Proofs of Proof-Of-Stake with Sublinear Complexity

Authors Shresth Agrawal , Joachim Neu , Ertem Nusret Tas , Dionysis Zindros

Thumbnail PDF


  • Filesize: 1.06 MB
  • 24 pages

Document Identifiers

Author Details

Shresth Agrawal
  • Technische Universität München, Germany
Joachim Neu
  • Stanford University, CA, USA
Ertem Nusret Tas
  • Stanford University, CA, USA
Dionysis Zindros
  • Stanford University, CA, USA


The authors thank Kostis Karantias for the helpful discussions on bisection games, and Daniel Marin for reading early versions of this paper and providing suggestions. The work of JN was conducted in part while at Paradigm. The work of SA was conducted in part while at Common Prefix.

Cite AsGet BibTex

Shresth Agrawal, Joachim Neu, Ertem Nusret Tas, and Dionysis Zindros. Proofs of Proof-Of-Stake with Sublinear Complexity. In 5th Conference on Advances in Financial Technologies (AFT 2023). Leibniz International Proceedings in Informatics (LIPIcs), Volume 282, pp. 14:1-14:24, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2023)


Popular Ethereum wallets (like MetaMask) entrust centralized infrastructure providers (e.g., Infura) to run the consensus client logic on their behalf. As a result, these wallets are light-weight and high-performant, but come with security risks. A malicious provider can mislead the wallet by faking payments and balances, or censoring transactions. On the other hand, light clients, which are not in popular use today, allow decentralization, but are concretely inefficient, often with asymptotically linear bootstrapping complexity. This poses a dilemma between decentralization and performance. We design, implement, and evaluate a new proof-of-stake (PoS) superlight client with concretely efficient and asymptotically logarithmic bootstrapping complexity. Our proofs of proof-of-stake (PoPoS) take the form of a Merkle tree of PoS epochs. The verifier enrolls the provers in a bisection game, in which honest provers are destined to win once an adversarial Merkle tree is challenged at sufficient depth. We provide an implementation for mainnet Ethereum: compared to the state-of-the-art light client construction of Ethereum, our client improves time-to-completion by 9×, communication by 180×, and energy usage by 30× (when bootstrapping after 10 years of consensus execution). As an important additional application, our construction can be used to realize trustless cross-chain bridges, in which the superlight client runs within a smart contract and takes the role of an on-chain verifier. We prove our construction is secure and show how to employ it for other PoS systems such as Cardano (with fully adaptive adversary), Algorand, and Snow White.

Subject Classification

ACM Subject Classification
  • Security and privacy → Distributed systems security
  • Proof-of-stake
  • blockchain
  • light client
  • superlight
  • bridge
  • Ethereum


