The document presents a deep dive into the librabft consensus system used in the Libra blockchain, highlighting its Byzantine fault tolerance and the mechanism of leader selection through a modified pacemaker module. It outlines the technical workings of librabft, its economic incentives for stakeholders, and the security assurances it offers as long as the number of faulty validators remains below one-third of the total. Key takeaway is that librabft is designed to ensure participation through a proof-of-stake system and is scalable with linear complexity.

1. Deep dive into LibraBFT consensus
Libra Developer Meeting #1
July 24, 2019
Phuwanai Thummavet
Blockchain Developer | Security Researcher

2. 2
Phuwanai Thummavet (Bright)
Blockchain Developer | Security
Researcher
Website: www.serial-coder.com
Blog: medium.com/@serial_coder

3. Outline
3
● Overview of Byzantine Fault Tolerance consensus
● Overview of LibraBFT consensus
● How does HotStuff consensus work?
● What is Libra’s Pacemaker module?
● Participation and incentives
● Key takeaway
● References

4. Overview of Byzantine Fault
Tolerance consensus
1

5. What is consensus?
5
Figure 1. Distributed Ledger

6. Types of consensus
6
● Proof of Work (PoW) → Bitcoin, Ethereum 1.0
● Proof of Stake (PoS) → Ethereum 2.0 (Casper)
● Delegated Proof of Stake (DPoS) → EOS
● Proof of Authority (PoA) → Thaichain
● Byzantine Fault Tolerance (BFT) → Tendermint, Libra
● And many more...

7. Basic BFT consensus (1/3)
7
● BFT consensus model:
n >= 3f + 1
where
n = the number of validators
f = byzantine or faulty validators
such that
m >= 2f + 1 (or n - f) are honest validators

8. Basic BFT consensus (2/3)
8
● Example:
n >= 3f + 1
in which
n = 1000
f = 333 (maximum byzantine validators)
n - f = 667 (minimum honest validators)

9. Basic BFT consensus (3/3)
9
n = 1000
f = 333 (byzantine)
n - f = 667 (honest)
Figure 2. Block Producer waits for n-f valid votes
I’m a block producer.
Wait for 667 valid
votes

10. Overview of LibraBFT consensus
2

11. LibraBFT key technical (1/3)
11
● LibraBFT is a consensus protocol that progresses in rounds
● In each round, a leader is chosen amongst the validators
● Correct leader scenario
○ The leader proposes a new block of transactions and broadcast it
to the rest of the validators
○ The leader collects enough votes (n-f) to form a Quorum
Certificate (QC)

12. LibraBFT key technical (2/3)
12
● Correct leader scenario (cont.)
○ The leader broadcasts QC to all validators
○ Each validator verifies QC validity and then commits the
proposed block onto its local storage
○ The current round finishes
■ Starts the next round

13. LibraBFT key technical (3/3)
13
● Leader fails to propose a block scenario
○ Causes
■ A leader is down
■ A leader cannot aggregate enough votes
○ Consequently, a timeout mechanism will force a new round
○ A new leader will be chosen from the validators

14. Libra: life cycle of transaction
14
Figure 3. Logical components of a
Libra validator [1]

15. Commit rule of LibraBFT
15
Figure 4. B1
matches the commit
rule, it becomes committed onto
the local world state database
Commit rule:
B1
is said to match the
commit rule if and only if it is the
head of a 3-chain with contiguous
rounds [2]

16. How does LibraBFT consensus work?
16
LibraBFT
HotStuff
+
Modified Pacemaker
+
Other Detailed Specification

17. How does HotStuff consensus work?
3

18. Complexity of HotStuff
18
Table 1. Authenticator complexity comparison [3]

19. Network topology change
19
Figure 5. Mesh topology to Star topology [4]

20. Phases of Basic HotStuff
20
Figure 6. HotStuff has 4 phases in each computing round

21. Chained HotStuff
21
Figure 7. Chained HotStuff in which a QC can serve in different phases simultaneously [3]

22. What is Libra’s Pacemaker module?
4

23. Overview of the Pacemaker
23
● Pacemaker is a sub-module in Consensus module of every validator
● It controls an active round and drives a leader election when:
○ Timeout for a current round is triggered
■ A leader is down
■ A leader cannot aggregate enough votes
○ A leader at current round successfully proposes a block
● It also controls block proposition

