Censorship-Resistant BFT SMR Protocol

Updated 4 February 2026

The protocol is defined by its properties of eventual inclusion and invisibility until commit, ensuring all honest transactions are eventually recorded.
It leverages Prefix Consensus and Strong Prefix Consensus to achieve leaderless, asynchronous consensus with deterministic proposal ranking and minimal censorship windows.
Comparative analysis with techniques like Inclusion Lists, DA-CR, and DAG-based protocols highlights trade-offs in communication complexity, throughput, and robust censorship resistance.

A censorship-resistant Byzantine fault-tolerant state machine replication (BFT SMR) protocol is a distributed protocol that guarantees the persistent, timely inclusion of honest client transactions regardless of behaviors by any coalition of up to $f$ Byzantine replicas. Such protocols are a response to the fundamental weakness of traditional leader-based BFT consensus, where a malicious leader can selectively exclude (censor) transactions, thus undermining liveness and openness in distributed ledgers, decentralized financial systems, or data feeds.

1. Formalization and System Model

Censorship resistance in BFT SMR is typically formalized via two properties: eventual inclusion (every honest transaction is eventually committed), and invisibility until commit (no party learns transaction content before commitment, preventing adaptive censorship and MEV exploitation) (Xie et al., 2 Jan 2025, Alpos et al., 4 Apr 2025). For a protocol over $n$ replicas with $f$ Byzantine processes, explicit notation and metrics include:

$n \geq 3f+1$ for classical protocols (or $n = 2f+1$ under TEE-based designs)
Network models: asynchronous ( $\delta$ unbounded message delay), partially synchronous (messages delivered within $\Delta$ after GST)
Per-transaction max censorship $\Delta_c$ : Maximum protocol epochs a transaction can be delayed despite honest submission.

Short-term censorship-resistance specifically requires $\Delta_c$ to be bounded independently of the adversary’s persistence, ideally $\Delta_c = 0$ or $1$ (Alpos et al., 4 Apr 2025, Xue et al., 2023). For example, classical leader-based BFT has $\Delta_c \leq f \cdot PP$ (where $PP$ is proposal period) due to $f$ possible consecutive malicious leaders.

2. Prefix Consensus and Strong Prefix Consensus

Prefix Consensus (PC) (Xiang et al., 2 Feb 2026) redefines agreement in terms of vector prefixes. Each party $i$ inputs a vector $v_i^{in} \in V^\ell$ and outputs $(v_i^{low}, v_i^{high})$ such that:

Upper Bound: $\forall$ honest $i,j$ : $v_i^{low} \preceq v_j^{high}$
Validity: $\mathrm{mcp}\bigl(\{v_h^{in}\}_{h\in\mathcal{H}}\bigr) \preceq v_i^{low}$ for honest $i$
Termination: Every honest party eventually outputs

Strong Prefix Consensus (SPC) adds the Agreement property: $\forall$ honest $i,j$ : $v_i^{high} = v_j^{high}$ .

This abstraction departs from classical binary output, enabling leaderless and asynchronous constructions with efficient worst-case guarantees. The PC protocol achieves three-round asynchronous consensus for $n=3f+1$ , using round-by-round quorum certificates with explicit prefix and minimum common extension computations.

A key technical insight: only prefix consistency (and not full agreement) is required for intermediate agreements, making PC solvable in three asynchronous rounds while classical consensus lower bounds require at least four (Xiang et al., 2 Feb 2026). The transition to SPC introduces commitment to agreed prefixes, leveraging iterative PC invocations (potentially across shifted rankings), yielding deterministic, leaderless consensus even under partial synchrony and adversarial suspension of one party per round.

3. Leaderless Multi-Proposer SMR Construction

A multi-proposer BFT SMR protocol based on SPC is constructed by running one SPC instance per chain slot:

All $n$ replicas broadcast their proposals (vector of client transactions) per slot.
Proposals are deterministically ranked (initially arbitrary, later updated by demotion rule).
An SPC instance is run on proposal hashes (ordered by ranking).
Commit occurs once the SPC-low prefix includes all honest proposals; the SPC-high vector finalizes the slot.

After GST, if a malicious party is excluded from the prefix, the deterministic demotion rule places it at the end of the ranking, guaranteeing at most $f$ slots where any honest proposal can be censored [(Xiang et al., 2 Feb 2026), Thm 5.2]. Liveness persists under one suspension per round (adversarial), with commit latency $4\Delta+3\delta$ per slot.

The protocol achieves leaderless operation, minimal censorship window, and deterministic resolution of proposal inclusion, directly addressing the limitations of classical linear-leader BFT consensus.

4. Comparative Approaches: Inclusion Lists, Data Availability, and DAG-Based Protocols

Alternative approaches for censorship-resistant BFT SMR include:

Inclusion Lists (IL): Every replica assembles and signs an inclusion list of all pending transactions seen; leader must propose a block that deterministically merges at least $n-f$ such lists. If a client’s transaction reaches $f+1$ honest replicas, it appears in the block within one epoch ( $\Delta_c = 0$ ), regardless of leader behavior. IL can be combined with external data availability, reliable broadcast, or gossip, trading bandwidth and latency (Alpos et al., 4 Apr 2025). The core argument: the merged set must include at least one honest inclusion list containing any un-censored transaction.

