pith. sign in

arxiv: 2606.27250 · v1 · pith:RAVQYU2Hnew · submitted 2026-06-25 · 💻 cs.CR · cs.DC

Tilikum: Transaction Fair Ordering on a DAG without Weak Edges

Pith reviewed 2026-06-26 03:19 UTC · model grok-4.3

classification 💻 cs.CR cs.DC
keywords fair orderingDAG consensusreordering attacksmedian timestampblockchain extractable valueordering linearizabilityDeFi securitytransaction ordering
0
0 comments X

The pith

Tilikum achieves fair transaction ordering on DAGs without weak edges using median-based timestamp aggregation.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper presents Tilikum as a DAG-based ledger protocol for fair transaction ordering. It uses median-based timestamp aggregation to achieve ordering linearizability and batch order fairness without weak edges. This is important for protecting DeFi applications from reordering attacks on scalable DAG systems. The protocol also ensures low data redundancy and robust garbage collection. Tests show it provides much higher throughput than existing fair-ordering methods while stopping attacks.

Core claim

Tilikum is a DAG-based ledger protocol that ensures fair transaction ordering without relying on weak edges. It achieves ordering linearizability by leveraging median-based timestamp aggregation, or batch order fairness, while maintaining low data redundancy and robust garbage collection. Implementation in Rust shows up to 39 times higher throughput than baselines such as Narwhal/Tusk, Pompē, Themis and FairDAG, and it fully blocks state-of-the-art DAG-specific reordering attacks.

What carries the argument

Median-based timestamp aggregation (batch order fairness) on a DAG without weak edges

If this is right

  • Achieves up to 39 times higher throughput than other fair-ordering baselines.
  • Fully blocks state-of-the-art DAG-specific reordering attacks.
  • Maintains low data redundancy.
  • Enables robust garbage collection.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The median aggregation method could be integrated into other DAG protocols to provide similar fairness.
  • This could allow DeFi to scale on DAGs without sacrificing security against BEV extraction.
  • Testing under different network latencies could further validate the approach.

Load-bearing premise

That the median-based timestamp aggregation ensures fair ordering linearizability and blocks reordering attacks without introducing new vulnerabilities or relying on unstated assumptions about the network or timestamps.

What would settle it

A successful reordering attack on a Tilikum ledger or measured throughput not exceeding the baselines under attack scenarios.

Figures

Figures reproduced from arXiv: 2606.27250 by Giulio Segalini, J\'er\'emie Decouchant, Marko Putnik, Yigit \c{C}olako\u{g}lu.

Figure 1
Figure 1. Figure 1: Structure of Tilikum’s DAG. Each round contains a [PITH_FULL_IMAGE:figures/full_fig_p004_1.png] view at source ↗
Figure 3
Figure 3. Figure 3: Ordering Linearizability — Execution latency ( [PITH_FULL_IMAGE:figures/full_fig_p010_3.png] view at source ↗
Figure 5
Figure 5. Figure 5: γ-batch-order-fairness— Execution latency (↓) depend￾ing on transaction input rate (n = 16) colocated. Transactions have a fixed size of 128 bytes. Pompe’s ¯ implementation is based on libhotstuff which does not exchange transactions, it instead reaches consensus on their 32 bytes cryptographic hash digest, assuming that the actual transaction is sent for execution when confirmed. FairDAG’s implementation … view at source ↗
Figure 7
Figure 7. Figure 7: Execution throughput (↑) depending on the actual number of faulty parties (n = 16, with respectively up to 5 and 3 faults with OL and BOF) [PITH_FULL_IMAGE:figures/full_fig_p011_7.png] view at source ↗
Figure 8
Figure 8. Figure 8: Execution latency (↓) depending on the number of faulty parties (n = 16) data needs to be exchanged more times, is reduced on average by a factor of 4 when compared to Narwhal/Tusk [11]. Tilikum-OL remains faster than Pompe [ ¯ 7], with throughput of 14,000 tx/s at N = 10, around 39 times higher on average, and 4,600 tx/s at N = 25, 81 times higher. Pompe’s runs ¯ vary by an order of magnitude in both thro… view at source ↗
Figure 10
Figure 10. Figure 10: Ordering linearizability — Execution latency ( [PITH_FULL_IMAGE:figures/full_fig_p012_10.png] view at source ↗
Figure 12
Figure 12. Figure 12: γ-batch-order-fairness — Execution latency (↓) depending on system size parties have a very limited impact on the throughput of Tilikum-OL, as seen in [PITH_FULL_IMAGE:figures/full_fig_p012_12.png] view at source ↗
read the original abstract

