Nibesh Shrestha

Want a gentle intro to distributed computing for blockchain? I've been turning my notes "Consensus in 50 pages" into a short book called “A Quick Consensus”. Most of the way through, and what's there should already serve as a rigorous but accessible intro to the essentials. Covered: Tendermint, PBFT, HotStuff, Simplex, accountability, player reconfiguration, asynchronous SMR (and a bunch more). Still to add: erasure coding, DAG protocols, 2-round finality, recovery, and the Pipes model. Current draft (updated frequently): Lewis-Pye.com

📍 Tuesday, April 28, 15:45–17:30 (Track B) I’ll present “Towards Improving Throughput and Scalability of DAG-based BFT SMR” on behalf of @nibeshrestha2 and @aniketpkate. Paper link: eprint.iacr.org/2025/877.pdf

I am pleased to announce that @SUPRA_Labs 's social recovery scheme ANARKey got accepted into EuroS&P'26. It is one of the top-tier venues for security and crypto papers. The idea of social key recovery was proposed by @VitalikButerin, and we built ANARKey keeping that in mind. Here, wallet holders backup and recover their keys among their community without relying on external guardians/entities or storing any additional data. It works with both hot wallets and cold wallets that follow the standardized RFC6979 spec. The full version can be found here: eprint.iacr.org/2025/551 This is a joint work with @aniketpkate , @thehumzasaleem , @pratyaycrypto (Hashgraph), and Bhaskar Roberts (UC Berkley).

There is a difference between exiting a view and entering a view. Exiting a view does not necessarily mean entering a new view. It could simply mean not sending additional messages in the view. From the above context, this is likely the case. Also, it is likely safe to vote for the leader block even after sending the vote for the dummy block. However, since the node did not receive any proposal within the view duration, likely it is a bad view. So, not voting for the block proposal would be better. If there is no block certificate in the view, other nodes will also vote for the dummy block and with a dummy block certificate enter a higher view. So, no problem with liveness

It would for example allow a node to (safely!) vote for a leader block proposal even after having sent a view-change vote for the dummy block. Aka nodes can vote for both leader proposal and dummy-block, in either order. What matters is they exit on first QC they see (afaiu).

@ittaia big thanks to Ling Ren for writing decentralizedthoughts.github.io/2025-06-18-sim…. Q: I think the highlighted sentence is inaccurate, and that nodes only exit view k after forming a view-change cert?

Can we analytically determine the performance (throughput, latency) of a protocol? Here’s a tutorial on DecentralizedThoughts that explains how to do it, using Bracha’s RBC as an example. With @AndrewLewisPye and @nibeshrestha2 decentralizedthoughts.github.io/2026-02-13-pip…

Here’s a cheat sheet on the progress of partial synchrony protocols, reflecting what I mapped and explained in this podcast episode with @soubhik_deb decentralizedthoughts.github.io/2026-02-02-ps-…

DAG-based consensus in TLA+: github.com/nano-o/dag-con…

New DKG protocol by @SUPRA_Labs. eprint.iacr.org/2026/072.pdf It is tailored for running DKG protocols over the blockchain, and it uses the underlying blockchain for its consensus mechanism to improve the efficiency of existing DKG protocols. Additionally, we use a random beacon to sample a smaller committee of dealer nodes (among a larger set), yielding 3x improvements for 256 nodes. From a theoretical standpoint, we identify that the DKG functionalities in Katz's paper and our CCS'24 Class-Group VSS paper model an adversary to bias the final public key of the DKG and individual public keys of the adversary. However, the protocols realizing those functionalities allow an adversary to additively bias the individual public keys of the honest parties as well. We propose an ideal functionality that correctly models this adversarial behaviour. Joint work with @aniketpkate , @pratyaycrypto , @nibeshrestha2 , @thehumzasaleem and David Yang.

