pith. sign in

arxiv: 2511.12626 · v3 · pith:EB57HS47new · submitted 2025-11-16 · 💻 cs.CR · cs.GT

Prrr: Personal Random Rewards for Blockchain Reporting

Hongyin Chen , Yubin Ke , Xiaotie Deng , Ittay Eyal This is my paper

Pith reviewed 2026-05-25 07:45 UTC · model grok-4.3

classification 💻 cs.CR cs.GT
keywords blockchain reportingincentive mechanismsgame theorysmart contractsrandom rewardsNash equilibriumSybil attacksmechanism design
0
0 comments X

The pith

Assigning random heterogeneous values to reports overcomes the security-efficiency trade-off in blockchain reporting.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper establishes that symmetric reward designs, which treat all reports equally, force a choice between centralization from trusted publishers and blockchain congestion from unlimited open reports. It proves no symmetric mechanism can escape this trade-off. Prrr instead assigns random personal values to each report before submission, creating deliberate asymmetry, then settles via second-price rules so that honest timely reporting forms a subgame-perfect Nash equilibrium. This equilibrium holds against collusion and Sybil attacks while keeping report volume efficient. Smart contracts that depend on timely on-chain data can therefore draw from an open pool of publishers without the prior drawbacks.

Core claim

The root cause of the trade-off is the standard symmetric reward design, which treats all reports equally. No symmetric-reward mechanism can overcome the trade-off. Prrr assigns random heterogeneous values to reports, forming Ex-Ante Synthetic Asymmetry, and employs a second-price-style settlement to allocate rewards, ensuring incentive compatibility and achieving both security and efficiency. Following the protocol constitutes a Subgame-Perfect Nash Equilibrium, robust against collusion and Sybil attacks.

What carries the argument

Ex-Ante Synthetic Asymmetry implemented by assigning random heterogeneous values to individual reports, combined with second-price-style settlement.

If this is right

  • Open publication becomes viable without flooding the blockchain with redundant reports.
  • Smart contracts can source reports from a large untrusted pool while preserving security properties.
  • Incentive compatibility holds as a subgame-perfect Nash equilibrium even when participants anticipate future interactions.
  • The design resists both collusion among publishers and creation of multiple fake identities.
  • The mechanism applies directly to any smart contract that requires timely external reports.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The deliberate creation of asymmetry through randomness may extend to other mechanism-design settings where symmetry produces congestion or centralization.
  • Practical deployment would need a verifiable random source whose cost and privacy properties match the paper's assumptions.
  • If the second-price settlement runs on-chain, gas costs and finality delays could alter the equilibrium analysis in ways not modeled.
  • Testing the protocol on a testnet with adversarial participants would directly check whether the claimed robustness materializes.

Load-bearing premise

Random heterogeneous values can be assigned to reports ex-ante in a verifiable way on-chain without leaking information or adding prohibitive costs, and the second-price settlement can be implemented such that the claimed incentive properties hold in the actual blockchain execution model.

What would settle it

A deployed Prrr system in which either report volume exceeds the efficient level or a coalition of publishers successfully deviates via collusion or Sybil identities would falsify the equilibrium claim.

Figures

Figures reproduced from arXiv: 2511.12626 by Hongyin Chen, Ittay Eyal, Xiaotie Deng, Yubin Ke.

Figure 1
Figure 1. Figure 1: The progress of Prrr in an epoch. 5. Personal Random Rewards for Reporting To overcome the impossibility of symmetric designs, we create controlled asymmetry among participants (§5.1). Building on this concept, we propose a new reporting protocol, Prrr, which employs a second-price-style reward allocation rule (§5.2) and satisfies our desired goals when all participants adhere to the protocol (§5.3). We an… view at source ↗
Figure 2
Figure 2. Figure 2: Proof sketch of Theorem 2. ( max Rpt∈PubRk P j RV(Rpt, Sk ) − max(2) Rpt∈∪n i=1PubRk P i RV(Rpt, Sk )) (21) If Pj ’s published report has the highest random value, the revenue with action (PubRk P j , 0) is (Equation 21) max Rpt∈PubRk P j RV(Rpt, Sk ) − (2) max Rpt∈∪n i=1PubRk P i RV(Rpt, Sk ), which is no less than the revenue with action (PubRk P j , Bribek P j ) (Equation 20). Otherwise, if Pj ’s publis… view at source ↗
read the original abstract

