Paper 2022/1442

FairPoS: Input Fairness in Proof-of-Stake with Adaptive Security

James Hsin-yu Chiang, Technical University of Denmark
Bernardo David, IT University of Copenhagen
Ittay Eyal, Technion – Israel Institute of Technology
Tiantian Gong, Purdue University West Lafayette

We present “FairPoS”, the first blockchain protocol that achieves input fairness with adaptive security. Here, we introduce a novel notion of “input fairness”: the adversary cannot learn the plain-text of any finalized client input before it is include in a block in the chain’s common-prefix. Should input fairness hold, input ordering attacks which depend on the knowledge of plain-text of client inputs are thwarted. In FairPoS, input fairness with adaptive security is achieved by means of the delay encryption scheme of DeFeo et al., a recent cryptographic primitive related to time-lock puzzles, allowing all client inputs in a given round to be encrypted under the same key, which can only be extracted after enough time has elapsed. In contrast, alternative proposals that prevent input order attacks by encrypting user inputs are not adaptively secure as they rely on small static committees to perform distributed key generation and threshold decryption for efficiency’s sake. Such small committees are easily corrupted by an adaptive adversary with a corruption budget applicable over a large set of participants in a permissionless blockchain system. The key extraction task in delay encryption can, in principle, be performed by any party and is secure upon adaptive corruption, as no secret key material is learned. However, the key extraction requires highly specialized hardware in practice. Thus, FairPoS requires resource-rich, staking parties to insert extracted keys to blocks which enables light-clients to decrypt past inputs. Note that naive application of key extraction can result in chain stalls lasting the entire key extraction period. In FairPoS, this is addressed by a novel longest-extendable-chain rule. We formally prove that FairPoS achieves input fairness and the original security of Ouroborous Praos against an adaptive adversary.

Note: Minor update.

Available format(s)
Cryptographic protocols
Publication info
Delay Encryption Proof-of-Stake Front-running Blockchain
Contact author(s)
jchi @ dtu dk
bernardo @ bmdavid com
ittay @ technion ac il
tg @ purdue edu
2022-10-26: revised
2022-10-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {James Hsin-yu Chiang and Bernardo David and Ittay Eyal and Tiantian Gong},
      title = {FairPoS: Input Fairness in Proof-of-Stake with Adaptive Security},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1442},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.