Aarhus University Seal

GearBox: Optimal-size Shard Committees by Leveraging the Safety-Liveness Dichotomy

Research output: Contribution to book/anthology/report/proceedingArticle in proceedingsResearchpeer-review


  • Bernardo David, IT University of Copenhagen
  • ,
  • Bernardo Magri, Manchester University
  • ,
  • Christian Matt, Concordium
  • ,
  • Jesper Buus Nielsen
  • Daniel Tschudi, Concordium

Sharding is an emerging technique to overcome scalability issues on blockchain based public ledgers. Without sharding, every node in the network has to listen to and process all ledger protocol messages. The basic idea of sharding is to parallelize the ledger protocol: the nodes are divided into smaller subsets that each take care of a fraction of the original load by executing lighter instances of the ledger protocol, also called shards. The smaller the shards, the higher the efficiency, as by increasing parallelism there is less overhead in the shard consensus. In this vein, we propose a novel approach that leverages the sharding safety-liveness dichotomy. We separate the liveness and safety in shard consensus, allowing us to dynamically tune shard parameters to achieve essentially optimal efficiency for the current corruption ratio of the system. We start by sampling a relatively small shard (possibly with a small honesty ratio), and we carefully trade-off safety for liveness in the consensus mechanism to tolerate small honesty without losing safety. However, for a shard to be live, a higher honesty ratio is required in the worst case. To detect liveness failures, we use a so-called control chain that is always live and safe. Shards that are detected to be not live are resampled with increased shard size and liveness tolerance until they are live, ensuring that all shards are always safe and run with optimal efficiency. As a concrete example, considering a population of 10K parties with at most 30% corruption and 60-bit security, previous designs required over 5800 parties in each shard to guarantee security. Our design requires only 1713 parties in the worst case with maximal corruption, and in the optimistic case works with only∼35 parties without compromising security. Moreover, in this highly concurrent execution setting, it is paramount to guarantee that both the sharded ledger protocol and its sub protocols (i.e., the shards) are secure under composition. To prove the security of our approach, we present ideal functionalities capturing a sharded ledger as well as ideal functionalities capturing the control chain and individual shard consensus, which needs adjustable liveness. We further formalize our protocols and prove that they securely realize the sharded ledger functionality in the UC framework.

Original languageEnglish
Title of host publicationCCS'22 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
Number of pages14
Place of publicationNew York
PublisherAssociation for Computing Machinery
Publication yearNov 2022
ISBN (Electronic)9781450394505
Publication statusPublished - Nov 2022
Event28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022 - Los Angeles, United States
Duration: 7 Nov 202211 Nov 2022


Conference28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022
LandUnited States
ByLos Angeles
SponsorACM Special Interest Group on Security, Audit, and Control (SIGSAC)

    Research areas

  • blockchain, sharding

See relations at Aarhus University Citationformats

ID: 296621082