Happy to share that our work on Hydrangea, a new consensus protocol from @SUPRA_Labs , has been accepted at USENIX Security' 26. Hydrangea achieves optimistic two-round commit with stronger fault resilience than prior work. For a system with n=3f+2c+k+1, it commits in two rounds with up to p~=(c+k)/2 faults, and in three rounds with up to f Byzantine and c crash faults. We also show this resilience is (nearly) optimal for optimistic two-round commit. Paper Link: eprint.iacr.org/2025/1112

ZK lets you prove something without revealing anything… But today we're revealing our gratitude. @aniketpkate, Gregory Zaverucha & Ian Goldberg won the IACR Test-of-Time Award. Thank you for building the foundation of ZK in 2010. #ZKProofs

@ittaia @samlafer Also, do check our Hydrangea consensus (eprint.iacr.org/2025/1112.pdf) with support for optimistic 2 round commit without sacrificing resilience!

@samlafer And the fast path slow path simplex style intro (kudzu and alpenglow) decentralizedthoughts.github.io/2025-07-29-2-r…

Fault Tolerant Frenz hosting a Christmas "Learn yourself the hottest Consensus in town" mini-series: 1. PBFT/Tendermint/Hotstuff 2. Simplex (used by commonware and Solana alpenglow) 3. Minimmit (with special @commonwarexyz guest 🤫🎅) 2 weeks each. ask dumb questions. have fun.

Excited that our paper Optimistic, Signature-Free Reliable Broadcast and Its Applications received a distinguished paper award at ACM CCS 2025. with @nibeshrestha2, Qianyu Yu, @giuliano_losa, @aniketpkate, @wang_xuechao

What connects MPC, blockchain scalability, and post-quantum security? Find out at ACM CCS 2025, starting tomorrow in Taiwan, where we’re presenting two awesome projects! Tomorrow @akhilsai2712 will present Velox, PQ-secure MPC that is ready for real-world use. (paper: eprint.iacr.org/2025/1630 code: github.com/akhilsb/Velox-…) On Thursday, @giuliano_losa will present a framework for two-round, optimistic distributed computing protocols, such as reliable broadcast, VSS, and AVID. With Sailfish++, we show that PQ-secure blockchains can be efficient now. (paper: arxiv.org/abs/2505.02761 code: github.com/qyu100/SFSailf…) project led by @nibeshrestha2 and Qianyu Yu

@B_Chou @alranpe @toghrulmaharram Under partial synchrony, equivocation is still possible with Rotor.

@alranpe @toghrulmaharram Even if the leader is Byzantine, block dissemination via Rotor is presumed to prevent equivocation (see Assumption 3 in Alpenglow whitepaper 1.1)

Did a comparison between some of the newest consensus mechanisms that I find cool

@AptosLabs Optimistic proposals was introduced in our Moonshot consensus protocol (dsn2024uq.github.io/Proceedings/pd…) . Any differences?

Aptos leads the industry with ~100ms block times. Velociraptr (AIP-131), the latest update in Raptr technology, cuts that down by ~40% ⚡ This brings the Aptos Global Trading Engine closer to real-time responsiveness, unlocking next-gen speed for onchain money movement.

@Sei_Labs Is it AM or PM?

Join us August 29 at 05:45 Eastern Time, 11:45 Central European Time.

What are the technical challenges of building a leading blockchain? Meet the brilliant researchers from @anza_xyz, the team behind @Solana's new Alpenglow consensus protocol. As the Solana community votes on Alpenlgow, we explore this novel consensus protocol.

@SashaSpiegelman @toly @Sol_omo_n With Hydrangea, we can optimistic two round without sacrificing resilience. Do check eprint.iacr.org/2025/1112

@toly @Sol_omo_n There is a trade-off that I hope your researchers told you. If you want to go faster than 3 hops, you need to sacrifice resilience.

100 ms block time is yesterday's news for Aptos. By the time Solana reaches 100 ms block times, we will already be at 10. Aptos is always 10x faster.

@kartik1507 @LefKok @ittaia @ElodinStorm The 3 round commit can still happen if there are more than f faults ( f Byzantine + some more weaker faults).

@LefKok @ittaia @ElodinStorm p is just a parameter, f is the number of faults. The 2-round protocol can have up to p Byzantine for liveness (since we need n-p votes). The 3-round protocol can have up to f Byzantine for liveness.

Decentralized thoughts on Concurrent 2-round and 3-round Simplex-style BFT with @ElodinStorm , @kartik1507 , and Ling Ren decentralizedthoughts.github.io/2025-07-29-2-r…