Decentralized Finance (DeFi) applications rely heavily on the order in which transactions are executed, making them susceptible to reordering attacks that enable adversaries to extract Blockchain Extractable Value (BEV). While linear blockchain systems such as Ethereum have inspired extensive research into fair ordering mechanisms, DAG-based consensus protocols have remained largely unprotected despite their growing adoption for scalability and performance. In this paper, we introduce Tilikum, a DAG-based ledger protocol that ensures fair transaction ordering without relying on weak edges. Tilikum achieves ordering linearizability by leveraging median-based timestamp aggregation, or batch order fairness, while maintaining low data redundancy and robust garbage collection. We implemented Tilikum in Rust and evaluated it against representative baselines, namely Narwhal/Tusk, Pomp\=e, Themis and FairDAG. Our results show that Tilikum achieves up to $39\times$ higher throughput than other fair-ordering baselines, while fully blocking state-of-the-art DAG-specific reordering attacks.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 0 minor

Summary. The paper introduces Tilikum, a DAG-based ledger protocol that ensures fair transaction ordering without relying on weak edges. It achieves ordering linearizability via median-based timestamp aggregation (or batch order fairness), with low data redundancy and robust garbage collection. Implemented in Rust, Tilikum is evaluated against Narwhal/Tusk, Pompé, Themis, and FairDAG, claiming up to 39× higher throughput while fully blocking state-of-the-art DAG-specific reordering attacks.

Significance. If substantiated, the result would be significant for protecting DeFi on scalable DAG protocols from BEV via reordering attacks. The approach of median-based aggregation without weak edges could offer a new design point for fair ordering in high-throughput ledgers. No machine-checked proofs, reproducible code, or parameter-free derivations are mentioned.

major comments (2)
  1. [Abstract] Abstract: the central claims of 'up to 39× higher throughput' and 'fully blocking state-of-the-art DAG-specific reordering attacks' are stated with no description of experimental setup, attack model, timestamp assumptions, or how median aggregation ensures linearizability. These claims are load-bearing for the paper's contribution but cannot be assessed from the provided information.
  2. [Abstract] Abstract: the weakest assumption—that median-based timestamp aggregation blocks reordering attacks without new vulnerabilities or unstated network/timestamp assumptions—is presented without any supporting argument or counterexample analysis, making soundness unverifiable.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their comments on the abstract. We address each point below, noting that the abstract is a concise summary while the full manuscript contains the requested details on setups, models, assumptions, and analyses.

read point-by-point responses
  1. Referee: [Abstract] Abstract: the central claims of 'up to 39× higher throughput' and 'fully blocking state-of-the-art DAG-specific reordering attacks' are stated with no description of experimental setup, attack model, timestamp assumptions, or how median aggregation ensures linearizability. These claims are load-bearing for the paper's contribution but cannot be assessed from the provided information.

    Authors: The abstract provides a high-level summary of results, as is conventional. The experimental setup and throughput comparisons (against Narwhal/Tusk, Pompé, Themis, and FairDAG) appear in Section 6. The attack model, timestamp assumptions, and reordering resistance are defined in Section 3. How median-based aggregation ensures linearizability (including batch order fairness) is formalized in Section 4. These sections allow full assessment of the claims from the complete manuscript. revision: no

  2. Referee: [Abstract] Abstract: the weakest assumption—that median-based timestamp aggregation blocks reordering attacks without new vulnerabilities or unstated network/timestamp assumptions—is presented without any supporting argument or counterexample analysis, making soundness unverifiable.

    Authors: The abstract states the approach at a summary level. The supporting arguments, including why median aggregation blocks reordering attacks, analysis of potential new vulnerabilities, explicit network/timestamp assumptions, and counterexample considerations, are provided in Sections 3 (assumptions and threat model), 4 (protocol and linearizability arguments), and 5 (security analysis and attack evaluations). Soundness is verifiable from the full manuscript. revision: no

Circularity Check

0 steps flagged

No significant circularity; derivation chain not present in visible text

full rationale

The abstract and available text present Tilikum as an implemented protocol whose fairness properties are demonstrated via Rust evaluation against baselines (Narwhal/Tusk, Pompē, Themis, FairDAG) and throughput numbers. No equations, timestamp aggregation definitions, linearizability proofs, or self-citations appear in the supplied material. The central claim (median-based aggregation yields ordering linearizability) is stated as a design outcome rather than derived from prior fitted parameters or author-only uniqueness theorems. Without load-bearing steps that reduce to inputs by construction, the circularity score is 0.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

