Scalable and Probabilistic Leaderless BFT Consensus through Metastability

TL;DR

The paper addresses scaling Byzantine fault-tolerant consensus without leader election or proof-of-work by introducing metastable, probabilistic safety via random network sampling. It develops the Snow protocol family (Slush, Snowflake, Snowball) and extends it to Avalanche, a DAG-based P2P payment system that achieves high throughput and low latency with quiescent operation. Key contributions include formal safety and liveness analyses under a synchronous/adaptive adversary model, practical Avalanche specifications, and large-scale evaluations showing thousands of transactions per second and sub-second confirmation times. The work offers a green, scalable alternative to PoW-based and leader-based BA, enabling internet-scale electronic payments with provable probabilistic guarantees and graceful degradation under adverse conditions.

Abstract

This paper introduces a family of leaderless Byzantine fault tolerance protocols, built around a metastable mechanism via network subsampling. These protocols provide a strong probabilistic safety guarantee in the presence of Byzantine adversaries while their concurrent and leaderless nature enables them to achieve high throughput and scalability. Unlike blockchains that rely on proof-of-work, they are quiescent and green. Unlike traditional consensus protocols where one or more nodes typically process linear bits in the number of total nodes per decision, no node processes more than logarithmic bits. It does not require accurate knowledge of all participants and exposes new possible tradeoffs and improvements in safety and liveness for building consensus protocols. The paper describes the Snow protocol family, analyzes its guarantees, and describes how it can be used to construct the core of an internet-scale electronic payment system called Avalanche, which is evaluated in a large scale deployment. Experiments demonstrate that the system can achieve high throughput (3400 tps), provide low confirmation latency (1.35 sec), and scale well compared to existing systems that deliver similar functionality. For our implementation and setup, the bottleneck of the system is in transaction verification.

Figures (13)

• Figure 1: Example of $\langle \textrm{chit}, \textrm{confidence}\rangle$ values. Darker boxes indicate transactions with higher confidence values. At most one transaction in each shaded region will be accepted.
• Figure 2: The underlying logical DAG structure used by Avalanche. The tiny squares with shades are dummy vertices which just help form the DAG topology for the purpose of clarity, and can be replaced by direct edges. The rounded gray regions are the conflict sets.
• Figure 3: Throughput vs. network size. Each pair of bars is produced with batch size of 20 and 40, from left to right.
• Figure 4: Throughput for batch size of 40, with (left) and without (right) signature verification.
• Figure 5: Transaction latency distribution for $n = 2000$. The x-axis is the transaction latency in log-scaled seconds, while the y-axis is the portion of transactions that fall into the confirmation time (normalized to $1$). Histogram of all transaction latencies for a client is shown on the left with $100$ bins, while its CDF is on the right.

Theorems & Definitions (10)

• Lemma 1: R1
• proof
• Lemma 2: R2
• proof
• Lemma 3
• proof
• Theorem 4
• proof
• Theorem 5
• proof