- Assumes a partially synchronous communication model - there is a known upper bound on message delivery time, and the system is synchronous after that bound;
- Safety does not depend on synchrony assumptions;
- Liveness does depend on synchrony assumptions;
- Deterministic - the algorithm is deterministic, the leader is chosen deterministically, and the algorithm is guaranteed to terminate;
- Leader-based - the algorithm is leader-based, with the leader being chosen deterministically;
-
Optimally Resilient - tolerates up to
$f$ Byzantine nodes in a network of$n \geq 3f + 1$ nodes; - During normal operation, IBFT achieves termination in three communication rounds and has a total communication complexity of
$O(n^2)$ ; -
Quorum-based - the algorithm is quorum-based, with a quorum size of
$⌊\frac{n + f}{2}⌋ + 1$ .
-
Agreement - if a correct process decides some value
$v$ , then no correct process decides a value$v'$ such that$v \neq v'$ ; -
Validity - given an externally provided predicate
$\beta$ , if a correct process decides a value$v'$ , then$\beta(v')$ is true;- The predicate
$\beta$ is provided by the application and is used to determine the validity of the decision, in the context of the application - e.g., in a blockchain,$\beta$ could be the validity of a block;
- The predicate
- Termination - all correct processes eventually decide a value.
- Each process calls the
startConsensusfunction, which initializes the consensus state, receiving a value$v$ to propose; - Each process
$p_i$ contains:-
$\lambda_{i}$ - the consensus instance number; -
$r_{i}$ - the round number of the consensus instance; -
$pr_{i}$ - the round at which the process has prepared a value; initially$pr_{i} = \bot$ ; -
$pv_{i}$ - the value that the process has prepared; initially$pv_{i} = \bot$ ; -
$inputValue_{i}$ - the value that the process received as input to the consensus instance, and will propose if it is the leader;
-
-
If the process is the leader, it broadcasts
PRE-PREPAREmessages to all other processes, containing the value$v$ ; - Each process starts a timer.
- Upon receiving a valid
PRE-PREPAREmessage from the leader, and its justified:- Resets its timer;
- Broadcasts a
PREPAREmessage to all other processes.
- Upon receiving a quorum (
$⌊\frac{n + f}{2}⌋ + 1$ ) of validPREPAREmessages:- Update
$pr_{i}$ and$pv_{i}$ ; - Broadcasts a
COMMITmessage to all other processes.
- Update
- Upon receiving a quorum (
$⌊\frac{n + f}{2}⌋ + 1$ ) of validCOMMITmessages:- Stops the timer;
- Decides the value
$v$ with quorum$Q_{commit}$ .
- If the timer expires:
- The process increments the round number
$r_{i}$ ; - Resets the timer;
- Broadcasts a
ROUND-CHANGEmessage to all other processes.
- The process increments the round number
-
Upon receiving
$f + 1$ validROUND-CHANGEmessages:- Updates the round number
$r_{i}$ ; - Resets the timer;
- Broadcasts a
ROUND-CHANGEmessage to all other processes.
- Updates the round number
-
Upon receiving a quorum (
$⌊\frac{n + f}{2}⌋ + 1$ ) of validROUND-CHANGEmessages, and the process is the leader:- Get the highest prepared value
$pv_{max}$ , if any; - Broadcasts a
PRE-PREPAREmessage to all other processes, starting a new round.
- Get the highest prepared value
-
Upon receiving a valid
ROUND-CHANGEmessage for an instance already decided:- Broadcasts the
$Q_{commit}$ to the process, so that it can decide the value.
- Broadcasts the
-
A
ROUND-CHANGEmessage is justified if:- There is no
$pr_{i}$ and$pv_{i}$ , meaning that the leader of the round has not prepared a value, or; - Received a quorum of
PREPAREmessages for the value$pv_{i}$ and round$pr_{i}$ .
- There is no
-
A
PRE_PREPAREmessage is justified if:- The round number is 1, or;
- Received a quorum of
ROUND_CHANGEmessages for that round, and each of them is justified.
Note: For messages who need to be justified, the justification is piggybacked on the message itself.