Abstract contains no information on free parameters, axioms, or invented entities.

pith-pipeline@v0.9.1-grok · 5719 in / 929 out tokens · 54004 ms · 2026-06-26T03:19:47.046717+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

42 extracted references · 1 linked inside Pith

  1. [1]

    Bitcoin: A peer-to-peer electronic cash system

    S. Nakamoto. “Bitcoin: A peer-to-peer electronic cash system”. In: (2008)

  2. [2]

    Ethereum: A secure decentralised generalised transaction ledger

    G. Wood et al. “Ethereum: A secure decentralised generalised transaction ledger”. In:Ethereum project yellow paper151.2014 (2014), pp. 1–32

  3. [3]

    DeFi: Decentralized finance-an introduction and overview

    P. Schueffel. “DeFi: Decentralized finance-an introduction and overview”. In:Journal of Innovation Management9.3 (2021), pp. I–XI. 13

  4. [4]

    2024.URL: https://explore

    Flashbot.Flashbot MEV Explore. 2024.URL: https://explore. flashbots.net/ (visited on 06/12/2024)

  5. [5]

    Flash boys 2.0: Frontrunning, transaction reordering, and consensus instability in decentral- ized exchanges

    P. Daian, S. Goldfeder, T. Kell, Y . Li, X. Zhao, I. Bentov, L. Breidenbach, and A. Juels. “Flash boys 2.0: Frontrunning, transaction reordering, and consensus instability in decentral- ized exchanges”. In:arXiv preprint arXiv:1904.05234(2019)

  6. [6]

    Order- fairness for byzantine consensus

    M. Kelkar, F. Zhang, S. Goldfeder, and A. Juels. “Order- fairness for byzantine consensus”. In:Advances in Cryptology– CRYPTO 2020: 40th Annual International Cryptology Confer- ence, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III 40. Springer. 2020, pp. 451–480

  7. [7]

    Byzantine ordered consensus without byzantine oligarchy

    Y . Zhang, S. Setty, Q. Chen, L. Zhou, and L. Alvisi. “Byzantine ordered consensus without byzantine oligarchy”. In:14th USENIX Symposium on Operating Systems Design and Im- plementation (OSDI 20). 2020, pp. 633–649

  8. [8]

    Practical Byzantine Fault Tolerance

    M. Castro and B. Liskov. “Practical Byzantine Fault Tolerance”. In:OSDI. 1999

  9. [9]

    HotStuff: BFT consensus with linearity and responsiveness

    M. Yin, D. Malkhi, M. K. Reiter, G. G. Gueta, and I. Abraham. “HotStuff: BFT consensus with linearity and responsiveness”. In:Proceedings of the 2019 ACM Symposium on Principles of Distributed Computing. 2019, pp. 347–356

  10. [10]

    All you need is DAG

    I. Keidar, E. Kokoris-Kogias, O. Naor, and A. Spiegelman. “All you need is DAG”. In:Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing. 2021, pp. 165–175

  11. [11]

    Narwhal and tusk: a dag-based mempool and efficient bft consensus

    G. Danezis, L. Kokoris-Kogias, A. Sonnino, and A. Spiegelman. “Narwhal and tusk: a dag-based mempool and efficient bft consensus”. In:Proceedings of the Seventeenth European Conference on Computer Systems. 2022, pp. 34–50

  12. [12]

    Bullshark: Dag bft protocols made practical

    A. Spiegelman, N. Giridharan, A. Sonnino, and L. Kokoris- Kogias. “Bullshark: Dag bft protocols made practical”. In:Pro- ceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 2022, pp. 2705–2718

  13. [13]

    Mahi-mahi: Low-latency asyn- chronous bft dag-based consensus

    P. Jovanovic, L. Kokoris-Kogias, B. Kumara, A. Sonnino, P. Tennage, and I. Zablotchi. “Mahi-mahi: Low-latency asyn- chronous bft dag-based consensus”. In:2025 IEEE 45th International Conference on Distributed Computing Systems (ICDCS). IEEE. 2025, pp. 549–559

  14. [14]

    Starfish: A high throughput BFT protocol on uncertified DAG with linear amortized communication complexity

    N. Polyanskii, S. Mueller, and I. V orobyev. “Starfish: A high throughput BFT protocol on uncertified DAG with linear amortized communication complexity”. In:Cryptology ePrint Archive(2025)

  15. [15]

