pdf#page=248.
  12. Jeffrey Burdges and Luca De Feo. Delay encryption. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 302-326. Springer, 2021. URL: https://doi.org/10.1007/978-3-030-77870-5_11.
  13. Christian Cachin, Jovana Mićić, and Nathalie Steinhauer. Quick Order Fairness. arXiv preprint arXiv:2112.06615, 2021. URL: https://arxiv.org/abs/2112.06615.
  14. Matteo Campanelli, Bernardo David, Hamidreza Khoshakhlagh, Anders Konring, and Jesper Buus Nielsen. Encryption to the future - A paradigm for sending secret messages to future (anonymous) committees. In ASIACRYPT 2022, Part III, LNCS, pages 151-180. Springer, Heidelberg, December 2022. URL: https://doi.org/10.1007/978-3-031-22969-5_6.
  15. Ignacio Cascudo, Bernardo David, Lydia Garms, and Anders Konring. YOLO YOSO: Fast and simple encryption and secret sharing in the YOSO model. In ASIACRYPT 2022, Part I, LNCS, pages 651-680. Springer, Heidelberg, December 2022. URL: https://doi.org/10.1007/978-3-031-22963-3_22.
  16. James Hsin-yu Chiang, Bernardo David, Ittay Eyal, and Tiantian Gong. FairPoS: Input Fairness in Permissionless Consensus. https://eprint.iacr.org/2022/1442, 2023. Full paper version.
  17. Dan Cline, Thaddeus Dryja, and Neha Narula. ClockWork: An Exchange Protocol for Proofs of Non Front-Running. In The Stanford Blockchain Conference 2020, 2020. URL: https://www.media.mit.edu/publications/clockwork-an-exchange-protocol-for-proofs-of-non-front-running/.
  18. P. Daian, S. Goldfeder, T. Kell, Y. Li, X. Zhao, I. Bentov, L. Breidenbach, and A. Juels. Flash boys 2.0: Frontrunning in decentralized exchanges, miner extractable value, and consensus instability. In IEEE Symposium on Security and Privacy, pages 910-927. IEEE, 2020. URL: https://doi.org/10.1109/SP40000.2020.00040.
  19. Bernardo David, Peter Gaži, Aggelos Kiayias, and Alexander Russell. Ouroboros praos: An adaptively-secure, semi-synchronous proof-of-stake blockchain. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 66-98. Springer, 2018. URL: https://doi.org/10.1007/978-3-319-78375-8_3.
  20. Luca De Feo, Simon Masson, Christophe Petit, and Antonio Sanso. Verifiable delay functions from supersingular isogenies and pairings. In International Conference on the Theory and Application of Cryptology and Information Security, pages 248-277. Springer, 2019. URL: https://doi.org/10.1007/978-3-030-34578-5_10.
  21. Nico Döttling, Lucjan Hanzlik, Bernardo Magri, and Stella Wohnig. Mcfly: Verifiable encryption to the future made practical. Cryptology ePrint Archive, 2022. URL: https://eprint.iacr.org/2022/433.
  22. Andreas Erwig, Sebastian Faust, and Siavash Riahi. Large-scale non-interactive threshold cryptosystems through anonymity. Cryptology ePrint Archive, Report 2021/1290, 2021. URL: https://eprint.iacr.org/2021/1290.
  23. Juan Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. In Annual international conference on the theory and applications of cryptographic techniques, pages 281-310. Springer, 2015. URL: https://doi.org/10.1007/978-3-662-46803-6_10.
  24. Vipul Goyal, Abhiram Kothapalli, Elisaweta Masserova, Bryan Parno, and Yifan Song. Storing and retrieving secrets on a blockchain. In PKC 2022, Part I, LNCS, pages 252-282. Springer, Heidelberg, May 2022. URL: https://doi.org/10.1007/978-3-030-97121-2_10.
  25. Gene Itkis and Leonid Reyzin. Forward-secure signatures with optimal signing and verifying. In Joe Kilian, editor, CRYPTO 2001, volume 2139 of LNCS, pages 332-354. Springer, Heidelberg, August 2001. URL: https://doi.org/10.1007/3-540-44647-8_20.
  26. Fredrik Kamphuis, Bernardo Magri, Ricky Lamberty, and Sebastian Faust. Revisiting transaction ledger robustness in the miner extractable value era. In International Conference on Applied Cryptography and Network Security, pages 675-698. Springer, 2023. URL: https://doi.org/10.1007/978-3-031-33491-7_25.
  27. Mahimna Kelkar, Soubhik Deb, and Sreeram Kannan. Order-fair consensus in the permissionless setting. In Proceedings of the 9th ACM on ASIA Public-Key Cryptography Workshop, pages 3-14, 2022. URL: https://doi.org/10.1145/3494105.3526239.
  28. Mahimna Kelkar, Soubhik Deb, Sishan Long, Ari Juels, and Sreeram Kannan. Themis: Fast, Strong Order-Fairness in Byzantine Consensus, 2021. URL: https://eprint.iacr.org/2021/1465.
  29. Mahimna Kelkar, Fan Zhang, Steven Goldfeder, and Ari Juels. Order-fairness for byzantine consensus. In Annual International Cryptology Conference, pages 451-480. Springer, 2020. URL: https://doi.org/10.1007/978-3-030-56877-1_16.
  30. Aggelos Kiayias, Saad Quader, and Alexander Russell. Consistency of proof-of-stake blockchains with concurrent honest slot leaders. In 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS), pages 776-786. IEEE, 2020. URL: https://doi.org/10.1109/ICDCS47774.2020.00065.
  31. Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Annual international cryptology conference, pages 357-388. Springer, 2017. URL: https://doi.org/10.1007/978-3-319-63688-7_12.
  32. Dahlia Malkhi and Pawel Szalachowski. Maximal Extractable Value (MEV) Protection on a DAG. arXiv e-prints, pages arXiv-2208, 2022. URL: https://arxiv.org/abs/2208.00940.
  33. Peyman Momeni. Fairblock: Preventing blockchain front-running with minimal overheads. Master’s thesis, University of Waterloo, 2022. URL: https://eprint.iacr.org/2022/1066.
  34. Ronald L Rivest, Adi Shamir, and David A Wagner. Time-lock puzzles and timed-release crypto. Technical report, Massachusetts Institute of Technology. Laboratory for Computer Science, 1996. URL: http://bitsavers.trailing-edge.com/pdf/mit/lcs/tr/MIT-LCS-TR-684.pdf.
  35. Sri Aravinda Krishnan Thyagarajan, Tiantian Gong, Adithya Bhat, Aniket Kate, and Dominique Schröder. Opensquare: Decentralized repeated modular squaring service. In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, pages 3447-3464, 2021. URL: https://doi.org/10.1145/3460120.3484809.
  36. Sam M Werner, Daniel Perez, Lewis Gudgeon, Ariah Klages-Mundt, Dominik Harz, and William J Knottenbelt. Sok: Decentralized finance (defi). arXiv preprint arXiv:2101.08778, 2021. URL: https://arxiv.org/abs/2101.08778.
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail