<aside> 📘 Series:

Reflections on Solana's Sept 14 Outage

solana: Tower BFT

• Tower BFT: Solana’s High Performance Implementation of PBFT | by Anatoly Yakovenko | Solana | Medium

Solana Validator

</aside>

Solana is the most performant permissionless blockchain in the world. On current iterations of the Solana Testnet, a network of 200 physically distinct nodes supports a sustained throughput of more than 50,000 transactions per second when running with GPUs. Achieving this requires the implementation of several optimizations and new technologies, and the result is a breakthrough in network capacity that signals a new phase in blockchain development.

In this blog post, we will explore Tower BFT, Solana’s custom implementation of PBFT that prefers liveness to consistency. Tower BFT leverages Solana’s PoH as a clock before consensus to reduce messaging overhead and latency .

“In order to provide aliveness, replicas must move to a new view, if they are unable to execute a request. However, it is important to maximize the period of time, when at least 2f + 1 non-faulty replicas are in the same view, and to ensure that this period of time increases exponentially until some requested operation executes” (Practical Byzantine Fault Tolerance, Miguel Castro and Barbara Liskov).

Solana implements a derivation of PBFT, but with one fundamental difference. Proof of History (PoH) provides a global source of time before consensus. Our implementation of PBFT uses the PoH as the network clock of time, and the exponentially-increasing time-outs that replicas use in PBFT can be computed and enforced in the PoH itself.

PoH is a Verifiable Delay Function implemented as a sequential hash function. We use a loose definition of a VDF, since verification requires (compute time)/(number of cores). The basic principles of how PoH works are as follows:

1. Sha256 loops as fast as possible, such that each output is the next input.
2. The loop is sampled, and the number of iterations and state are recorded.

The recorded samples represent the passage of time encoded as a verifiable data structure. In addition, this loop can be used to record events.

1. Messages that reference any of the samples are guaranteed to have been created after the sample.
2. Messages can be inserted into the loop and hashed together with the state. This guarantees that a message was created before the next insert.

This data structure guarantees both time and order of events embedded within, and this core idea is the basis of all of the major technical optimizations in Solana.

Stated another way: Imagine you are on an island, and a bottle floats by with a thumb drive inside. On that drive is the Solana PoH ledger. Using only the PoH ledger, you can compute the state of all the nodes in the network. For example, a node is considered failed if a vote for the ledger has not been recorded in the last X hashes. We can consider the ledger to be valid if over the last X hashes hashes a supermajority of the network that has signed validation messages.

1. All the nodes that examine this data structure will compute the exact same result, without requiring any peer-to-peer communication.
2. The PoH hash uniquely identifies that fork of the ledger; and
3. A validation vote message is only valid if the PoH hash that it voted on is present in the ledger.