Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

On Quorum Sizes in DAG-Based BFT Protocols

Razya Ladelsky, Roy Friedman

TL;DR

The paper investigates how quorum sizes affect safety and termination in DAG-based BFT protocols (DAG-Rider, Tusk, Bullshark) when equivocation elimination is treated separately. It analyzes asynchronous and partially synchronous models, employing the common-core abstraction and commit rules to establish when progress is guaranteed. Key findings show DAG-Rider remains safe with $n=2f+1$, while asynchronous Tusk and Bullshark require $n=3f+1$ for safety or liveness, with Bullshark unsafe at $k=2$ but safe for $k\ge3$; partially synchronous Bullshark remains safe for $k\ge2$ with liveness under GST. The work also introduces a TEEm-less equivocation-elimination approach to enable smaller DAGs and discusses the practical tradeoffs between larger quorums (faster termination) and overhead, offering guidance for designing DAG-based BFT protocols under different fault and timing assumptions.

Abstract

Several prominent DAG-based blockchain protocols, such as DAG-Rider, Tusk, and Bullshark, completely separate between equivocation elimination and committing; equivocation is handled through the use of a reliable Byzantine broadcast black-box protocol, while committing is handled by an independent DAG-based protocol. With such an architecture, a natural question that we study in this paper is whether the DAG protocol would work when the number of nodes (or validators) is only $2f+1$ (when equivocation is eliminated), and whether there are benefits in working with larger number of nodes, i.e., a total of $kf+1$ nodes for $k > 3$. We find that while DAG-Rider's correctness is maintained with $2f+1$ nodes, the asynchronous versions of both Tusk and Bullshark inherently depends on having $3f+1$ nodes, regardless of equivocation. We also explore the impact of having larger number of nodes on the expected termination time of these three protocols.

On Quorum Sizes in DAG-Based BFT Protocols

TL;DR

The paper investigates how quorum sizes affect safety and termination in DAG-based BFT protocols (DAG-Rider, Tusk, Bullshark) when equivocation elimination is treated separately. It analyzes asynchronous and partially synchronous models, employing the common-core abstraction and commit rules to establish when progress is guaranteed. Key findings show DAG-Rider remains safe with , while asynchronous Tusk and Bullshark require for safety or liveness, with Bullshark unsafe at but safe for ; partially synchronous Bullshark remains safe for with liveness under GST. The work also introduces a TEEm-less equivocation-elimination approach to enable smaller DAGs and discusses the practical tradeoffs between larger quorums (faster termination) and overhead, offering guidance for designing DAG-based BFT protocols under different fault and timing assumptions.

Abstract

Several prominent DAG-based blockchain protocols, such as DAG-Rider, Tusk, and Bullshark, completely separate between equivocation elimination and committing; equivocation is handled through the use of a reliable Byzantine broadcast black-box protocol, while committing is handled by an independent DAG-based protocol. With such an architecture, a natural question that we study in this paper is whether the DAG protocol would work when the number of nodes (or validators) is only (when equivocation is eliminated), and whether there are benefits in working with larger number of nodes, i.e., a total of nodes for . We find that while DAG-Rider's correctness is maintained with nodes, the asynchronous versions of both Tusk and Bullshark inherently depends on having nodes, regardless of equivocation. We also explore the impact of having larger number of nodes on the expected termination time of these three protocols.

Paper Structure

This paper contains 30 sections, 7 theorems, 4 figures, 1 table.

Table of Contents

  1. Introduction
  2. Background
  3. Model and Building Blocks
  4. DAG Construction and Ordering
  5. DAG Construction
  6. Ordering the DAG
  7. Equivocation Elimination
  8. DAG-Rider
  9. Safety
  10. Liveness
  11. Tusk
  12. Safety
  13. Liveness
  14. Tusk with Random Delays
  15. Bullshark-Asynchronous Instance
  16. ...and 15 more sections

Key Result

lemma 1

If a correct validator $p_i$ commits the wave leader $v$ of a wave $w$, then for any validator $p_j$, any leader vertex $v'$ of a wave $w'>w$ such that $v' \in DAG_j[\textit{round}(w',1)]$ will have a path to $v$.

Figures (4)

  • Figure 1: DAG illustration for validator $p_1$. $f=2$, and the total number of validators is $n=2f+1$. Each row corresponds to a validator and a column represents the round number. Each round contains at least $n-f = 3$ and up to $n=5$ vertices, where each vertex points to at least $n-f = 3$ vertices from the previous round. wave w consists of rounds 1-4.
  • Figure 2: Tusk counter example for $k=2$, $f=3$. Two consecutive waves $w$ and $w+1$ are depicted. $DAG_1$ is shown above and $DAG_2$ at the bottom. The blue vertices represent the 4 ($f+1$) vertices that are added during a given round. The white vertices are those added only after the validator progressed from that round. Any vertex in the first round of $w$ is pointed to by less than 4 ($f+1$). The same happens for $w+1$. Therefore, no commit is possible.
  • Figure 3: Asynchronous Bullshark showing safety violation for $k=2$. Consider the DAG of validator $P_4$ at wave $w$, $f=2$. The steady-state vertices of $p_1$ are colored orange, while the green vertices of $p_4$ and $p_5$ have fallback voting type. Validator $p_4$ has the indirect rule fulfilled for both types of leaders in $w$. Any leader it chooses to commit could be the wrong one.
  • Figure 4: A Simple Signed TEE-less Reliable Broadcast Protocol

Theorems & Definitions (22)

  • lemma 1
  • proof
  • lemma 2
  • proof
  • lemma 3
  • proof
  • lemma 4
  • lemma 5
  • lemma 5
  • proof
  • ...and 12 more