Paper 2023/1344

Analyzing the Real-World Security of the Algorand Blockchain

Fabrice Benhamouda, Algorand Foundation
Erica Blum, Reed College
Jonathan Katz, University of Maryland, College Park
Derek Leung, Massachusetts Institute of Technology
Julian Loss, Helmholtz Center for Information Security
Tal Rabin, University of Pennsylvania

The Algorand consensus protocol is interesting both in theory and in practice. On the theoretical side, to achieve adaptive security, it introduces the novel idea of player replaceability, where each step of the protocol is executed by a different randomly selected committee whose members remain secret until they send their first and only message. The protocol provides consistency under arbitrary network conditions and liveness under intermittent network partitions. On the practical side, the protocol is used to secure the Algorand cryptocurrency, whose total value is approximately $850M at the time of writing. The Algorand protocol in use differs substantially from the protocols described in the published literature on Algorand. Despite its significance, it lacks a formal analysis. In this work, we describe and analyze the Algorand consensus protocol as deployed today in Algorand’s ecosystem. We show that the overall protocol framework is sound by characterizing network conditions and parameter settings under which the protocol can be proven secure.

Available format(s)
Publication info
State Machine ReplicationAsynchronyBlockchain
Contact author(s)
fabrice benhamouda @ gmail com
ericablum @ reed edu
jkatz2 @ gmail com
dtl @ csail mit edu
loss @ cispa de
talr @ seas upenn edu
2023-11-23: revised
2023-09-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Fabrice Benhamouda and Erica Blum and Jonathan Katz and Derek Leung and Julian Loss and Tal Rabin},
      title = {Analyzing the Real-World Security of the Algorand Blockchain},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1344},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.