ANCORA Proof of Stake Byzantine Fault-Tolerant Consensus
1. Consensus Design Objectives
APOS (ANCORA Proof of Stake) is a leader-based Byzantine fault-tolerant consensus algorithm designed for:
Sub-5-second deterministic finality
33% Byzantine fault tolerance
Support for 10,000+ distributed validators
Formal provable safety and liveness
Minimal computational overhead
Built-in economic security via slashing
APOS is derived from HotStuff BFT consensus with modifications for stake-weighted voting, dynamic validator set rotation, and native slashing enforcement.
2. System Model
2.1 Network Model
Partial synchrony: Global network delay bounded by Δ = 2 seconds
Nodes communicate via authenticated point-to-point channels
Messages may be dropped, delayed, or reordered, but not forged
Maximum validator set size: 10,000 nodes
2.2 Adversary Model
Adaptive adversary controlling up to 33% of total stake
Adversary may corrupt nodes dynamically at any time
Adversary may schedule message delivery within network delay bounds
Adversary cannot break cryptographic primitives
3. Consensus Protocol Definition
3.1 Validator Set
The active validator set for epoch e is determined at the end of epoch e-1:
Top 10,000 nodes by staked ANC balance
Minimum stake threshold: 1,000,000 ANC
Epoch length: 86,400 blocks (approximately 2 days)
Stake lockup period: 14 epochs (28 days)
3.2 Proposer Election
Block proposer is elected per height via stake-weighted random selection:
Proposer rotation occurs every block. No validator may propose consecutive blocks.
3.3 Three-Phase BFT Protocol
APOS implements a three-phase commit protocol for each block:
Phase 1: Prepare
Proposer generates block and broadcasts to all validators
Validators validate block and state transition correctness
Validators broadcast Prepare vote if valid
Phase 2: Pre-Commit
Proposer collects ≥2/3+1 Prepare votes
Proposer aggregates votes and broadcasts Pre-Commit certificate
Validators verify certificate and broadcast Pre-Commit vote
Phase 3: Commit
Proposer collects ≥2/3+1 Pre-Commit votes
Proposer broadcasts final Commit certificate
All validators commit block to state
A block achieves irreversible finality when a Commit certificate with ≥2/3+1 stake weight is published on-chain.
4. Slashing Specification
Slashing is enforced on-chain for provable validator misbehavior:
All slashed funds are burned permanently, reducing effective circulating supply.
5. Safety & Liveness Proofs
5.1 Safety Proof
Assume ≤1/3 adversarial stake. For two conflicting blocks B and B' to both achieve finality:
B requires ≥2/3 votes
B' requires ≥2/3 votes
Intersection of voters ≥1/3, all of which are Byzantine
This contradicts the ≤1/3 adversarial assumption. Therefore, safety is guaranteed.
5.2 Liveness Proof
With honest proposer rotation and exponential backoff for failed rounds, the protocol will eventually elect an honest proposer who can complete the three-phase commit. Liveness is guaranteed under partial synchrony assumptions.