%22%3E%3Cstop%20offset%3D%220%25%22%20stop-color%3D%22%231e1b4b%22%2F%3E%3Cstop%20offset%3D%22100%25%22%20stop-color%3D%22%234f46e5%22%20stop-opacity%3D%220.6%22%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D%22800%22%20height%3D%22200%22%20fill%3D%22url(%23bg)%22%2F%3E%3Ccircle%20cx%3D%22235%22%20cy%3D%2256%22%20r%3D%22120%22%20fill%3D%22%234f46e5%22%20opacity%3D%220.15%22%2F%3E%3Ccircle%20cx%3D%22250%22%20cy%3D%2243%22%20r%3D%22165%22%20fill%3D%22%234f46e5%22%20opacity%3D%220.28%22%2F%3E%3Ccircle%20cx%3D%22373%22%20cy%3D%22192%22%20r%3D%22113%22%20fill%3D%22%234f46e5%22%20opacity%3D%220.27%22%2F%3E%3Ccircle%20cx%3D%22310%22%20cy%3D%2260%22%20r%3D%2223%22%20fill%3D%22none%22%20stroke%3D%22%23818cf8%22%20stroke-width%3D%225.4%22%20opacity%3D%220.26%22%2F%3E%3Cpolygon%20points%3D%22356%2C92%20353%2C113%20407%2C62%22%20fill%3D%22%234f46e5%22%20opacity%3D%220.25%22%2F%3E%3Crect%20x%3D%22680%22%20y%3D%227%22%20width%3D%2223%22%20height%3D%2228%22%20rx%3D%227%22%20fill%3D%22%23818cf8%22%20opacity%3D%220.31%22%20transform%3D%22rotate(-4%20680%207)%22%2F%3E%3Crect%20x%3D%22321%22%20y%3D%22178%22%20width%3D%2277%22%20height%3D%2229%22%20rx%3D%2211%22%20fill%3D%22%234f46e5%22%20opacity%3D%220.18%22%20transform%3D%22rotate(-5%20321%20178)%22%2F%3E%3Ccircle%20cx%3D%22728%22%20cy%3D%221%22%20r%3D%2221%22%20fill%3D%22none%22%20stroke%3D%22%23818cf8%22%20stroke-width%3D%223.1%22%20opacity%3D%220.22%22%2F%3E%3Crect%20x%3D%22622%22%20y%3D%22131%22%20width%3D%2267%22%20height%3D%2256%22%20rx%3D%229%22%20fill%3D%22%234f46e5%22%20opacity%3D%220.13%22%20transform%3D%22rotate(-16%20622%20131)%22%2F%3E%3Ccircle%20cx%3D%22578%22%20cy%3D%22163%22%20r%3D%2217%22%20fill%3D%22none%22%20stroke%3D%22%23818cf8%22%20stroke-width%3D%223.8%22%20opacity%3D%220.20%22%2F%3E%3Ccircle%20cx%3D%22592%22%20cy%3D%22116%22%20r%3D%2225%22%20fill%3D%22none%22%20stroke%3D%22%234f46e5%22%20stroke-width%3D%224.6%22%20opacity%3D%220.16%22%2F%3E%3Ccircle%20cx%3D%22329%22%20cy%3D%2232%22%20r%3D%222%22%20fill%3D%22%23818cf8%22%20opacity%3D%220.78%22%2F%3E%3Ccircle%20cx%3D%223%22%20cy%3D%22134%22%20r%3D%222%22%20fill%3D%22%23818cf8%22%20opacity%3D%220.62%22%2F%3E%3Ccircle%20cx%3D%22746%22%20cy%3D%22193%22%20r%3D%226%22%20fill%3D%22%23818cf8%22%20opacity%3D%220.60%22%2F%3E%3Ccircle%20cx%3D%22465%22%20cy%3D%2218%22%20r%3D%226%22%20fill%3D%22%23818cf8%22%20opacity%3D%220.60%22%2F%3E%3C%2Fsvg%3E)
Introduction
The Cerberus whitepaper, first published on arXiv in August 2020, presents a consensus protocol designed to achieve parallelised transaction processing across an effectively unlimited number of shards while preserving atomic composability. The paper was authored by Florian CΓ€sar, Daniel P. Hughes (founder of Radix), Joshua Primero, and Professor Mohammad Sadoghi of the University of California, Davis.
Unlike most blockchain whitepapers that remain unreviewed, Cerberus underwent rigorous academic scrutiny and was accepted into the Journal of Systems Research (JSys) in 2023 after a full peer-review process. This places Radix among a small number of public ledger projects whose core consensus mechanism has been validated to the highest academic standards.
Paper Overview
The paper addresses a fundamental tension in distributed ledger design: how to shard a network for scalability without sacrificing the ability to atomically compose transactions across shards. The authors argue that existing sharded protocols either impose global ordering (limiting throughput) or sacrifice atomicity (breaking composability).
Problem Statement
Traditional blockchains process transactions sequentially on a single chain, creating a throughput bottleneck. Sharding partitions the ledger across independent groups of validators, enabling parallel processing. However, when a transaction touches data on multiple shards, the shards must coordinate β and prior approaches either relied on expensive cross-shard locking mechanisms, required global consensus, or could not guarantee atomicity.
Three Protocol Variants
Cerberus is presented in three variants of increasing robustness:
- Core-Cerberus β operates under strict environmental assumptions with well-behaved clients, requiring no additional coordination beyond single-shard BFT consensus. Each shard independently decides to commit or abort, and the UTXO-based state model prevents double-spending without global ordering.
- Optimistic-Cerberus β avoids extra coordination phases during normal operation but includes recovery mechanisms for Byzantine behaviour, accepting higher costs only when attacks are detected.
- Pessimistic-Cerberus β adds proactive coordination phases that allow operation in fully adversarial environments, trading some latency for consistent safety guarantees regardless of client behaviour.
UC Davis Collaboration
In 2020, Radix partnered with UC Davis' ExpoLab, led by Professor Mohammad Sadoghi, to provide independent academic validation of Cerberus. The ExpoLab team included postdoctoral fellow Jelle Hellings, and PhD candidates Suyash Gupta and Sajjad Rahnama β researchers with deep expertise in Byzantine fault-tolerant systems.
The collaboration focused on four areas:
- Formal mathematical proofs β creating rigorous proofs of safety and liveness for each protocol variant, going beyond the original whitepaper's informal arguments.
- Security analysis β identifying potential attack vectors (equivocation, cross-shard deadlocks, validator collusion) and verifying that the protocol's mitigations hold under adversarial conditions.
- Implementation testing β deploying Cerberus on ExpoLab's ExpoDB platform to benchmark real-world performance, latency, and throughput characteristics.
- Comparative analysis β benchmarking Cerberus against other sharded BFT protocols (AHL, ByShard, Caper) on scalability, liveness, and safety metrics.
The resulting peer-reviewed evaluation, published in JSys, confirmed that Cerberus achieves linear throughput scaling with the number of shards while maintaining atomic cross-shard commitment β a combination no prior protocol had demonstrated under formal analysis.
Key Technical Contributions
The paper makes several contributions to distributed systems research:
- Braided consensus β Cerberus "braids" independent single-shard BFT consensus instances (3-chains) into an emergent multi-shard consensus (a 3-braid). Each shard runs its own HotStuff-derived BFT instance; when a transaction spans multiple shards, their consensus processes are temporarily linked to reach a joint commit-or-abort decision.
- Minimised coordination β cross-shard commitment requires only a single additional consensus step per involved shard, with no global ordering or leader election. Shards that are not involved in a given transaction are unaffected.
- UTXO-based conflict prevention β by adopting a substate (UTXO-like) model, data must be consumed and recreated to be modified, preventing concurrent modification conflicts without cross-shard locks.
- Cluster-send primitive β a communication primitive that prevents equivocation by ensuring a validator cannot send conflicting messages to different shards within the same transaction.