Adithya Bhat, Akhil Bandarupalli, Saurabh Bagchi, Aniket Kate; Michael K. Reiter (Duke University), "The Unique Chain Rule and its Applications," Accepted to appear at the 27th International Conference on Financial Cryptography and Data Security (FC), pp. 1-27, May 2023. (Acceptance rate: 41/182 = 22.5%)

Most existing Byzantine fault-tolerant State Machine Replication (SMR) protocols rely explicitly on either equivocation detection or quorum certificate formations to ensure protocol safety. These mechanisms inherently require $O(n^2)$ communication overhead among $n$ participating servers. This work proposes the Unique Chain Rule (UCR), a simple rule for hash chains where extending a block by including its hash in the next block, is treated as a vote for the proposed block \textit{and its ancestors}. When a block obtains a vote from at least one correct server, we can commit the block and its ancestors. While this idea was used implicitly earlier in conjunction with equivocation detection or quorum certificate generation, this work employs it explicitly to show safety.

We present three applications of UCR.\@ We design \emph{Apollo}, and \emph{Artemis}: two novel synchronous SMR protocols with linear best-case communication complexity using round-robin, and stable leaders, respectively as the first two applications. Next, we employ UCR in a black-box fashion toward making any SMR commits publicly verifiable, where clients will no longer have to wait for $2f+1$ confirmations on every block, where $\kappa$ is a security parameter and $f$ is the number of Byzantine faults tolerated by the protocol, but can instead collect a UCR proof consisting of $\min\p{\kappa, f}+1$ extensions on a block. This results in faster syncing times for clients as the publicly verifiable proofs can also be gossiped with every new block extension confirming a new block.