Improving Cryptarchia #1: Privacy Preserving Hybrid Consensus

Primary Objective

Existing Privacy-Preserving Proof-of-Stake (PPoS) protocols—such as Ganesh et al.'s PPoS, Kerber et al.'s Ouroboros Crypsinous, and our own Nomos Cryptarchia—achieve liveness and safety but suffer from low throughput and high confirmation latency. In this writeup, we aim to design a PPoS protocol that significantly improves performance while maintaining strong liveness and safety guarantees.

“Commit-and-Prove” in Privacy-Preserving Protocols

A foundational technique in many privacy-preserving cryptocurrencies is the Commit-and-Prove paradigm. It enables privacy and verifiability by combining non-interactive commitments with non-interactive zero-knowledge (NIZK) proofs. This approach is widely adopted in protocols like Zerocash and Ouroboros Crypsinous.

Zerocash uses Commit-and-Prove to enable fully anonymous transactions: users commit to transaction data (e.g., serial numbers, coins) and prove correctness via succinct NIZKs without revealing sensitive information.
Ouroboros Crypsinous extends this paradigm to a PoS setting, enabling private block production and validation. Here too, NIZKs are used to verify stake ownership and eligibility without revealing identities or balances.

While effective for privacy, these techniques tend to increase computational and communication overhead—limiting throughput and responsiveness in decentralized settings.

Hybrid Consensus

Hybrid Consensus (Pass–Shi '17) is a layered consensus architecture combining the robustness of permissionless blockchain protocols (PoW or PoS) with the efficiency of classical Byzantine Fault-Tolerant (BFT) consensus. The key idea is to decouple leader election from transaction confirmation:

Leader Election via PoW/PoS

A slow PoW or PoS chain operates continuously.
Instead of confirming transactions directly, each block selects committee members for the next epoch—typically the block proposers or stakers themselves.

Fast Transaction Confirmation via BFT

The selected committee executes a classical BFT protocol (e.g., PBFT, HotStuff) to confirm transactions.
Since committee size is small and fixed, the protocol achieves responsive confirmation in O(Δ) time, where Δ is the actual network delay.

Security and Performance Guarantees

Safety: No two honest committees confirm conflicting transactions, even with up to 1/3 adversarial committee members.