Data Availability–Censorship Resistance (DA-CR): Modular DA-CR layers, as in BigDipper, enforce block inclusion of per-replica mini-blocks through attestation and erasure-coded polynomial commitments. Three variants (Vanilla, Card, Card-Lite) balance accountability, threshold guarantees (minimum $t$ honest mini-blocks per block), and detection probability of tampering (Xue et al., 2023). Integration into leader-based HotStuff-2 ensures a block is not committed unless sufficient honest mini-blocks are included and verified, tightly bounding the adversarial censorship window.

DAG-Based Protocols and TEE Components (e.g., Fides): Protocols employing a directed acyclic graph (DAG) structure offload key functionalities—reliable broadcast, vertex validation, common coin, and delayed decryption—into TEEs, reducing quorum size ( $n=2f+1$ ), providing linear communication, and ensuring that no transaction can be observed or censored before commit (Xie et al., 2 Jan 2025). TEEs enforce equivocation-freedom, causal inclusion, and randomness for leader election, collectively thwarting front-running, reordering, and persistent transaction omission.

5. Connections to Other Consensus Primitives

Prefix Consensus generalizes and interacts with several important primitives:

Graded Consensus: By mapping PC outputs $(v^{low}, v^{high})$ to graded values, the protocol yields optimal three-round asynchronous graded consensus for $n\leq 4f$ (Xiang et al., 2 Feb 2026).
Binary and Validated Consensus: SPC instantiated on bit vectors implements leaderless binary consensus with worst-case $O(n^3)$ message complexity. For validated consensus, off-chain collection and on-chain SPC yield correctness with $O(n^3)$ messages and $O(n^4)$ communication.
Consensusless Payment Systems: Protocols such as FastPay and Astro achieve $\Delta_c = 0$ censorship by removing block leaders entirely, relying on direct threshold signatures or x-logs, at the cost of robustness under partial network synchrony (Alpos et al., 4 Apr 2025).

6. Security Properties, Proof Sketches, and Performance

Protocols are analyzed with rigorous liveness and safety arguments:

Safety: Prefix and strong prefix consensus guarantee, via quorum intersection and parent-pointing induction, that no two honest replicas commit inconsistent or divergent transaction sets (Xiang et al., 2 Feb 2026, Xue et al., 2023).
Liveness: Deterministic round-bound termination (3 rounds for PC, 3 $\delta$ for SPC under synchrony), with protocol-specific measures to ensure progress even under asynchrony and adversarial suspension.
Leaderless termination: Persistent progress under targeted “leader” suspensions, ensured through cyclic rank-shifting and proposal collection schemes (Xiang et al., 2 Feb 2026).

Performance analysis reveals that modern protocols achieve hundreds of thousands of transactions per second (e.g., Fides: 810K tx/s on LAN with SGX, 400K tx/s geo-distributed) (Xie et al., 2 Jan 2025). DAG and erasure-coded DA-CR strategies scale linearly, while classical approaches are generally bottlenecked by $O(n^2)$ all-to-all communication. Censorship-resistant designs are empirically unaffected by MEV/Front-Run stress and exhibit minimal commit delays even under partial synchrony or adversarial messaging.

Protocol	Censorship Bound $\Delta_c$	Communication	Throughput (LAN; WAN)
Leader-based (PBFT)	$f\cdot PP$	$O(n^2)$	$<$ 100K tx/s
Inclusion Lists (IL)	$0$ (1 epoch)	$O(n\|\mathrm{IL}\|)$	$>$ 100K tx/s
DAG/TEE (Fides)	$0$	$O(n)$	810K / 400K tx/s
DA-CR (BigDipper Card-Lite)	$0$ (1 block)	$O(b+\lambda\log n)$	Hyperscale

7. Design Principles and Trade-offs

Critical aspects extracted from comparative analysis and rigorous constructions include:

Decoupling data availability and ordering improves robustness and censorship-resistance.
Constraining block assembly via signed replica inputs, consensus on inclusion lists, or data-availability proofs neutralizes a single block-builder’s power.
Deterministic tie-breaking and ranking rules preclude strategic or covert exclusion.
Quorum minimization and TEE augmentation yield linear complexity and strong invisibility guarantees.
Configurable parameters (e.g., DA-CR’s $t$ , $ρ$ , $η$ ; IL list length and merging) enable protocols to trade trust, throughput, and level of censorship-resistance.

Protocols in this class are applicable to DeFi, fair sequencing, and any context where transaction non-omission is critical for system integrity. These designs represent the current state of the art in provably censorship-resistant BFT SMR, overcoming the core deficiencies of classical leader-based consensus protocols (Xiang et al., 2 Feb 2026, Xie et al., 2 Jan 2025, Alpos et al., 4 Apr 2025, Xue et al., 2023).