Prefix Consensus For Censorship Resistant BFT

Despite broad use of BFT consensus in blockchains, censorship resistance is weak: leaders can exclude transactions, a growing concern for trading and DeFi. We address this by introducing a new abstraction and protocol stack. First, we introduce \emph{Prefix Consensus}, where parties input vectors and output $(v^{\sf low},v^{\sf high})$ that (i) extend the maximum common prefix of honest inputs and (ii) satisfy $v_i^{\sf low}\preceq v_j^{\sf high}$ for all honest $i,j$. Unlike classical consensus, no single output is required. We show Prefix Consensus is solvable asynchronously and give tight round-complexity bounds. We then define \emph{Strong Prefix Consensus}, requiring agreement on the \emph{high} output. Our protocol is leaderless and partially synchronous: one Prefix Consensus instance decides (possibly different) lows, and additional instances yield a unique safe-to-extend high, even if an adversary can suspend one party per round. We lift this to a leaderless, multi-proposer, censorship-resistant BFT SMR protocol: per slot, all parties broadcast proposals, deterministically rank them, and run one Strong Prefix Consensus on proposal hashes, committing honest proposals in \emph{four rounds}. A deterministic demotion rule updates the ranking when a party’s proposal is excluded, implying that after GST at most $f$ slots can miss an honest proposal while progress remains leaderless under suspension and up to $f{-}1$ Byzantine faults. Finally, we connect Prefix Consensus to graded and binary/validated consensus: we obtain an optimal-latency graded consensus (3 message delays) and leaderless Binary/Validated Consensus with worst-case message complexity $O(n^3)$ and communication $O(n^4)$.

💡 Research Summary

The paper tackles the growing concern that leaders in blockchain BFT protocols can censor transactions, a problem especially acute for DeFi applications. To address this, the authors introduce a novel abstraction called Prefix Consensus. In this primitive each participant submits a vector of values and receives two output vectors, v_low and v_high. The low vector must extend the maximum common prefix of all honest inputs, while the high vector must extend the low vector and be comparable across all honest parties (v_low ⊑ v_high). Crucially, the primitive does not require a single common output, which enables a deterministic solution even in a fully asynchronous setting.

The authors prove that Prefix Consensus can be solved with exactly three communication rounds when the system satisfies the optimal resilience condition n = 3f + 1, and they provide a matching lower bound showing three rounds are necessary for n ≤ 4f. The protocol works by exchanging signed “prefix certificates” that allow parties to certify large sets of mutually consistent prefixes; these certificates guarantee that every honest party’s low output contains the common prefix of honest inputs, and that all high outputs are mutually comparable.

Building on this, the paper defines Strong Prefix Consensus, which adds the requirement that all honest parties agree on the high vector. The construction uses a view‑based approach: view 1 runs Prefix Consensus on the actual inputs and immediately commits the low vector; subsequent views run Prefix Consensus on vectors of certificates derived from earlier views. Once a non‑empty certificate vector is committed, it fixes the high vector of view 1, thereby achieving agreement on a single high output while still tolerating one suspended party per round under partial synchrony.

The main application is a multi‑slot, leaderless, multi‑proposer BFT state‑machine replication (SMR) protocol. In each slot every party broadcasts its proposal, orders all received proposals according to a deterministic ranking, and forms a length‑n hash vector. A single Strong Prefix Consensus instance on this vector yields:

• a low output that is immediately committed (the set of proposals that are guaranteed to be included), and
• a high output that is identical for all honest parties, allowing the slot to be finalized and the ranking for the next slot to be updated.

To enforce censorship resistance, the ranking is dynamically adjusted: after a slot, the first party whose proposal was excluded from the committed prefix is moved to the end of the ranking (demotion). Consequently, any Byzantine party can censor honest proposals at most once before being permanently demoted, guaranteeing that after the Global Stabilization Time (GST) at most f slots are censored (the “f‑censorship‑resistance” property). The protocol remains leaderless: progress is guaranteed even if an adversary can suspend one party each round, and it tolerates up to f − 1 Byzantine faults.

Beyond the core construction, the authors connect Prefix Consensus to other primitives. The lower bound for Prefix Consensus translates into a tight lower bound for graded consensus, and they present a graded consensus protocol that achieves the optimal three‑message‑delay latency, improving on the previous best of seven delays. Moreover, Strong Prefix Consensus can be used as a black‑box to implement leaderless binary and validated consensus with worst‑case message complexity O(n³) and total communication O(n⁴), improving over the prior O(n⁴) leaderless bound.

Additional contributions include optimistic variants with two‑round good‑case latency, a communication‑optimized version, and a two‑round protocol under the stronger assumption n ≥ 5f + 1. Overall, the work provides a rigorous formalization of censorship resistance, introduces a new consensus abstraction that is both theoretically elegant and practically useful, and delivers a concrete leaderless BFT protocol that achieves strong inclusion guarantees with low latency and optimal fault tolerance.