AT2: Asynchronous Trustworthy Transfers

Many blockchain-based protocols, such as Bitcoin, implement a decentralized asset transfer (or exchange) system. As clearly stated in the original paper by Nakamoto, the crux of this problem lies in prohibiting any participant from engaging in double-spending. There seems to be a common belief that consensus is necessary for solving the double-spending problem. Indeed, whether it is for a permissionless or a permissioned environment, the typical solution uses consensus to build a totally ordered ledger of submitted transfers. In this paper we show that this common belief is false: consensus is not needed to implement of a decentralized asset transfer system. We do so by introducing AT2 (Asynchronous Trustworthy Transfers), a class of consensusless algorithms. To show formally that consensus is unnecessary for asset transfers, we consider this problem first in the shared-memory context. We introduce AT2${SM}$, a wait-free algorithm that asynchronously implements asset transfer in the read-write shared-memory model. In other words, we show that the consensus number of an asset-transfer object is one. In the message passing model with Byzantine faults, we introduce a generic asynchronous algorithm called AT2${MP}$ and discuss two instantiations of this solution. First, AT2${D}$ ensures deterministic guarantees and consequently targets a small scale deployment (tens to hundreds of nodes), typically for a permissioned environment. Second, AT2${P}$ provides probabilistic guarantees and scales well to a very large system size (tens of thousands of nodes), ensuring logarithmic latency and communication complexity. Instead of consensus, we construct AT2${D}$ and AT2${P}$ on top of a broadcast primitive with causal ordering guarantees offering deterministic and probabilistic properties, respectively.

💡 Research Summary

The paper challenges the widely‑held belief that a total order (i.e., consensus) is indispensable for preventing double‑spending in decentralized asset‑transfer systems. It demonstrates, both theoretically and experimentally, that consensus can be completely avoided by relying only on causality among transfers.

Shared‑memory (crash‑stop) model
The authors first formalize the asset‑transfer object as a sequential type and prove that when each account has a single owner, the object’s consensus number is one. Their wait‑free algorithm AT2_SM uses an atomic snapshot array shared by all processes. Each process records its successful outgoing transfers in its own slot; reads are answered by taking a snapshot and computing the balance as initial balance plus all incoming amounts minus outgoing amounts. Because all outgoing transfers for a given account are stored in a single location, no coordination beyond read‑write registers is needed. This shows that total order is unnecessary; only the ability to read a consistent view of the system suffices.

Byzantine message‑passing model
In a setting with Byzantine faults, the paper introduces a generic framework AT2_MP that builds a decentralized transfer system on top of a secure broadcast primitive. Two concrete instantiations are provided:

• AT2_D (deterministic) – Implements a deterministic secure broadcast that guarantees all correct replicas deliver messages in the same order. The protocol is simple, uses only O(n²) messages, and scales to a few hundred nodes. Empirical evaluation shows 1.5×‑6× higher throughput and up to 2× lower latency compared with classic BFT consensus protocols (e.g., PBFT).

• AT2_P (probabilistic) – Uses probabilistic broadcast techniques (Erdős‑Rényi gossip, probabilistic double‑echo) to achieve O(log n) communication per transfer while still providing high‑probability agreement among >2/3 of the replicas. This version scales to tens of thousands of nodes and delivers sub‑second finality on a global network.

Both variants enforce causality‑based ordering rather than a global total order. Transfers that involve distinct accounts commute and can be applied in any order; only transfers that share a source account are ordered according to their causal dependencies (the source’s previous successful transfers). This partial‑order approach dramatically increases parallelism and reduces the coordination overhead that dominates traditional blockchain designs.

Generalization to k‑shared accounts
The authors extend the analysis to the case where up to k processes may share an account. They prove that the consensus number of such an object equals k, establishing a clear relationship between account sharing and required synchronization power.

Experimental results
AT2_D outperforms consensus‑based systems in small‑to‑medium deployments (≤100 replicas) with throughput improvements ranging from 1.5× to 6× and latency reductions up to 2×. AT2_P maintains sub‑second transfer latency even when deployed across thousands of nodes worldwide, with communication cost growing only logarithmically.

Impact and future work
By showing that total order is not required for safe asset transfer, the paper opens a new design space for blockchain and distributed ledger technologies. The causality‑centric, consensus‑free approach can be combined with smart‑contract execution, dynamic account ownership, and heterogeneous network topologies, offering a promising direction for scalable, energy‑efficient decentralized finance systems.