    No fish is too big for flash boys! frontrunning on DAG-based blockchains

    J. Zhang and A. Kate. “No fish is too big for flash boys! frontrunning on DAG-based blockchains”. In:2025 IEEE Annual Computer Security Applications Conference (ACSAC). IEEE. 2025, pp. 1065–1080

  16. [16]

    Order Fairness Evaluation of DAG-based ledgers

    E. Mahe and S. Tucci-Piergiovanni. “Order Fairness Evaluation of DAG-based ledgers”. In:arXiv preprint arXiv:2502.17270 (2025)

  17. [17]

    FairDAG: Consensus Fairness over Multi-Proposer Causal Design

    D. Kang, J. Chen, T. T. A. Dinh, and M. Sadoghi. “FairDAG: Consensus Fairness over Multi-Proposer Causal Design”. In: VLDB. 2026

  18. [18]

    Themis: Fast, strong order-fairness in byzantine consensus

    M. Kelkar, S. Deb, S. Long, A. Juels, and S. Kannan. “Themis: Fast, strong order-fairness in byzantine consensus”. In:Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security. 2023, pp. 475–489

  19. [19]

    Mysticeti: Reaching the Latency Limits with Uncertified DAGs

    K. Babel, A. Chursin, G. Danezis, A. Kichidis, L. Kokoris- Kogias, A. Koshy, A. Sonnino, and M. Tian. “Mysticeti: Reaching the Latency Limits with Uncertified DAGs”. In:32nd Annual Network and Distributed System Security Symposium, NDSS 2025, San Diego, California, USA, February 24-28, 2025. The Internet Society, 2025

  20. [20]

    Shoal: Improving dag-bft latency and robustness

    A. Spiegelman, B. Arun, R. Gelashvili, and Z. Li. “Shoal: Improving dag-bft latency and robustness”. In:International Conference on Financial Cryptography and Data Security. Springer. 2024, pp. 92–109

  21. [21]

    Shoal++: High Throughput {DAG}{BFT} Can Be Fast and Robust!

    B. Arun, Z. Li, F. Suri-Payer, S. Das, and A. Spiegelman. “Shoal++: High Throughput {DAG}{BFT} Can Be Fast and Robust!” In:22nd USENIX Symposium on Networked Systems Design and Implementation (NSDI 25). 2025, pp. 813–826

  22. [22]

    Byzantine Consensus in the Random Asynchronous Model

    G. Danezis, J. Komatovic, L. Kokoris-Kogias, A. Sonnino, and I. Zablotchi. “Byzantine Consensus in the Random Asynchronous Model”. In:39th International Symposium on Distributed Computing (DISC 2025). V ol. 356. Leibniz International Pro- ceedings in Informatics (LIPIcs). Dagstuhl, Germany: Schloss Dagstuhl – Leibniz-Zentrum für Informatik, 2025, 28:1–28:22

  23. [23]

    Lyra: Fast and scalable resilience to reordering attacks in blockchains

    P. Zarbafian and V . Gramoli. “Lyra: Fast and scalable resilience to reordering attacks in blockchains”. In:2023 IEEE Interna- tional Parallel and Distributed Processing Symposium (IPDPS). IEEE. 2023, pp. 929–939

  24. [24]

    Re- silientdb: Global scale resilient blockchain fabric

    S. Gupta, S. Rahnama, J. Hellings, and M. Sadoghi. “Re- silientdb: Global scale resilient blockchain fabric”. In:arXiv preprint arXiv:2002.00160(2020)

  25. [25]

    A medium-scale distributed system for computer science research: Infrastructure for the long term

    H. Bal, D. Epema, C. De Laat, R. Van Nieuwpoort, J. Romein, F. Seinstra, C. Snoek, and H. Wijshoff. “A medium-scale distributed system for computer science research: Infrastructure for the long term”. In:Computer49.5 (2016), pp. 54–63

  26. [26]

    Wendy, the Good Little Fairness Widget: Achiev- ing Order Fairness for Blockchains

    K. Kursawe. “Wendy, the Good Little Fairness Widget: Achiev- ing Order Fairness for Blockchains”. In:AFT ’20: 2nd ACM Conference on Advances in Financial Technologies, New York, NY, USA, October 21-23, 2020. ACM, 2020, pp. 25–36

  27. [27]

    AOAB: optimal and fair ordering of financial transactions

    V . Gramoli, Z. Lu, Q. Tang, and P. Zarbafian. “AOAB: optimal and fair ordering of financial transactions”. In:2024 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). IEEE. 2024, pp. 377–388