Smart contracts, the stateful programs running on blockchains, often rely on reports. Publishers are paid to publish these reports on the blockchain. Designing protocols that incentivize timely reporting is the prevalent reporting problem. But existing solutions face a security-performance trade-off: Relying on a small set of trusted publishers introduces centralization risks, while allowing open publication results in an excessive number of reports on the blockchain. We identify the root cause of this trade-off to be the standard symmetric reward design, which treats all reports equally. We prove that no symmetric-reward mechanism can overcome the trade-off. We present Personal Random Rewards for Reporting (Prrr), a protocol that assigns random heterogeneous values to reports. We call this novel mechanism-design concept Ex-Ante Synthetic Asymmetry. To the best of our knowledge, Prrr is the first game-theoretic mechanism (in any context) that deliberately forms participant asymmetry. Prrr employs a second-price-style settlement to allocate rewards, ensuring incentive compatibility and achieving both security and efficiency. Following the protocol constitutes a Subgame-Perfect Nash Equilibrium, robust against collusion and Sybil attacks. Prrr is applicable to numerous smart contracts that rely on timely reports.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 0 minor

Summary. The paper claims that symmetric reward mechanisms for incentivizing reports in blockchain smart contracts create an inherent security-performance trade-off, proves that no symmetric-reward mechanism can overcome it, and introduces the Prrr protocol. Prrr assigns random heterogeneous values to reports via a novel 'Ex-Ante Synthetic Asymmetry' concept, uses second-price-style settlement for incentive compatibility, and claims that following the protocol is a Subgame-Perfect Nash Equilibrium robust to collusion and Sybil attacks.

Significance. If the impossibility result for symmetric mechanisms and the SPNE properties of Prrr hold with a formal model, the work would introduce a new mechanism-design primitive (deliberate ex-ante asymmetry) that could resolve centralization vs. spam trade-offs in decentralized oracles and reporting systems. The explicit claim of being the first game-theoretic mechanism to form participant asymmetry is a potentially notable conceptual contribution.

major comments (2)
  1. [Abstract] Abstract: The central claims—an impossibility proof that no symmetric-reward mechanism overcomes the trade-off, and that Prrr constitutes an SPNE robust to collusion/Sybil attacks—are asserted without any model, utility functions, game tree, or derivation steps. This absence makes it impossible to verify whether the impossibility holds or whether the second-price settlement actually implements the claimed incentive properties in a blockchain execution model.
  2. [Abstract] Abstract (weakest assumption): The protocol relies on assigning random heterogeneous values ex-ante in a verifiable on-chain manner without information leakage or prohibitive costs, yet no construction, randomness source, or cost analysis is supplied to support that this assumption can be realized.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their careful reading and constructive comments. We address each major comment below.

read point-by-point responses

  1. Referee: [Abstract] Abstract: The central claims—an impossibility proof that no symmetric-reward mechanism overcomes the trade-off, and that Prrr constitutes an SPNE robust to collusion/Sybil attacks—are asserted without any model, utility functions, game tree, or derivation steps. This absence makes it impossible to verify whether the impossibility holds or whether the second-price settlement actually implements the claimed incentive properties in a blockchain execution model.

    Authors: The manuscript as submitted asserts these central claims in the abstract without including the formal model, utility functions, game tree, or derivation steps. This is a valid observation that hinders verification. In the revised manuscript, we will incorporate a dedicated section presenting the game-theoretic model, including utility functions for the publishers, the extensive-form game representation, and the full proof of the impossibility result for symmetric rewards. We will also detail the second-price settlement and prove that protocol adherence is a Subgame-Perfect Nash Equilibrium, including robustness arguments. revision: yes

  2. Referee: [Abstract] Abstract (weakest assumption): The protocol relies on assigning random heterogeneous values ex-ante in a verifiable on-chain manner without information leakage or prohibitive costs, yet no construction, randomness source, or cost analysis is supplied to support that this assumption can be realized.

    Authors: We agree that no specific construction, randomness source, or cost analysis for the ex-ante assignment of random heterogeneous values is provided in the current manuscript. This assumption is central to the protocol's feasibility. We will add a new subsection in the revised version that proposes a construction based on verifiable random functions combined with commit-reveal schemes to achieve verifiable on-chain randomness without leakage, and include a preliminary cost analysis in terms of gas fees and computational overhead. revision: yes

Circularity Check

0 steps flagged

No significant circularity; derivation self-contained

full rationale

The provided manuscript text identifies the symmetric-reward trade-off as root cause, proves no symmetric mechanism overcomes it, and introduces Ex-Ante Synthetic Asymmetry via Prrr with second-price settlement to achieve SPNE. No equations, self-citations, fitted parameters renamed as predictions, or self-definitional reductions appear in the abstract or summary. The asymmetry concept and equilibrium claim are presented as independent contributions without reducing to prior inputs by construction. The derivation therefore stands on its own stated assumptions and novel mechanism without circular steps.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 1 invented entities

Based solely on the abstract; the central claims rest on standard rational-player assumptions in mechanism design and the novel asymmetry concept without specified free parameters or external evidence.

axioms (2)
  • domain assumption Participants are rational agents who play according to Subgame-Perfect Nash Equilibrium.
    The protocol is stated to constitute a SPNE.
  • domain assumption Random heterogeneous values can be assigned to reports ex-ante without additional costs or information leakage.
    Core premise of the Prrr reward assignment.
invented entities (1)
  • Ex-Ante Synthetic Asymmetry no independent evidence
    purpose: To deliberately create participant asymmetry via random report values.
    New mechanism-design concept introduced to overcome symmetric-reward limitations.

pith-pipeline@v0.9.0 · 5741 in / 1441 out tokens · 42619 ms · 2026-05-25T07:45:16.991551+00:00 · methodology

Review history (2 revisions) →

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 1 Pith paper

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Resilient Alerting Protocols for Blockchains

    cs.CR 2026-02 unverdicted novelty 6.0

    Blockchain alerting protocols achieve asymptotically optimal O(n²) bribery resistance via simultaneous games and timed commitments, with variants trading storage, time, and synchrony assumptions.

Reference graph

Works this paper leans on

64 extracted references · 64 canonical work pages · cited by 1 Pith paper

  1. [1]

    Defi tvl rebounds to $170b, erasing terra-era bear market losses,

    O. Knight, “Defi tvl rebounds to $170b, erasing terra-era bear market losses,” https://www.coindesk.com/business/2025/09/18/defi-tvl-r ebounds-to-usd170b-erasing-terra-era-bear-market-losses, 2025, accessed, November 2025

    work page 2025

  2. [2]

    Fast and furious withdrawals from optimistic rollups,

    M. Moosavi, M. Salehi, D. Goldman, and J. Clark, “Fast and furious withdrawals from optimistic rollups,” in5th Conference on Advances in Financial Technologies (AFT 2023). Schloss Dagstuhl–Leibniz- Zentrum f ¨ur Informatik, 2023, pp. 22–1

    work page 2023

  3. [3]

    Sok: Decentralized se- quencers for rollups,

    S. Motepalli, L. Freitas, and B. Livshits, “Sok: Decentralized se- quencers for rollups,”arXiv preprint arXiv:2310.03616, 2023

    work page arXiv 2023

  4. [4]

    Mechanism design for zk-rollup prover markets,

    W. Wang, L. Zhou, A. Yaish, F. Zhang, B. Fisch, and B. Livshits, “Mechanism design for zk-rollup prover markets,”arXiv preprint arXiv:2404.06495, 2024

    work page arXiv 2024

  5. [5]

    Xclaim: Trustless, interoperable, cryptocurrency- backed assets,

    A. Zamyatin, D. Harz, J. Lind, P. Panayiotou, A. Gervais, and W. Knottenbelt, “Xclaim: Trustless, interoperable, cryptocurrency- backed assets,” in2019 IEEE symposium on security and privacy (SP). IEEE, 2019, pp. 193–210

    work page 2019

  6. [6]

    Atomic cross-chain swaps,

    M. Herlihy, “Atomic cross-chain swaps,” inProceedings of the 2018 ACM symposium on principles of distributed computing, 2018, pp. 245–254

    work page 2018

  7. [7]

    zkbridge: Trustless cross-chain bridges made practical,

    T. Xie, J. Zhang, Z. Cheng, F. Zhang, Y . Zhang, Y . Jia, D. Boneh, and D. Song, “zkbridge: Trustless cross-chain bridges made practical,” in Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, 2022, pp. 3003–3017

    work page 2022

  8. [8]

    Sprites and state channels: Payment networks that go faster than lightning,

    A. Miller, I. Bentov, S. Bakshi, R. Kumaresan, and P. McCorry, “Sprites and state channels: Payment networks that go faster than lightning,” inInternational conference on financial cryptography and data security. Springer, 2019, pp. 508–526

    work page 2019

  9. [9]

    Sok: Layer-two blockchain protocols,

    L. Gudgeon, P. Moreno-Sanchez, S. Roos, P. McCorry, and A. Ger- vais, “Sok: Layer-two blockchain protocols,” inInternational Confer- ence on Financial Cryptography and Data Security. Springer, 2020, pp. 201–226

    work page 2020

  10. [10]

    Outpost: A re- sponsive lightweight watchtower,

    M. Khabbazian, T. Nadahalli, and R. Wattenhofer, “Outpost: A re- sponsive lightweight watchtower,” inProceedings of the 1st ACM Conference on Advances in Financial Technologies, 2019, pp. 31–40

    work page 2019

  11. [11]

    Fail-safe watchtowers and short- lived assertions for payment channels,

    B. Liu, P. Szalachowski, and S. Sun, “Fail-safe watchtowers and short- lived assertions for payment channels,” inProceedings of the 15th ACM Asia Conference on Computer and Communications Security, 2020, pp. 506–518

    work page 2020

  12. [12]

    Cerberus channels: Incentivizing watchtowers for bitcoin,

    Z. Avarikioti, O. S. Thyfronitis Litos, and R. Wattenhofer, “Cerberus channels: Incentivizing watchtowers for bitcoin,” inInternational Conference on Financial Cryptography and Data Security. Springer, 2020, pp. 346–366

    work page 2020

  13. [13]

    Don’t trust, verify: The case of slashing from a popular ethereum explorer,

    Z. He, J. Li, and Z. Wu, “Don’t trust, verify: The case of slashing from a popular ethereum explorer,” inCompanion Proceedings of the ACM Web Conference 2023, 2023, pp. 1078–1084

    work page 2023

  14. [14]

    An em- pirical study of defi liquidations: Incentives, risks, and instabilities,

    K. Qin, L. Zhou, P. Gamito, P. Jovanovic, and A. Gervais, “An em- pirical study of defi liquidations: Incentives, risks, and instabilities,” inProceedings of the 21st ACM internet measurement conference, 2021, pp. 336–350

    work page 2021

  15. [15]

    Managing derivatives on a blockchain. a financial mar- ket professional implementation,

    M. Morini, “Managing derivatives on a blockchain. a financial mar- ket professional implementation,”A Financial Market Professional Implementation (May 5, 2017), 2017

    work page 2017

  16. [16]

    Arbitrage in perpetual contracts,

    M. Dai, L. Li, and C. Yang, “Arbitrage in perpetual contracts,” Available at SSRN 5262988, 2025

    work page 2025

  17. [17]

    Perpetual future contracts in central- ized and decentralized exchanges: Mechanism and traders’ behavior,

    E. Chen, M. Ma, and Z. Nie, “Perpetual future contracts in central- ized and decentralized exchanges: Mechanism and traders’ behavior,” Electronic Markets, vol. 34, no. 1, p. 35, 2024

    work page 2024

  18. [18]

    Base blames faulty sequencer for 33-minute outage, fixes made,

    B. Lindrea, “Base blames faulty sequencer for 33-minute outage, fixes made,” https://cointelegraph.com/news/base-blames-faulty-sequencer -33-minute-network-outage, 2025, accessed, October 2025

    work page 2025

  19. [19]

    Arbitrum temporarily stopped processing due to soft- ware bug,

    S. D. Young, “Arbitrum temporarily stopped processing due to soft- ware bug,” https://www.coindesk.com/tech/2023/06/07/arbitrum-tem porarily-stopped-processing-due-to-software-bug, 2023, accessed, October 2025

    work page 2023

  20. [20]

    Ethereum l2 starknet suffers 2nd mainnet outage in 2 months,

    Z. V ´ardai, “Ethereum l2 starknet suffers 2nd mainnet outage in 2 months,” https://cointelegraph.com/news/starknet-outage-ethereum-l 2-reliability-concerns, 2025, accessed, October 2025

    work page 2025

  21. [21]

    Flash boys 2.0: Frontrunning in decentralized exchanges, miner extractable value, and consensus instability,

    P. Daian, S. Goldfeder, T. Kell, Y . Li, X. Zhao, I. Bentov, L. Breiden- bach, and A. Juels, “Flash boys 2.0: Frontrunning in decentralized exchanges, miner extractable value, and consensus instability,” in 2020 IEEE symposium on security and privacy (SP). IEEE, 2020, pp. 910–927

    work page 2020

  22. [22]

    Fallout: Ethereum fees skyrocketed as traders raced to unwind leveraged positions,

    Cointelegraph, “Fallout: Ethereum fees skyrocketed as traders raced to unwind leveraged positions,” https://cointelegraph.com/news/fallo ut-ethereum-fees-skyrocketed-as-traders-raced-to-unwind-leveraged -positions, 2021, accessed, October 2025

    work page 2021

  23. [23]

    Mad-htlc: because htlc is crazy-cheap to attack,

    I. Tsabary, M. Yechieli, A. Manuskin, and I. Eyal, “Mad-htlc: because htlc is crazy-cheap to attack,” in2021 IEEE symposium on security and privacy (SP). IEEE, 2021, pp. 1230–1248

    work page 2021

  24. [24]

    Checkmate: Automated game-theoretic security reasoning,

    L. S. Brugger, L. Kov ´acs, A. Petkovic Komel, S. Rain, and M. Raw- son, “Checkmate: Automated game-theoretic security reasoning,” in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023, pp. 1407–1421

    work page 2023

  25. [25]

    Uncle maker:(time) stamping out the competition in ethereum,

    A. Yaish, G. Stern, and A. Zohar, “Uncle maker:(time) stamping out the competition in ethereum,” inProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023, pp. 135–149

    work page 2023

  26. [26]

    Bdos: Blockchain denial-of-service,

    M. Mirkin, Y . Ji, J. Pang, A. Klages-Mundt, I. Eyal, and A. Juels, “Bdos: Blockchain denial-of-service,” inProceedings of the 2020 ACM SIGSAC conference on Computer and Communications Secu- rity, 2020, pp. 601–619

    work page 2020

  27. [27]

    On the instability of bitcoin without the block reward,

    M. Carlsten, H. Kalodner, S. M. Weinberg, and A. Narayanan, “On the instability of bitcoin without the block reward,” inProceedings of the 2016 ACM SIGSAC conference on computer and communications security, 2016, pp. 154–167

    work page 2016

  28. [28]

    B ¨orgers,An introduction to the theory of mechanism design

    T. B ¨orgers,An introduction to the theory of mechanism design. Oxford university press, 2015

    work page 2015

  29. [29]

    Simple versus optimal mecha- nisms,

    J. D. Hartline and T. Roughgarden, “Simple versus optimal mecha- nisms,” inProceedings of the 10th ACM Conference on Electronic Commerce (EC ’09). ACM, 2009, pp. 225–234

    work page 2009

  30. [30]

    The dynamic pivot mechanism,

    D. Bergemann and J. V ¨alim¨aki, “The dynamic pivot mechanism,” Econometrica, vol. 78, no. 2, pp. 771–789, 2010

    work page 2010

  31. [31]

    Optimal auction design,

    R. B. Myerson, “Optimal auction design,”Mathematics of operations research, vol. 6, no. 1, pp. 58–73, 1981

    work page 1981

  32. [32]

    Optimistic and validity rollups: Analysis and comparison between optimism and starknet,

    L. Donno, “Optimistic and validity rollups: Analysis and comparison between optimism and starknet,”arXiv preprint arXiv:2210.16610, 2022

    work page arXiv 2022

  33. [33]

    An overview on cross-chain: Mechanism, platforms, challenges and advances,

    W. Ou, S. Huang, J. Zheng, Q. Zhang, G. Zeng, and W. Han, “An overview on cross-chain: Mechanism, platforms, challenges and advances,”Computer Networks, vol. 218, p. 109378, 2022

    work page 2022

  34. [34]

    The bitcoin lightning network: Scalable off- chain instant payments,

    J. Poon and T. Dryja, “The bitcoin lightning network: Scalable off- chain instant payments,” 2016

    work page 2016

  35. [35]

    Silentower: A robust, scalable and secure watchtower with silent executors,

    M. Xu, Y . Zhang, and S. Zhong, “Silentower: A robust, scalable and secure watchtower with silent executors,” in2023 42nd International Symposium on Reliable Distributed Systems (SRDS). IEEE, 2023, pp. 173–186

    work page 2023

  36. [36]

    The staking mechanisms in ethereum,

    E. Jaghjough Lamrani, “The staking mechanisms in ethereum,” 2024

    work page 2024

  37. [37]

    Contract enforcement and decentralized consensus: The case of slashing,

    Z. He and J. Li, “Contract enforcement and decentralized consensus: The case of slashing,”Available at SSRN 4036000, 2022

    work page 2022

  38. [38]

    Pow nft: The first ever mineable nft,

    P. NFT, “Pow nft: The first ever mineable nft,” https://www.pownft.c om/, 2025, accessed, October 2025

    work page 2025

  39. [39]

    Sok: Oracles from the ground truth to market manipulation,

    S. Eskandari, M. Salehi, W. C. Gu, and J. Clark, “Sok: Oracles from the ground truth to market manipulation,” inProceedings of the 3rd ACM Conference on Advances in Financial Technologies, 2021, pp. 127–141

    work page 2021

  40. [40]

    Chainlink 2.0: Next steps in the evolution of decentralized oracle networks,

    L. Breidenbach, C. Cachin, B. Chan, A. Coventry, S. Ellis, A. Juels, F. Koushanfar, A. Miller, B. Magauran, D. Morozet al., “Chainlink 2.0: Next steps in the evolution of decentralized oracle networks,” Chainlink Labs, vol. 1, pp. 1–136, 2021

    work page 2021

  41. [41]

    Astraea: A decentralized blockchain oracle,

    J. Adler, R. Berryhill, A. Veneris, Z. Poulos, N. Veira, and A. Kas- tania, “Astraea: A decentralized blockchain oracle,” in2018 IEEE international conference on internet of things (IThings) and IEEE green computing and communications (GreenCom) and IEEE cyber, physical and social computing (CPSCom) and IEEE smart data (SmartData). IEEE, 2018, pp. 1145–1152

    work page 2018

  42. [42]

    Deco: Liberating web data using decentralized oracles for tls,

    F. Zhang, D. Maram, H. Malvai, S. Goldfeder, and A. Juels, “Deco: Liberating web data using decentralized oracles for tls,” inPro- ceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, 2020, pp. 1919–1938

    work page 2020

  43. [43]

    Wendy, the good little fairness widget: Achieving order fairness for blockchains,

    K. Kursawe, “Wendy, the good little fairness widget: Achieving order fairness for blockchains,” inProceedings of the 2nd ACM Conference on Advances in Financial Technologies, 2020, pp. 25–36

    work page 2020

  44. [44]

    Enforcing fairness in blockchain trans- action ordering,

    A. Orda and O. Rottenstreich, “Enforcing fairness in blockchain trans- action ordering,”Peer-to-peer Networking and Applications, vol. 14, no. 6, pp. 3660–3673, 2021

    work page 2021

  45. [45]

    Order-fairness for byzantine consensus,

    M. Kelkar, F. Zhang, S. Goldfeder, and A. Juels, “Order-fairness for byzantine consensus,” inAnnual International Cryptology Confer- ence. Springer, 2020, pp. 451–480

    work page 2020

  46. [46]

    Order-fair consensus in the permissionless setting,

    M. Kelkar, S. Deb, and S. Kannan, “Order-fair consensus in the permissionless setting,” inProceedings of the 9th ACM on ASIA Public-Key Cryptography Workshop, 2022, pp. 3–14

    work page 2022

  47. [47]

    Quick order fairness,

    C. Cachin, J. Mi ´ci´c, N. Steinhauer, and L. Zanolini, “Quick order fairness,” inInternational Conference on Financial Cryptography and Data Security. Springer, 2022, pp. 316–333

    work page 2022

  48. [48]

    Decentralized prover network,

    ZKFair, “Decentralized prover network,” https://docs.zkfair.io/decen tralized-prover-network, 2024, accessed: 2024-05-17

    work page 2024

  49. [49]

    Proof of stake vs proof of work: A guide to consensus mechanisms,

    A. Engineering, “Proof of stake vs proof of work: A guide to consensus mechanisms,” https://aleo.org/post/proof-of-stake-vs-p roof-of-work/, 2025, published: 2025-04-11. Accessed: 2025-11-06

    work page 2025

  50. [50]

