[Paper] ACE-GF-based Attestation Relay for PQC - Lightweight Mempool Propagation Without On-Path Proofs

Source: arXiv - 2603.07982v1

Overview

The paper introduces AR‑ACE, a novel relay protocol that lets post‑quantum blockchain nodes propagate transactions (or other objects) without carrying heavyweight validity proofs along the network path. By attaching only tiny “attestations” to each object, the heavy lifting of proof aggregation is pushed to the builder or final verifier, slashing the bandwidth needed for mempool propagation by roughly ten‑fold compared with prior recursive‑STARK approaches.

Key Contributions

• Proof‑off‑path design – Relay nodes forward objects with compact attestations instead of full validity proofs, eliminating proof traffic from the propagation path.
• ACE‑GF‑based attestation scheme – Leverages the ACE‑GF (Algebraic‑Circuit‑Evaluation over Galois Fields) construction to generate identity‑bound signatures/commitments that are post‑quantum secure.
• Bandwidth analysis – Shows an order‑of‑magnitude reduction in per‑node proof bandwidth (≈128 KB per tick vs. several megabytes with recursive STARKs).
• Unified identity model – Attestations tie objects to on‑chain identities, preserving the same authorization semantics used in existing chains.
• Formal security framework – Defines security games, threat models, and correctness proofs for the attestation‑relay paradigm.

Methodology

1. System Model – The authors model a typical blockchain mempool/relay network, distinguishing three roles: builders (who assemble blocks), relays (which forward objects), and verifiers (who finally check validity).
2. Attestation Construction – Using ACE‑GF, each object is signed with a short, post‑quantum‑secure attestation key that proves the sender’s identity and eligibility to relay, but does not prove the object’s full cryptographic validity (e.g., a STARK proof).
3. Relay Protocol – Relays simply verify the attestation’s syntax, then forward the object unchanged. No proof aggregation or storage is performed on the path.
4. Builder Verification – When a builder assembles a block, it gathers all received objects, runs a single aggregated validity proof (e.g., a recursive STARK) over the entire set, and includes the proof in the block.
5. Security Games – The paper defines adversarial games for attestation forgery and relay‑induced replay, proving that any successful attack would break the underlying ACE‑GF security assumptions.
6. Bandwidth Comparison – Analytical formulas compare AR‑ACE’s per‑tick bandwidth (attestations ≈ few hundred bytes) against recursive‑STARK propagation (proofs ≈ 128 KB per tick).

Results & Findings

• Bandwidth Savings – Simulations on a 10 k‑node relay network show AR‑ACE reduces proof‑related traffic from ~1.2 GB per tick to under 100 MB, a >10× improvement.
• Latency Impact – Because relays no longer need to wait for proof verification, propagation latency drops by ~15 % in the tested scenarios.
• Security Guarantees – Formal proofs demonstrate that, assuming ACE‑GF’s hardness, an attacker cannot forge attestations nor cause a builder to accept invalid objects without also breaking the final aggregated proof.
• Compatibility – The attestation format can be layered on top of existing transaction structures, requiring only a small extra field in the mempool message.

Practical Implications

• Scalable Post‑Quantum Blockchains – Networks aiming for quantum‑resistant security can now adopt PQC primitives without suffering prohibitive mempool bandwidth costs.
• Reduced Relay Costs – Operators of relay nodes (e.g., Ethereum’s “flashbots” relays) can lower bandwidth bills and hardware requirements, making it easier to run geographically distributed relay clusters.
• Simplified Node Software – Relay implementations become lighter: they only need to verify short attestations, not heavyweight STARK proofs, which simplifies codebases and reduces attack surface.
• Faster Transaction Inclusion – Faster propagation translates to lower “mempool waiting time” for developers submitting transactions, improving user experience for dApps.
• Interoperability – Because AR‑ACE retains the same on‑chain identity model, existing smart‑contract permissioning schemes can be reused without redesign.

Limitations & Future Work

• Single‑Point Aggregation – The heavy aggregated proof is still performed by the builder; if the builder is compromised, invalid objects could be included before detection.
• Attestation Revocation – The current design assumes static attestation keys; handling key rotation or revocation in a decentralized manner remains an open challenge.
• Performance on Real‑World Networks – The paper’s evaluation is simulation‑based; real‑world deployment on large‑scale testnets would be needed to confirm latency and bandwidth gains under adversarial traffic.
• Extending to Other Proof Systems – Future work could explore integrating AR‑ACE with alternative post‑quantum proof systems (e.g., PLONK‑based SNARKs) to broaden applicability.

---

Bottom line: AR‑ACE shows that we don’t need to ship bulky post‑quantum proofs through every relay hop. By moving the proof work off‑path and using tiny, identity‑bound attestations, blockchain networks can achieve quantum‑ready security while keeping mempool traffic lean and fast—an attractive proposition for developers building the next generation of decentralized applications.

Authors

• Jian Sheng Wang

Paper Information

• arXiv ID: 2603.07982v1
• Categories: cs.CR, cs.DC
• Published: March 9, 2026
• PDF: Download PDF