  28. [28]

    Eating Sandwiches: Modular and Lightweight Elimination of Transac- tion Reordering Attacks

    O. Alpos, I. Amores-Sesar, C. Cachin, and M. Yeo. “Eating Sandwiches: Modular and Lightweight Elimination of Transac- tion Reordering Attacks”. In:27th International Conference on Principles of Distributed Systems (OPODIS). 2024

  29. [29]

    Separation is good: A faster order-fairness Byzantine consensus

    K. Mu, B. Yin, A. Asheralieva, and X. Wei. “Separation is good: A faster order-fairness Byzantine consensus”. In: (2024)

  30. [30]

    Rashnu: Data-Dependent Order-Fairness

    H. Nagda, S. P. Singhal, M. J. Amiri, and B. T. Loo. “Rashnu: Data-Dependent Order-Fairness”. In:Proc. VLDB Endow. (2024)

  31. [31]

    Auncel: Fair Byzantine Consensus Protocol with High Performance

    W. Chen, Y . Feng, J. Zhang, Z. Cai, H. -N. Dai, and Z. Zheng. “Auncel: Fair Byzantine Consensus Protocol with High Performance”. In:IEEE INFOCOM 2024 - IEEE Conference on Computer Communications. 2024

  32. [32]

    Dikaios: Position-anchored group ordering with reputation for fair and efficient Byzantine consensus

    Y . Wang, X. Xing, G. Wang, Y . Zhang, and P. Li. “Dikaios: Position-anchored group ordering with reputation for fair and efficient Byzantine consensus”. In:Comput. Netw.(2025)

  33. [33]

    P. Ren, H. Dong, N. Sohrabi, Z. Tari, and P. Zhang.Proof- Carrying Fair Ordering: Asymmetric Verification for BFT via Incremental Graphs. 2025. eprint: 2510.14186

  34. [34]

    Ordering Transac- tions with Bounded Unfairness: Definitions, Complexity and Constructions

    A. Kiayias, N. Leonardos, and Y . Shen. “Ordering Transac- tions with Bounded Unfairness: Definitions, Complexity and Constructions”. In:Advances in Cryptology – EUROCRYPT 2024: 43rd Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2024

  35. [35]

    Ramseyer and A

    G. Ramseyer and A. Goel.Fair Ordering in Replicated Systems via Streaming Social Choice. 2024. arXiv: 2304.02730 [cs.CR]

  36. [36]

    Universal composable transaction serialization with order fairness

    M. Ciampi, A. Kiayias, and Y . Shen. “Universal composable transaction serialization with order fairness”. In:Annual Inter- national Cryptology Conference. Springer. 2024, pp. 147–180

  37. [37]

    Quick order fairness

    C. Cachin, J. Mi ´ci´c, N. Steinhauer, and L. Zanolini. “Quick order fairness”. In:International Conference on Financial Cryptography and Data Security. Springer. 2022, pp. 316–333

  38. [38]

    Amores-Sesar and M

    I. Amores-Sesar and M. Yeo.Rethinking Consensus with Time as a Primitive. Cryptology ePrint Archive, Paper 2025/1975. 2025

  39. [39]

    On Frontrunning Risks in Batch-Order Fair Systems for 14 Blockchains (Extended Version)

    E. Park, T. Yoon, H. Nam, D. Maram, and M. S. Kang. “On Frontrunning Risks in Batch-Order Fair Systems for 14 Blockchains (Extended Version)”. In:Cryptology ePrint Archive (2025)

  40. [40]

    Maximal extractable value (mev) protection on a dag

    D. Malkhi and P. Szalachowski. “Maximal extractable value (mev) protection on a dag”. In:arXiv preprint arXiv:2208.00940 (2022)

  41. [41]

    TrX: Encrypted Mempools in High Performance BFT Protocols

    R. Fernando, G.-V . Policharla, A. Tonkikh, and Z. Xiang. “TrX: Encrypted Mempools in High Performance BFT Protocols”. In:Cryptology ePrint Archive(2025)

  42. [42]

    Condorcet Attack Against Fair Transaction Ordering

    M. A. Vafadar and M. Khabbazian. “Condorcet Attack Against Fair Transaction Ordering”. In:5th Conference on Advances in Financial Technologies. 2023. APPENDIXA DETAILEDCOMPARISON WITHFAIRDAG In this section we discuss limitations of FairDAG [17], whether they could be mitigated and explain why Tilikum does not share them. The first part discusses the disa...