24. What does the Pacemaker control?
24
● Formulas for:
○ Leader selection
○ Maximum duration variable for each round
● The leader selection depends on the hash of Quorum Certificate
(QC hash) of the previous round
○ Not the previous leader or voters for security
○ The formulas are still being under R&D for now

25. Assigning leaders to rounds (1/3)
25
1. Simple sampling
leader(hc
, n) = author(hash(n) mod N)
where
n = round number
N = the number of validators
hc
= hash of the previous quorum certificate
Possible attacks:
DDoS attacks → anyone predicts leaders for a long time in
advance

26. Assigning leaders to rounds (2/3)
26
2. Using the previous quorum certificate in a naive way
leader(hc
, n) = author(hash(hc
) mod N)
where
n = round number
N = the number of validators
hc
= hash of the previous quorum certificate
Possible attacks:
Grinding attacks → a leader at current round could select transactions
or votes so that the next leader would point to a particular validator

27. Assigning leaders to rounds (3/3)
27
3. Using a verifiable random function
s = VRFauthor(hc)
(epoch_id || round(hc
))
leader(hc
, n) = author(PRFs
(n) mod N)
where
n = round number
N = the number of validators
hc
= hash of the previous QC
s = some seed
epoch_id = current epoch
round(hc
) = round number of the
previous QC
VRF = a verifiable random
function
PRF = a pseudo-random
function

28. Participation and incentives,
Key takeaway & References
5

29. Participation and incentives
29
● LibraBFT is designed as a proof-of-stake system
○ Participation privileges are granted to known members based on
their financial involvement
● LibraBFT supports economic incentives to stakeholders
○ To reward good behaviors
○ To punish wrongdoings
■ Rely on a whistleblower node to detect a violation

30. Key takeaway (1/2)
30
● Libra is a permissioned blockchain using a LibraBFT consensus
● LibraBFT is derived from HotStuff
○ It has a modified Pacemaker module to control an active round
and leader selection
○ Leader selection mechanism is based on a verifiable random
function
● Only qualified members are granted to run Libra validators by
Libra Association

31. Key takeaway (2/2)
31
● LibraBFT supports economic incentives to stakeholders based on
their behaviors
● Libra is secure as long as the number of byzantine/faulty validators
does not exceed 1/3 of total validators
● LibraBFT is scalable linearly with complexity O(n), where n is the
number of validators

32. References (1/2)
32
[1] - Libra Association, “Life of a Transaction,” 2019.
https://developers.libra.org/docs/life-of-a-transaction
[2] - M. Baudet, et al., “State Machine Replication in the Libra Blockchain,”
2019. https://developers.libra.org/docs/assets/papers/libra-consensus-
state-machine-replication-in-the-libra-blockchain.pdf
[3] - M. Yin, D. Malkhi, M. K. Reiterand, G. G. Gueta, and I. Abraham,
“HotStuff: BFT consensus in the lens of blockchain,” 2019.
https://arxiv.org/pdf/1803.05069.pdf

33. References (2/2)
33
[4] - The Ontology Team, “HotStuff: the consensus protocol behind Facebook’s
LibraBFT,” 2019. https://medium.com/ontologynetwork/hotstuff-the-
consensus-protocol-behind-facebooks-librabft-a5503680b151

34. 34
Thanks!
Any questions?
You can find me at www.serial-coder.com

35. Deep dive into LibraBFT consensus
Phuwanai Thummavet
Blockchain Developer | Security Researcher
Website: www.serial-coder.com
Blog: medium.com/@serial_coder