    Zkfair documentation,

    Z. Team, “Zkfair documentation,” https://docs.zkfair.io/, 2024, accessed: 2024-05-20

    work page 2024

  51. [51]

    Spurt: Scalable distributed randomness beacon with transparent setup,

    S. Das, V . Krishnan, I. M. Isaac, and L. Ren, “Spurt: Scalable distributed randomness beacon with transparent setup,” in2022 IEEE Symposium on Security and Privacy (SP). IEEE, 2022, pp. 2502– 2517

    work page 2022

  52. [52]

    Randpiper– reconfiguration-friendly random beacons with quadratic communi- cation,

    A. Bhat, N. Shrestha, Z. Luo, A. Kate, and K. Nayak, “Randpiper– reconfiguration-friendly random beacons with quadratic communi- cation,” inProceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, 2021, pp. 3502–3524

    work page 2021

  53. [53]

    Foundations of transaction fee mechanism design,

    H. Chung and E. Shi, “Foundations of transaction fee mechanism design,” inProceedings of the 2023 Annual ACM-SIAM Symposium on Discrete Algorithms (SODA). SIAM, 2023, pp. 3856–3899

    work page 2023

  54. [54]

    Starknet: A decentralized validity-rollup (zk-rollup),

    S. Industries, “Starknet: A decentralized validity-rollup (zk-rollup),” https://starkware.co/starknet/, 2023, accessed: 2024-05-17

    work page 2023

  55. [55]

    Polygon,

    Polygon Technology, “Polygon,” https://polygon.technology/, 2023, accessed: 2024-05-17

    work page 2023

  56. [56]

    Demystifying defi mev activities in flashbots bundle,

    Z. Li, J. Li, Z. He, X. Luo, T. Wang, X. Ni, W. Yang, X. Chen, and T. Chen, “Demystifying defi mev activities in flashbots bundle,” in Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, 2023, pp. 165–179

    work page 2023

  57. [57]

    Verifiable random functions,

    S. Micali, M. Rabin, and S. Vadhan, “Verifiable random functions,” in40th annual symposium on foundations of computer science (cat. No. 99CB37039). IEEE, 1999, pp. 120–130

    work page 1999

  58. [58]

    False-name-proof mechanism design without money,

    T. Todo, A. Iwasaki, and M. Yokoo, “False-name-proof mechanism design without money,” inThe 10th International Conference on Autonomous Agents and Multiagent Systems-Volume 2, 2011, pp. 651–658

    work page 2011

  59. [59]

    Mechanism design with collusion and correlation,

    J.-J. Laffont and D. Martimort, “Mechanism design with collusion and correlation,”Econometrica, vol. 68, no. 2, pp. 309–342, 2000

    work page 2000

  60. [60]

    Transaction fee mechanism design,

    T. Roughgarden, “Transaction fee mechanism design,”ACM SIGecom Exchanges, vol. 19, no. 1, pp. 52–55, 2021

    work page 2021

  61. [61]

    Ouroboros: A provably secure proof-of-stake blockchain protocol,

    A. Kiayias, A. Russell, B. David, and R. Oliynykov, “Ouroboros: A provably secure proof-of-stake blockchain protocol,” inAnnual international cryptology conference. Springer, 2017, pp. 357–388

    work page 2017

  62. [62]

    Snow white: Robustly reconfigurable consensus and applications to provably secure proof of stake,

    P. Daian, R. Pass, and E. Shi, “Snow white: Robustly reconfigurable consensus and applications to provably secure proof of stake,” in International conference on financial cryptography and data security. Springer, 2019, pp. 23–41

    work page 2019

  63. [63]

    Ethereum white paper,

    V . Buterinet al., “Ethereum white paper,”GitHub repository, vol. 1, no. 22-23, pp. 5–7, 2013

    work page 2013

  64. [64]

    H. A. David and H. N. Nagaraja,Order statistics. John Wiley & Sons, 2004. Appendix A. Practical Considerations of Prrr First, some blockchain protocols, such as Ethereum [63], require a minimum fee for each transaction. This minimum fee is not awarded to validators but is insteadburned, i.e., permanently removed from circulation. The Prrr protocol can sim...

    work page 2004