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads


  1. Shresth Agrawal, Joachim Neu, Ertem Nusret Tas, and Dionysis Zindros. Proofs of proof-of-stake with sublinear complexity. Cryptology ePrint Archive, Paper 2022/1642, 2022. URL:
  2. Adam Back, Matt Corallo, Luke Dashjr, Mark Friedenbach, Gregory Maxwell, Andrew Miller, Andrew Poelstra, Jorge Timón, and Pieter Wuille. Enabling blockchain innovations with pegged sidechains, 2014. URL:
  3. Christian Badertscher, Peter Gazi, Aggelos Kiayias, Alexander Russell, and Vassilis Zikas. Ouroboros genesis: Composable proof-of-stake blockchains with dynamic availability. In CCS, pages 913-930. ACM, 2018. Google Scholar
  4. Joseph Bonneau, Izaak Meckler, Vanishree Rao, and Evan Shapiro. Coda: Decentralized cryptocurrency at scale. Cryptology ePrint Archive, Paper 2020/352, 2020. URL:
  5. Ethan Buchman, Jae Kwon, and Zarko Milosevic. The latest gossip on bft consensus, 2018. URL:
  6. Benedikt Bünz, Lucianna Kiffer, Loi Luu, and Mahdi Zamani. Flyclient: Super-light clients for cryptocurrencies. In IEEE Symposium on Security and Privacy, pages 928-946. IEEE, 2020. Google Scholar
  7. Vitalik Buterin. A next-generation smart contract and decentralized application platform, 2014. Google Scholar
  8. Vitalik Buterin. Proof of Stake: How I Learned to Love Weak Subjectivity, November 2014. URL:
  9. Vitalik Buterin and Virgil Griffith. Casper the friendly finality gadget, 2017. URL:
  10. Vitalik Buterin, Diego Hernandez, Thor Kamphefner, Khiem Pham, Zhi Qiao, Danny Ryan, Juhyeok Sin, Ying Wang, and Yan X Zhang. Combining ghost and casper, 2020. URL:
  11. Ran Canetti, Ben Riva, and Guy N. Rothblum. Practical delegation of computation using multiple servers. In CCS, pages 445-454. ACM, 2011. Google Scholar
  12. Ran Canetti, Ben Riva, and Guy N. Rothblum. Refereed delegation of computation. Inf. Comput., 226:16-36, 2013. Google Scholar
  13. Miguel Castro and Barbara Liskov. Practical byzantine fault tolerance. In OSDI, pages 173-186. USENIX Association, 1999. Google Scholar
  14. Pyrros Chaidos and Aggelos Kiayias. Mithril: Stake-based threshold multisignatures. Cryptology ePrint Archive, Paper 2021/916, 2021. URL:
  15. Panagiotis Chatzigiannis, Foteini Baldimtsi, and Konstantinos Chalkias. Sok: Blockchain light clients. In Financial Cryptography, volume 13411 of LNCS, pages 615-641. Springer, 2022. Google Scholar
  16. ConsenSys. MetaMask Surpasses 10 Million MAUs, Making It The World’s Leading Non-Custodial Crypto Wallet, August 2021. URL:
  17. Phil Daian, Rafael Pass, and Elaine Shi. Snow white: Robustly reconfigurable consensus and applications to provably secure proof of stake. Cryptology ePrint Archive, Paper 2016/919, 2016. URL:
  18. Stelios Daveas, Kostis Karantias, Aggelos Kiayias, and Dionysis Zindros. A gas-efficient superlight bitcoin client in solidity. In AFT, pages 132-144. ACM, 2020. Google Scholar
  19. Bernardo David, Peter Gazi, Aggelos Kiayias, and Alexander Russell. Ouroboros praos: An adaptively-secure, semi-synchronous proof-of-stake blockchain. In EUROCRYPT (2), volume 10821 of LNCS, pages 66-98. Springer, 2018. Google Scholar
  20. Evangelos Deirmentzoglou, Georgios Papakyriakopoulos, and Constantinos Patsakis. A survey on long-range attacks for proof of stake protocols. IEEE Access, 7:28712-28725, 2019. Google Scholar
  21. Grin Developers. Merkle Mountain Ranges (MMR). URL:
  22. Ethereum Developers. Altair Light Client - Light Client, 2023. URL:
  23. Ethereum Developers. Altair Light Client - Sync Protocol, 2023. URL:
  24. Ariel Gabizon, Kobi Gurkan, Philipp Jovanovic, Georgios Konstantopoulos, Asa Oines, Marek Olszewski, Michael Straka, Eran Tromer, and Psi Vesely. Plumo: Towards scalable interoperable blockchains using ultra light validation systems, 2020. URL:
  25. Juan Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. Cryptology ePrint Archive, Paper 2014/765, 2014. URL:
  26. Juan A. Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. In EUROCRYPT (2), volume 9057 of LNCS, pages 281-310. Springer, 2015. Google Scholar
  27. Juan A. Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol with chains of variable difficulty. In CRYPTO (1), volume 10401 of LNCS, pages 291-323. Springer, 2017. Google Scholar
  28. Peter Gazi, Aggelos Kiayias, and Dionysis Zindros. Proof-of-stake sidechains. In IEEE Symposium on Security and Privacy, pages 139-156. IEEE, 2019. Google Scholar
