Wonderboom -- Efficient, and Censorship-Resilient Signature Aggregation for Million Scale Consensus

Over the last years, Ethereum has evolved into a public platform that safeguards the savings of hundreds of millions of people and secures more than $650 billion in assets, placing it among the top 25 stock exchanges worldwide in market capitalization, ahead of Singapore, Mexico, and Thailand. As such, the performance and security of the Ethereum blockchain are not only of theoretical interest, but also carry significant global economic implications. At the time of writing, the Ethereum platform is collectively secured by almost one million validators highlighting its decentralized nature and underlining its economic security guarantees. However, due to this large validator set, the protocol takes around 15 minutes to finalize a block which is prohibitively slow for many real world applications. This delay is largely driven by the cost of aggregating and disseminating signatures across a validator set of this scale. Furthermore, as we show in this paper, the existing protocol that is used to aggregate and disseminate the signatures has several shortcomings that can be exploited by adversaries to shift stake proportion from honest to adversarial nodes. In this paper, we introduce Wonderboom, the first million scale aggregation protocol that can efficiently aggregate the signatures of millions of validators in a single Ethereum slot (x32 faster) while offering higher security guarantees than the state of the art protocol used in Ethereum. Furthermore, to evaluate Wonderboom, we implement the first simulation tool that can simulate such a protocol on the million scale and show that even in the worst case Wonderboom can aggregate and verify more than 2 million signatures within a single Ethereum slot.

💡 Research Summary

The paper addresses two critical bottlenecks in Ethereum’s current proof‑of‑stake design: (i) the long finality latency of roughly 15 minutes, caused by the need to collect and verify at least 2⁄3 N attestations across a validator set that is now close to one million, and (ii) the vulnerability of the existing hierarchical signature‑aggregation protocol to censorship attacks that can shift stake from honest to adversarial validators over time.
Wonderboom is introduced as the first aggregation protocol that can collect and verify the signatures of millions of validators within a single 12‑second slot, achieving a theoretical two‑slot finality. The core of Wonderboom is a deep, m‑ary tree where each node represents a committee of 128 validators and 16 randomly chosen representatives perform aggregation. By leveraging BLS signature aggregation together with a bit‑vector based compressed public‑key representation, the protocol collapses N individual signatures into a single signature‑public‑key pair that can be verified in constant time.
Censorship resilience is tackled on two fronts. First, proposer and validator processes are physically separated and assigned distinct IP addresses, reducing the attack surface for proposer deanonymization via the gossip layer. Validators communicate over point‑to‑point channels for aggregation, while all messages to and from the proposer continue to use the existing gossip network. Second, to mitigate vote‑censorship, Wonderboom enforces a simple forwarding rule: the largest aggregate received by a node is always combined with one uniformly random aggregate before being forwarded upward. Coupled with a “once‑per‑k‑slot” reward scheme—where a validator receives its reward if its vote appears at least once in a window of k slots—this rule yields a per‑slot censorship probability p that can be made very small. The overall probability of missing a reward becomes (1‑p)^k, which decays exponentially with k. The authors prove that with k = 64 (two epochs) Wonderboom attains the same censorship‑resilience level that Ethereum would need only by extending its effective penalisation window to six epochs.
The security model assumes a Byzantine fault tolerance setting with up to f = (N‑1)/3 faulty nodes and a slowly adaptive adversary that can only re‑corrupt nodes at epoch boundaries. Under these assumptions, the BLS‑based aggregation guarantees unforgeability and the tree‑based protocol preserves safety. The synchronous network model (global bound Δ) is justified by Ethereum’s slashing mechanism, and the authors note that real‑world measurements (≈ 4 seconds to reach 98 % of validators via gossip) leave sufficient slack for the three gossip rounds required by Wonderboom’s tree depth.
To validate the design, the authors build the first simulation framework capable of modeling million‑scale consensus, including worst‑case fault patterns (N³ faulty nodes). Experiments show that Wonderboom can aggregate and verify more than 2 million signatures within a single slot, a 4× speed‑up over the current Ethereum aggregation pipeline and an overall > 32× acceleration when accounting for proposer‑validator separation. The simulation also confirms the theoretical censorship‑resilience gains.
In summary, Wonderboom contributes: (1) a modular, tree‑based aggregation protocol that reduces Ethereum’s finality latency from ~15 minutes to ~30 seconds, (2) a provably stronger vote‑censorship resilience that requires a much shorter reward window than Ethereum, and (3) a practical simulation tool for evaluating Byzantine‑fault‑tolerant signature aggregation at the million‑validator scale. The work demonstrates that large‑scale PoS blockchains can achieve both high throughput and robust security without radical changes to the underlying consensus logic.