Web3

Why 2/3?

... is the minimum number of honest voters in PoS + BFT consensus protocols? (With infographics at the bottom).

Alexandr Fadeev

6 min read
Why 2/3?

In Proof-of-Stake, stake defines voting power and responsibility for system safety – the greater the stake, the greater the slashing.

πŸ’‘
Stake is only one side of the story - block finalization is the other.

Proof-of-Stake with BFT consensus is analyzed in time slots via an equivocation attack, in which 2 realities both finalize, potentially breaking the system and leaving the chain in a state where the protocol has no way to pick a winner.

πŸ’‘
PoS + BFT is a sub-set of PoS protocols with fast finalization.

BFT - Byzantine Fault Tolerance - fast finality consensus

With BFT, at least 2/3 of validator stake must be honest to reach quorum, so no more than 1/3 of faulty stake are typically tolerated.

Why not 51%, 66%, maybe 90%, or even 100%?

Quorum

In PoS, a single node serves as the proposer (the leader). The reason is to avoid situations in which multiple blocks legally compete for the same time slot. This makes the system simpler and easier to analyze against a wide range of attacks.

BFT protocols try to synchronize voting for a block, which gives fast finalization. But at least 2/3 of the stake must be honest for system safety, and roughly 2/3 must be online for liveness.

In Proof-of-Work (PoW), there are no time slots, and finalization is probabilistic - ~51% of hash power on the longest chain fork "generally wins".

πŸ’‘
PoW's 51% races the chain - it gives you probabilistic safety.
BFT's 67% gives you a block that's final forever with math.

Quorum Q is how many nodes out of N are needed to vote for a block to accept it.

πŸ’‘
It's like the House of Representatives voting on a law: the system should work even if some legislators get sick or are absent.
But if too many are absent, then the voting is skipped.

More generally, how much of the stake is needed to vote... 2/3! But why, right?

In decentralized systems, 100% is unrealistic to achieve: some nodes may go offline, receive delayed notifications, or be dishonest (Byzantine nodes). So, in other words, how many faulty nodes f can be tolerated without the system being compromised (<1/3 πŸ˜‰)?

πŸ’‘
Q may include the "bad guys"
f is just the "bad guys"

Equivocation Attack

However, a leader can be malicious and may produce 2 conflicting blocks or send a single block to a particular set of voters.

A leader produces two conflicting blocks which go to different voters
πŸ’‘
conflicting β‰  invalid
Both blocks happens to be valid, but conflicting

The danger is finalizing two different realities at once. It breaks the system.
An equivocation attack occurs when a validator or node in a distributed network presents conflicting, inconsistent information to different parts of the network, breaking consensus rules to gain an advantage.

Two blocks go to different voters, and not to the same ones, because this is detectable and slashable – the proposer risks losing their stake. An honest voter can use two signed blocks from a single proposer as evidence of a crime.

πŸ’‘
It's enough to consider the case of 2 blocks for simplicity.

It turns out that with 3 or more blocks (or voter groups), an attacker needs more faulty nodes f to break the system, not fewer.

Overlapping Quorums

If two conflicting blocks both finalize, their voter sets must overlap.

Honest nodes are maximally split. Double-voted nodes are ALL byzantine.

  1. An honest node won't vote for two conflicting blocks, so it is never part of the overlap.
  2. If an honest node were in the overlap, it would reveal the double voting.

Now, important:

πŸ’‘
1. overlap ≀ f is the attacker-friendly case (the overlap could be all Byzantine).
2. For safety, we require overlap > f, so at least one honest node is in the overlap.

Let's go through some calculations and find Q and f!

  • 2Q - two quorums;
  • 2Q > N - when two quorums overlap, their total count is greater than the total number of nodes;
  • 2Q-N = overlap - the count of overlapped nodes is the difference between 2Q and N;
  • overlap > f is needed for safety because there must NOT be honest nodes in the overlap;
  • therefore, 2Q-N > f

Safety: 2Q-N > f – we need the overlap to contain at least one honest node, so the double-voting FAILS.

Liveness: N-f β‰₯ Q – honest votes should be enough to reach a quorum.

Two constraints must hold at once.

Solving the System

N+f < 2Q ≀ 2(Nβˆ’f)
N+f < 2N βˆ’ 2f
3f  < N
f   < N/3

We reached the conclusion!

πŸ’‘
When 2/3 honest voters are split into 1/3 and 1/3, then f<1/3 doesn't add up to 2/3 for either quorum.

Typically, we can see the 2/3 principle looks like this:

The protocol works as long as no more than 1/3 of the nodes are faulty (Byzantine), and at least 2/3 are honest.

  1. If quorum Q had been defined as "51%", then the faulty nodes could have vote for both blocks, finalizing two conflicting realities and breaking the system (equivocation attack!).
  2. With higher quorum, the byzantine nodes are forced to vote for a single block.

Attack Variation: No double-voting is assumed

Let's consider a case where all "faulty" nodes try to push block A to be voted for.

Without creating two conflicting valid quorums, it doesn't break the system. However, without double voting, it's a more practical attack.

πŸ’‘
In practical BFT implementations, any double voting is detectable and slashable - both signed messages are cryptographic proof. This makes the equivocation attack largely theoretical - a worst-case bound rather than a realistic threat.

I realized that this is a variation of MEV – some validators are trying to push a more "interesting", profitable, but still valid block. Again, it doesn't break the system.

A

Still, from this case we can see derive the same 2/3 rule, if the nodes are maximally split:

  • (N-f)/2 votes for A,
  • (N-f)/2 votes for B.
❓
Can the byzantine nodes finalize a quorum (A or B) if the honest voters are maximally split

Byzantine nodes don't reveal themselves – they all pile onto A, silently voting with(N-f)/2 + f = (N+f)/2.

Safety: (N+f)/2 < Q – we need the faulty nodes to FAIL to push a block A over quorum.

Liveness: N-f β‰₯ Q – honest votes should be enough to reach a quorum.

πŸ’‘
Two constraints must hold at once: safety and liveness.
(N+f)/2 is (N-f)/2 + f (honest + faulty)

Solving the System

N+f < 2Nβˆ’2f
3f  < N
f   < N/3

Intuitively, in this particular case, it actually means this:

  1. Block B does not have enough votes to reach a quorum - (N-f)/2 is less than half of the nodes.
  2. Block A might have enough votes, but only if there are "too many" faulty nodes (more than 1/3).

Infographics