Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Beluga: Block Synchronization for BFT Consensus Protocols

Tasos Kichidis, Lefteris Kokoris-Kogias, Arun Koshy, Ilya Sergey, Alberto Sonnino, Mingwei Tian, Jianting Zhang

TL;DR

Beluga formalizes the block synchronizer and introduces a scarcity-aware, modular block dissemination framework that preserves optimistic push performance while bounding recovery cost under faults and adversarial behavior. It combines an admission-control–driven AC-based optimistic push with an implicit, implicit-proof-of-availability (ImPoA)–driven hybrid pull that separates pull from push, using live and bulk blocks to bound latency and complexity. Through rigorous correctness proofs and extensive experiments on geo-distributed AWS deployments, Beluga demonstrates near-optimal round latency in happy paths and robust performance under pull-induction attacks, achieving up to 3x higher throughput and up to 25x lower latency than prior designs in adversarial scenarios. The system was integrated into Mysticeti/Sui, delivering tangible production benefits, including tail-latency reductions and improved resilience to misbehaving validators. This work advances practical, robust synchronization primitives for BFT consensus stacks with broad applicability across DAG-based and RBC-based protocols.

Abstract

Modern high-throughput BFT consensus protocols use streamlined push-pull mechanisms to disseminate blocks and keep happy-path performance optimal. Yet state-of-the-art designs lack a principled and efficient way to exchange blocks, which leaves them open to targeted attacks and performance collapse under network asynchrony. This work introduces the concept of a block synchronizer, a simple abstraction that drives incremental block retrieval and enforces resource-aware exchange. Its interface and role fit cleanly inside a modern BFT consensus stack. We also uncover a new attack, where an adversary steers honest validators into redundant, uncoordinated pulls that exhaust bandwidth and stall progress. Beluga is a modular and scarcity-aware instantiation of the block synchronizer. It achieves optimal common-case latency while bounding the cost of recovery under faults and adversarial behavior. We integrate Beluga into Mysticeti, the consensus core of the Sui blockchain, and show on a geo-distributed AWS deployment that Beluga sustains optimal performance in the optimistic path and, under attack, delivers up to 3x higher throughput and 25x lower latency than prior designs. The Sui blockchain adopted Beluga in production.

Beluga: Block Synchronization for BFT Consensus Protocols

TL;DR

Beluga formalizes the block synchronizer and introduces a scarcity-aware, modular block dissemination framework that preserves optimistic push performance while bounding recovery cost under faults and adversarial behavior. It combines an admission-control–driven AC-based optimistic push with an implicit, implicit-proof-of-availability (ImPoA)–driven hybrid pull that separates pull from push, using live and bulk blocks to bound latency and complexity. Through rigorous correctness proofs and extensive experiments on geo-distributed AWS deployments, Beluga demonstrates near-optimal round latency in happy paths and robust performance under pull-induction attacks, achieving up to 3x higher throughput and up to 25x lower latency than prior designs in adversarial scenarios. The system was integrated into Mysticeti/Sui, delivering tangible production benefits, including tail-latency reductions and improved resilience to misbehaving validators. This work advances practical, robust synchronization primitives for BFT consensus stacks with broad applicability across DAG-based and RBC-based protocols.

Abstract

Modern high-throughput BFT consensus protocols use streamlined push-pull mechanisms to disseminate blocks and keep happy-path performance optimal. Yet state-of-the-art designs lack a principled and efficient way to exchange blocks, which leaves them open to targeted attacks and performance collapse under network asynchrony. This work introduces the concept of a block synchronizer, a simple abstraction that drives incremental block retrieval and enforces resource-aware exchange. Its interface and role fit cleanly inside a modern BFT consensus stack. We also uncover a new attack, where an adversary steers honest validators into redundant, uncoordinated pulls that exhaust bandwidth and stall progress. Beluga is a modular and scarcity-aware instantiation of the block synchronizer. It achieves optimal common-case latency while bounding the cost of recovery under faults and adversarial behavior. We integrate Beluga into Mysticeti, the consensus core of the Sui blockchain, and show on a geo-distributed AWS deployment that Beluga sustains optimal performance in the optimistic path and, under attack, delivers up to 3x higher throughput and 25x lower latency than prior designs. The Sui blockchain adopted Beluga in production.

Paper Structure

This paper contains 32 sections, 12 theorems, 8 figures, 1 table.

Table of Contents

  1. Introduction
  2. Problem Definition
  3. The Block Synchronizer Problem
  4. Existing Synchronizer Protocols
  5. Multi-chain Certified Synchronizer Protocol
  6. DAG-based Certified Synchronizer Protocol
  7. DAG-based RBC Synchronizer Protocol
  8. DAG-based Uncertified Synchronizer Protocol
  9. Pull Induction Attacks and Key Insights
  10. Pull Induction Attacks
  11. Key Insights
  12. The Beluga Protocol
  13. Overview
  14. AC-based Optimistic Push Protocol
  15. ImPoA-based Hybrid Pull Protocol
  16. ...and 17 more sections

Key Result

Lemma 1

After GST, all honest validators will enter the same round within $3\Delta$.

Figures (8)

  • Figure 1: Latency comparison of the (production) Sui blockchain under network attacks before (left) and after (right) deploying Beluga.
  • Figure 2: The pull induction attacks: the adversary $v_4$ selectively shares its blocks with honest validators. In round $r{-}1$, $v_4$ only shares its round $r{-}1$ block $B_4^{r{-}1}$ with $v_1$, making $v_1$'s round $r$ block $B_1^r$ reference $B_4^{r{-}1}$. This will induce $v_2$ and $v_3$ to trigger the pull protocol to fetch $B_4^{r{-}1}$ to accept $B_1^r$, eventually increasing the latency of round $r$. Similarly, $v_4$ only shares its round $r$ block with $v_2$ and shares its round $r{+}1$ block with $v_3$. This will increase the latency of each round by at least one pull round-trip.
  • Figure 3: The ImPoA-based hybrid pull protocol for $v_4$: (a) $v_4$ is proceeding in round $r{+}2$ but misses blocks $B_1^{r{+}1}$, $B_3^r$, and $B_3^{r{+}1}$. $B_1^{r{+}1}$ is identified as implicitly available as $\{B_2^{r{+}2}, B_4^{r{+}2}\}$ reference it. As a result, $v_4$ accepts $B_2^{r{+}2}$ and $B_4^{r{+}2}$ even though their parent $B_1^{r{+}1}$ is not received. (b) $v_4$ transmits blocks that reference missing ones to the bulk and live synchronizer modules via the ImPoA-based pull mechanism. With the hints, $v_4$ identifies the missing blocks it needs to fetch. (c) $v_4$ fetches blocks via a hybrid pull strategy, balancing pull latency and complexity.
  • Figure 4: Beluga can be integrated into any BFT consensus protocol. By applying the consensus rules on the blocks produced by Beluga, validators derive a consistent order for blocks. Beluga guarantees the availability of ordered blocks for the state machine replication (SMR) execution.
  • Figure 5: Comparative throughput-latency performance of Mysticeti equipped with Beluga and with the baseline push-pull block synchronizer. WAN measurements with 50 validators, no faults, and 512B transaction size.
  • ...and 3 more figures

Theorems & Definitions (26)

  • Definition 1: Block synchronizer
  • Lemma 1
  • proof
  • Lemma 2
  • proof
  • Theorem 1: Block availability
  • proof
  • Theorem 2: Causal availability
  • proof
  • Theorem 3: Round-Progression
  • ...and 16 more