  29. Gene Itkis and Leonid Reyzin. Forward-secure signatures with optimal signing and verifying. In CRYPTO, volume 2139 of LNCS, pages 332-354. Springer, 2001. Google Scholar
  30. Harry A. Kalodner, Steven Goldfeder, Xiaoqi Chen, S. Matthew Weinberg, and Edward W. Felten. Arbitrum: Scalable, private smart contracts. In USENIX Security Symposium, pages 1353-1370. USENIX Association, 2018. Google Scholar
  31. Kostis Karantias. Sok: A taxonomy of cryptocurrency wallets. Cryptology ePrint Archive, Paper 2020/868, 2020. URL:
  32. Kostis Karantias, Aggelos Kiayias, and Dionysis Zindros. Compact storage of superblocks for nipopow applications. In MARBLE, pages 77-91. Springer, 2019. Google Scholar
  33. Kostis Karantias, Aggelos Kiayias, and Dionysis Zindros. Proof-of-burn. In Financial Cryptography, volume 12059 of LNCS, pages 523-540. Springer, 2020. Google Scholar
  34. Jonathan Katz and Yehuda Lindell. Introduction to Modern Cryptography, Second Edition. CRC Press, 2014. Google Scholar
  35. Aggelos Kiayias, Nikolaos Lamprou, and Aikaterini-Panagiota Stouka. Proofs of proofs of work with sublinear complexity. In Financial Cryptography Workshops, volume 9604 of LNCS, pages 61-78. Springer, 2016. Google Scholar
  36. Aggelos Kiayias, Nikos Leonardos, and Dionysis Zindros. Mining in logarithmic space. In CCS, pages 3487-3501. ACM, 2021. Google Scholar
  37. Aggelos Kiayias, Andrew Miller, and Dionysis Zindros. Non-interactive proofs of proof-of-work. In Financial Cryptography, volume 12059 of LNCS, pages 505-522. Springer, 2020. Google Scholar
  38. Aggelos Kiayias, Andrianna Polydouri, and Dionysis Zindros. The velvet path to superlight blockchain clients. In AFT, pages 205-218. ACM, 2021. Google Scholar
  39. Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In CRYPTO (1), volume 10401 of LNCS, pages 357-388. Springer, 2017. Google Scholar
  40. Aggelos Kiayias and Dionysis Zindros. Proof-of-work sidechains. In Financial Cryptography Workshops, volume 11599 of LNCS, pages 21-34. Springer, 2019. Google Scholar
  41. Jae Kwon and Ethan Buchman. A network of distributed ledgers - cosmos whitepaper. URL:
  42. Rongjian Lan, Ganesha Upadhyaya, Stephen Tse, and Mahdi Zamani. Horizon: A gas-efficient, trustless bridge for cross-chain transactions, 2021. URL:
  43. Ralph C. Merkle. A digital signature based on a conventional encryption function. In CRYPTO, volume 293 of LNCS, pages 369-378. Springer, 1987. Google Scholar
  44. Rafael Pass, Lior Seeman, and Abhi Shelat. Analysis of the blockchain protocol in asynchronous networks. In EUROCRYPT (2), volume 10211 of LNCS, pages 643-673, 2017. Google Scholar
  45. Succinct Labs. Building the end game of interoperability with zkSNARKs, 2023. URL:
  46. Ertem Nusret Tas, Dionysis Zindros, Lei Yang, and David Tse. Light clients for lazy blockchains. Cryptology ePrint Archive, Paper 2022/384, 2022. URL:
  47. Peter Todd. Merkle mountain ranges, October 2012. URL:
  48. Jason Wise. Metamask Statistics 2023: How Many People Use Metamask?, March 2023. URL:
  49. Gavin Wood. Ethereum: A secure decentralised generalised transaction ledger, 2014. Google Scholar
  50. Tiancheng Xie, Jiaheng Zhang, Zerui Cheng, Fan Zhang, Yupeng Zhang, Yongzheng Jia, Dan Boneh, and Dawn Song. zkbridge: Trustless cross-chain bridges made practical. In CCS, pages 3003-3017. ACM, 2022. Google Scholar
  51. Maofan Yin, Dahlia Malkhi, Michael K. Reiter, Guy Golan-Gueta, and Ittai Abraham. Hotstuff: BFT consensus with linearity and responsiveness. In PODC, pages 347-356. ACM, 2019. Google Scholar
  52. Alexei Zamyatin, Mustafa Al-Bassam, Dionysis Zindros, Eleftherios Kokoris-Kogias, Pedro Moreno-Sanchez, Aggelos Kiayias, and William J. Knottenbelt. Sok: Communication across distributed ledgers. In Financial Cryptography (2), volume 12675 of LNCS, pages 3-36. Springer, 2021. Google Scholar
  53. Alexei Zamyatin, Nicholas Stifter, Aljosha Judmayer, Philipp Schindler, Edgar R. Weippl, and William J. Knottenbelt. A wild velvet fork appears! inclusive blockchain protocol changes in practice - (short paper). In Financial Cryptography Workshops, volume 10958 of LNCS, pages 31-42. Springer, 2018. Google Scholar
  54. Maksym Zavershynskyi. ETH-NEAR Rainbow Bridge, August 2020. URL:
Questions / Remarks / Feedback

Feedback for Dagstuhl Publishing

Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail