Making Byzantine consensus live

Abstract

Partially synchronous Byzantine consensus protocols typically structure their execution into a sequence of views, each with a designated leader process. The key to guaranteeing liveness in these protocols is to ensure that all correct processes eventually overlap in a view with a correct leader for long enough to reach a decision. We propose a simple view synchronizer abstraction that encapsulates the corresponding functionality for Byzantine consensus protocols, thus simplifying their design. We present a formal specification of a view synchronizer and its implementation under partial synchrony, which runs in bounded space despite tolerating message loss during asynchronous periods. We show that our synchronizer specification is strong enough to guarantee liveness for single-shot versions of several well-known Byzantine consensus protocols, including PBFT and HotStuff. We furthermore give precise latency bounds for these protocols when using our synchronizer. By factoring out the functionality of view synchronization we are able to specify and analyze the protocols in a uniform framework, which allows comparing them and highlights trade-offs.

Appendix A: General latency bounds

We now augment the set of properties in Fig. 2 with two additional latency bounds given by Properties D and E in Fig. 3. These two properties are analogous to Properties B and C, but handle the cases when \(F(1) < 2\delta \) and \(F(\mathsf{GV}(\mathsf{GST}+\rho )+1)<2\delta \), respectively. We then prove Theorem 6, which generalizes Theorem 1 to establish that FastSync also satisfies Properties D and E in Fig. 3 in addition to those given in Fig. 2.

The resulting set of properties can be used to derive latency bounds for specific instantiations of the timeout function \(F\). We demonstrate how to do this for an exponentially growing timeout function, which is a common choice in practice (e.g., [19]). Specifically, we prove that if \(\forall v>0.\, F(v) = 2^v\), then all correct processes are guaranteed to enter a synchronized view within \(O(\delta \lg {}\delta )\) after \(S_{\mathrm{last}}\) if the protocol is started after \(\mathsf{GST}\) (Theorem 7); and within \(O(\max \{\delta \lg {}\delta , \Delta \})\) after \(\mathsf{GST}+\rho \), otherwise (Corollary 23). The latter guarantees that the latency of view synchronization is bounded after \(\mathsf{GST}\).

Theorem 6

Consider an execution with an eventual message delay bound \(\delta \), and assume that (1) holds for \(u= 2\delta \). Then there exists a view \({\mathcal {V}}\) such that in this execution FastSync satisfies all the properties in Figs. 2 and 3 for \(d = 2\delta \).

To prove the Theorem 6, we first prove the following proposition, which is an easy consequence of the definition of \(\mathsf{GV}\).

Proposition 9

For all views v, if a correct process enters v, then \(\mathsf{GV}(E_{\mathrm{first}}(v))=v\).

Proof

By definition of \(\mathsf{GV}\), \(\mathsf{GV}(E_{\mathrm{first}}(v)) \ge v\). Assume by contradiction that \(\mathsf{GV}(E_{\mathrm{first}}(v)) > v\). Thus, there exists a correct process that enters a view \(v' > v\) at time \(t' < E_{\mathrm{first}}(v)\). By Lemma 1, there exists a time \(t < t'\) such that some correct process enters v at t. Thus, \(E_{\mathrm{first}}(v) \le t< t' < E_{\mathrm{first}}(v)\), which is a contradiction. \(\square \)

The next lemma generalizes Corollary 7 to bound the latency of entering an arbitrary view \(\ge \mathsf{GV}(t)+1\) for all \(t \ge \overline{\mathsf{GST}}\) and \(\mathsf{GV}(t)>0\).

Lemma 17

Let \(t \ge \overline{\mathsf{GST}}\) and suppose that \(\mathsf{GV}(t) > 0\). If for all \(k \ge 1\), some correct process enters every view \(\mathsf{GV}(t)+k\), then \(E_{\mathrm{last}}(\mathsf{GV}(t)+k) \le t + \sum _{i=0}^{k-1} F(\mathsf{GV}(t)+i) + 3k\delta \).

Proof

By induction on \(k \ge 1\). Since some correct process enters \(\mathsf{GV}(t)+1\) and \(\mathsf{GV}(t) > 0\), Corollary 7 implies that \(E_{\mathrm{last}}(\mathsf{GV}(t)+1) \le t + F(\mathsf{GV}(t)) + 3\delta \). Thus, the required holds for the base case of \(k=1\).

For the inductive step, assume that the required holds for \(k=l\) where \(l\ge 1\), and consider \(k=l+1\). Suppose that

$$\begin{aligned} t \ge \overline{\mathsf{GST}}\wedge \mathsf{GV}(t) > 0. \end{aligned}$$

Then, by the induction hypothesis,

$$\begin{aligned} E_{\mathrm{last}}(\mathsf{GV}(t)+l) \le t + \sum _{i=0}^{l-1} F(\mathsf{GV}(t)+i) + 3l\delta . \end{aligned}$$

(21)

Since some correct process enters \(\mathsf{GV}(t)+l\), \(E_{\mathrm{first}}(\mathsf{GV}(t)+l)\) is defined. Thus, by Lemma 9, we have

$$\begin{aligned} \mathsf{GV}(E_{\mathrm{first}}(\mathsf{GV}(t)+l))=\mathsf{GV}(t)+l> \mathsf{GV}(t) > 0. \end{aligned}$$

Since \(\mathsf{GV}\) is non-decreasing, the above implies that

$$\begin{aligned} E_{\mathrm{first}}(\mathsf{GV}(t)+l) > t \ge \overline{\mathsf{GST}}. \end{aligned}$$

Thus, by Corollary 7,

$$\begin{aligned}&E_{\mathrm{last}}(\mathsf{GV}(t)+l+1) {}\\&\quad \le E_{\mathrm{first}}(\mathsf{GV}(t)+l) + F(\mathsf{GV}(t)+l) + 3\delta {}\\&\quad \le E_{\mathrm{last}}(\mathsf{GV}(t)+l) + F(\mathsf{GV}(t)+l) + 3\delta , \end{aligned}$$

which by (21), implies

$$\begin{aligned}&E_{\mathrm{last}}(\mathsf{GV}(t)+l+1) {}\\&\quad \le E_{\mathrm{last}}(\mathsf{GV}(t)+l) + F(\mathsf{GV}(t)+l) + 3\delta {}\\&\quad \le t + \sum _{i=0}^{l-1} F(\mathsf{GV}(t)+i) + 3l\delta + F(\mathsf{GV}(t)+l) + 3\delta \\&\quad = t + \sum _{i=0}^{(l+1)-1} F(\mathsf{GV}(t)+i) + 3(l+1)\delta , \end{aligned}$$

as required. \(\square \)

Fig. 3

Additional FastSync latency bounds

Proof of Theorem 6

Consider an execution of FastSync and let \(\delta \) be the eventual message delay bound in this execution. We first show how to select a view \({\mathcal {V}}\) such that (9) holds. We consider the following cases. First, if

$$\begin{aligned} S_{\mathrm{first}}\ge \mathsf{GST}\wedge F(1) \ge 2\delta , \end{aligned}$$

(22)

then we let \({\mathcal {V}}=1\). Since \(S_{\mathrm{first}}\ge \mathsf{GST}\), the definition of \(\overline{\mathsf{GST}}\) implies \(\overline{\mathsf{GST}}=S_{\mathrm{first}}\), and therefore, (9) holds. Second, if

$$\begin{aligned}&S_{\mathrm{first}}< \mathsf{GST}\ \wedge \ S_{f+1}\ \le \ \mathsf{GST}+ \rho \wedge {} \nonumber \\&F(\mathsf{GV}(\mathsf{GST}+ \rho )+1) \ge 2\delta , \end{aligned}$$

(23)

then we let \({\mathcal {V}}=\mathsf{GV}(\mathsf{GST}+\rho ) + 1\). Since \(S_{\mathrm{first}}< \mathsf{GST}\), the definition of \(\overline{\mathsf{GST}}\) implies \(\overline{\mathsf{GST}}=\mathsf{GST}+\rho \), and therefore, (9) holds. Third, if

$$\begin{aligned} S_{\mathrm{first}}\ge \mathsf{GST}\wedge F(1) < 2\delta , \end{aligned}$$

(24)

then we let \({\mathcal {V}}=\min \{v \mid F(v) \ge 2\delta \}\). Since \(S_{\mathrm{first}}\ge \mathsf{GST}\), the definition of \(\overline{\mathsf{GST}}\) implies \(\overline{\mathsf{GST}}=S_{\mathrm{first}}\). By the monotonicity of \(F\), \(F(1) < 2\delta \) implies that \({\mathcal {V}}> 1 = \mathsf{GV}(S_{\mathrm{first}}) + 1\). Thus, (9) holds. Fourth, if

$$\begin{aligned}&S_{\mathrm{first}}< \mathsf{GST}\ \wedge \ S_{f+1}\ \le \ \mathsf{GST}+ \rho \ \wedge {}\nonumber \\&F(\mathsf{GV}(\mathsf{GST}+ \rho )+1) < 2\delta , \end{aligned}$$

(25)

then we let \({\mathcal {V}}=\min \{v \mid F(v) \ge 2\delta \}\). Since \(S_{\mathrm{first}}< \mathsf{GST}\), the definition of \(\overline{\mathsf{GST}}\) implies \(\overline{\mathsf{GST}}=\mathsf{GST}+\rho \). By the monotonicity of \(F\), \(F(\mathsf{GV}(\mathsf{GST}+ \rho )+1) < 2\delta \) implies that \({\mathcal {V}}> \mathsf{GV}(\mathsf{GST}+ \rho )+1\), and therefore, (9) holds. In all other cases, (1) for \(u = 2\delta \) implies that \(F(v') \ge 2\delta \) for some view \(v'\), and therefore, by the monotonicity of \(F\), \({\mathcal {V}}= \max \{v', \mathsf{GV}(\overline{\mathsf{GST}}) + 1\}\) satisfies (9). Thus, by Lemma 10, Properties 1–5 in Fig. 2 hold for \({\mathcal {V}}\) chosen as above and \(d=2\delta \).

To prove Property A, fix \(v\ge {\mathcal {V}}\). By Property 3, all correct processes enter v. By (9), \(v \ge {\mathcal {V}}\ge \mathsf{GV}(\overline{\mathsf{GST}})+1\). Given that \(\mathsf{GV}\) is non-decreasing, this implies that no correct process can enter v until after \(\overline{\mathsf{GST}}\). Thus, \(E_{\mathrm{last}}(v) \ge E_{\mathrm{first}}(v) > \overline{\mathsf{GST}}\), and by Corollary 4 we get \(E_{\mathrm{last}}(v+1) \le E_{\mathrm{last}}(v) + F(v) + \delta \), validating Property A. Next, by our choice of \({\mathcal {V}}\), (22) implies \({\mathcal {V}}=1\), and (23) implies \({\mathcal {V}}=\mathsf{GV}(\mathsf{GST}+ \rho ) + 1\). Thus, Property B follows from Corollary 6, and Property  C from Corollary 7.

We now prove Property D in Fig. 3. By our choice of \({\mathcal {V}}\), (24) implies that \({\mathcal {V}}=\min \{v \mid F(v) \ge 2\delta \}\). By Lemma 9, \(\mathsf{GV}(E_{\mathrm{first}}(1)) = 1\). Since \(F(1) < 2\delta \), the monotonicity of \(F\) implies \({\mathcal {V}}>1\), and therefore,

$$\begin{aligned} \exists k \ge 1.\, {\mathcal {V}}= 1 + k. \end{aligned}$$

(26)

Instantiating Lemma 17 with \(t=E_{\mathrm{first}}(1) > S_{\mathrm{first}}=\overline{\mathsf{GST}}\) and \(\mathsf{GV}(E_{\mathrm{first}}(1))=1>0\), we get

$$\begin{aligned} E_{\mathrm{last}}(1+k) \le E_{\mathrm{first}}(1) + \sum _{i=0}^{k-1} F(1+i) + 3k\delta , \end{aligned}$$

which by (26) implies

$$\begin{aligned}&E_{\mathrm{last}}({\mathcal {V}}) \le E_{\mathrm{first}}(1) + \sum _{i=0}^{{\mathcal {V}}-2} F(1+i) + 3({\mathcal {V}}-1)\delta {}\\&\quad \le E_{\mathrm{last}}(1) + \sum _{i=0}^{{\mathcal {V}}-2} F(1+i) + 3({\mathcal {V}}-1)\delta . \end{aligned}$$

Hence, by Corollary 6, we have

$$\begin{aligned}&E_{\mathrm{last}}({\mathcal {V}}) \le S_{\mathrm{last}}+ \delta + \sum _{i=0}^{{\mathcal {V}}-2} F(i+1) + 3({\mathcal {V}}-1)\delta {}\nonumber \\&\quad = S_{\mathrm{last}}+ \sum _{i=1}^{{\mathcal {V}}-1} F(i) + (3{\mathcal {V}}-2)\delta , \end{aligned}$$

(27)

as required.

Lastly, we prove Property E in Fig. 3. By our choice of \({\mathcal {V}}\), (25) implies that \({\mathcal {V}}=\min \{v \mid F(v) \ge 2\delta \}\). By Lemma 9, \(\mathsf{GV}(E_{\mathrm{first}}(\mathsf{GV}(\mathsf{GST}+\rho ) + 1)) = \mathsf{GV}(\mathsf{GST}+\rho ) + 1\). Since \(F(\mathsf{GV}(\mathsf{GST}+\rho ) + 1) < 2\delta \), the monotonicity of \(F\) implies \({\mathcal {V}}>\mathsf{GV}(\mathsf{GST}+\rho ) + 1\), and therefore,

$$\begin{aligned} \exists k \ge 1.\, {\mathcal {V}}= \mathsf{GV}(\mathsf{GST}+\rho ) + 1 + k. \end{aligned}$$

(28)

Instantiating Lemma 17 with \(t=E_{\mathrm{first}}(\mathsf{GV}(\mathsf{GST}+\rho ) + 1) > \mathsf{GST}+\rho =\overline{\mathsf{GST}}\) and \(\mathsf{GV}(E_{\mathrm{first}}(\mathsf{GV}(\mathsf{GST}+\rho ) + 1))=\mathsf{GV}(\mathsf{GST}+\rho ) + 1>0\), we get

$$\begin{aligned}&E_{\mathrm{last}}(\mathsf{GV}(\mathsf{GST}+\rho )+1+k) {}\\&\quad \le E_{\mathrm{first}}(\mathsf{GV}(\mathsf{GST}+\rho ) + 1) {}\\&\quad + \sum _{i=0}^{k-1} F(\mathsf{GV}(\mathsf{GST}+\rho ) + 1+i) + 3k\delta , \end{aligned}$$

which by (28) implies

$$\begin{aligned}&E_{\mathrm{last}}({\mathcal {V}}) \le E_{\mathrm{first}}(\mathsf{GV}(\mathsf{GST}+\rho ) + 1) {}\\&\quad + \sum _{i=0}^{{\mathcal {V}}-\mathsf{GV}(\mathsf{GST}+\rho )-2} F(\mathsf{GV}(\mathsf{GST}+\rho ) + 1+i) {}\\&\quad +3({\mathcal {V}}-\mathsf{GV}(\mathsf{GST}+\rho )-1)\delta \le {}\\&E_{\mathrm{last}}(\mathsf{GV}(\mathsf{GST}+\rho ) + 1) {}\\&\quad +\sum _{i=0}^{{\mathcal {V}}-\mathsf{GV}(\mathsf{GST}+\rho )-2} F(\mathsf{GV}(\mathsf{GST}+\rho ) + 1+i) {}\\&\quad +\,3({\mathcal {V}}-\mathsf{GV}(\mathsf{GST}+\rho )-1)\delta . \end{aligned}$$

Hence, by Corollary 7, we have

$$\begin{aligned}&E_{\mathrm{last}}({\mathcal {V}}) \le E_{\mathrm{last}}(\mathsf{GV}(\mathsf{GST}+\rho ) + 1) {}\\&\quad + \sum _{i=0}^{{\mathcal {V}}-\mathsf{GV}(\mathsf{GST}+\rho )-2} F(\mathsf{GV}(\mathsf{GST}+\rho ) + 1+i) {}\\&\quad + 3({\mathcal {V}}-\mathsf{GV}(\mathsf{GST}+\rho )-1)\delta {}\\&\quad \le \mathsf{GST}+\rho + F(\mathsf{GV}(\mathsf{GST}+\rho )) + 3\delta {}\\&\quad + \sum _{i=0}^{{\mathcal {V}}-\mathsf{GV}(\mathsf{GST}+\rho )-2} F(\mathsf{GV}(\mathsf{GST}+\rho ) + 1+i) {}\\&\quad + 3({\mathcal {V}}-\mathsf{GV}(\mathsf{GST}+\rho )-1)\delta {}\\&\quad = \mathsf{GST}+\rho + \sum _{i=0}^{{\mathcal {V}}-\mathsf{GV}(\mathsf{GST}+\rho )-1} F(\mathsf{GV}(\mathsf{GST}+\rho )+i) {}\\&\quad +3({\mathcal {V}}-\mathsf{GV}(\mathsf{GST}+\rho ))\delta {}\\&\quad \le \mathsf{GST}+\rho + \sum _{i=0}^{{\mathcal {V}}-1} F(i) + 3{\mathcal {V}}\delta , \end{aligned}$$

as required. \(\square \)

We now use Theorem 6 to derive closed-form expressions for view \({\mathcal {V}}\) and the latency of reaching it after \(\mathsf{GST}\) assuming an exponentially growing timeout function \(F(v)=2^v\) for all \(v>0\). Below we show that if the protocol starts after \(\mathsf{GST}\) (\(S_{\mathrm{first}}\ge \mathsf{GST}\)), then all correct processes are guaranteed to synchronize in the view \({\mathcal {V}}= \max \{\lceil \lg {}2\delta \rceil , 1\}\), which they enter within \(O(\delta \lg {}\delta )\) of the last correct process calling \(\mathtt{start}\).

Theorem 7

Consider an execution of with an eventual message delay bound \(\delta \), and assume that (1) holds for \(u= 2\delta \), \(S_{\mathrm{first}}\ge \mathsf{GST}\), and \(\forall v>0.\, F(v)=2^v\). Then in this execution FastSync satisfies all the properties in Figs. 2 and 3 for \({\mathcal {V}}=\max \{\lceil \lg {}2\delta \rceil , 1\}\) and \(d = 2\delta \). Furthermore, it holds:

$$\begin{aligned} E_{\mathrm{last}}({\mathcal {V}}) \le S_{\mathrm{last}}+ 3\delta \lg {}\delta + 8\delta = S_{\mathrm{last}}+ O(\delta \lg {}\delta ). \end{aligned}$$

Proof

We consider two cases. Suppose first that \(F(1) \ge 2\delta \). Then, by Theorem 6, all the properties in Figs. 2 and 3 hold for \({\mathcal {V}}=1\) and \(d=2\delta \), and by Property B,

$$\begin{aligned} E_{\mathrm{last}}({\mathcal {V}}) \le S_{\mathrm{last}}+ \delta . \end{aligned}$$

(29)

Since \(F(1) \ge 2\delta \), by our choice of the timeout function, \(2^{1} \ge 2\delta \). Hence, \(\lg {}2\delta \le 1\), and therefore, \(\lceil \lg {}2\delta \rceil \in \{0, 1\}\). Thus, we get \({\mathcal {V}}=1=\max \{\lceil \lg {}2\delta \rceil , 1\}\), as needed.

Suppose next that \(F(1) < 2\delta \). Then, by Theorem 6, all the properties in Figs. 2 and 3 hold for \({\mathcal {V}}=\min \{v \mid F(v) \ge 2\delta \}\) and \(d=2\delta \), and by Property D,

$$\begin{aligned} E_{\mathrm{last}}({\mathcal {V}}) \le S_{\mathrm{last}}+ \sum _{i=1}^{{\mathcal {V}}-1} F(i) + (3{\mathcal {V}}-2)\delta . \end{aligned}$$

(30)

Since \(F(1) < 2\delta \), \({\mathcal {V}}> 1\), and therefore,

$$\begin{aligned}&{\mathcal {V}}=\min \{v \mid 2^v \ge 2\delta \wedge v> 1\} {} \\&\quad = \min \{v \mid v \ge \lg {}2\delta \wedge v > 1\}, \end{aligned}$$

which implies

$$\begin{aligned} {\mathcal {V}}= \max \{\lceil \lg {}2\delta \rceil , 1\}, \end{aligned}$$

(31)

as needed.

Finally, plugging (31) into (30) and using the fact that \(\lceil \lg {}2\delta \rceil \le \lg {}2\delta + 1\), we get

$$\begin{aligned}&E_{\mathrm{last}}({\mathcal {V}}) \le S_{\mathrm{last}}+ \sum _{i=1}^{\lg {}2\delta } 2^i + (3\lg {}2\delta + 1)\delta {}\nonumber \\&\quad \le S_{\mathrm{last}}+ 3\delta \lg {}\delta + 8\delta = S_{\mathrm{last}}+ O(\delta \lg {}\delta ). \end{aligned}$$

(32)

Thus, from (29) and (32), we get

$$\begin{aligned} E_{\mathrm{last}}({\mathcal {V}}) \le 3\delta \lg {}\delta + 8\delta = S_{\mathrm{last}}+ O(\delta \lg {}\delta ), \end{aligned}$$

as required. \(\square \)

We now show that if some correct process calls \(\mathtt{start}\) before \(\mathsf{GST}\) (\(S_{\mathrm{first}}< \mathsf{GST}\)), then all correct processes are guaranteed to synchronize in the view \({\mathcal {V}}= \max \{\lceil \lg {}2\delta \rceil , \mathsf{GV}(\mathsf{GST}){+\rho }+1\}\), which they enter within \(O(\max \{\delta \lg {}\delta , F({\mathcal {V}}-1))\) after \(\mathsf{GST}+\rho \).

Theorem 8

Consider an execution of with an eventual message delay bound \(\delta \), and assume that (1) holds for \(u= 2\delta \), \(S_{\mathrm{first}}< \mathsf{GST}\), and \(\forall v>0.\, F(v)=2^v\). Then in this execution FastSync satisfies all the properties in Figs. 2 and 3 for \({\mathcal {V}}=\max \{\lceil \lg {}2\delta \rceil , \mathsf{GV}(\mathsf{GST}+\rho )+1\}\) and \(d = 2\delta \). Furthermore, it holds:

$$\begin{aligned}&E_{\mathrm{last}}({\mathcal {V}}) \le \mathsf{GST}+ \rho + \max \{3\delta \lg {}\delta , F({\mathcal {V}}-1)\} + 10\delta {}\\&\quad = \mathsf{GST}+ \rho + O(\max \{\delta \lg {}\delta , F({\mathcal {V}}-1)\}). \end{aligned}$$

Proof

We consider two cases. Suppose first that \(F(\mathsf{GV}(\mathsf{GST}+\rho )+1) \ge 2\delta \). Then, by Theorem 6, all the properties in Figs. 2 and 3 hold for \({\mathcal {V}}=\mathsf{GV}(\mathsf{GST}+\rho )+1\) and \(d=2\delta \), and by Property C,

$$\begin{aligned} E_{\mathrm{last}}({\mathcal {V}}) \le \mathsf{GST}+\rho +F({\mathcal {V}}-1)+3\delta . \end{aligned}$$

(33)

Since \(F(\mathsf{GV}(\mathsf{GST}+\rho )+1) \ge 2\delta \), by our choice of the timeout function, \(2^{\mathsf{GV}(\mathsf{GST}+\rho )+1} \ge 2\delta \). Hence, \(\lg {}2\delta \le \mathsf{GV}(\mathsf{GST}+\rho )+1\), and therefore, \(\lceil \lg {}2\delta \rceil \le \mathsf{GV}(\mathsf{GST}+\rho )+1\). Thus, we get \({\mathcal {V}}=\mathsf{GV}(\mathsf{GST}+\rho )+1=\max \{\lceil \lg {}2\delta \rceil , \mathsf{GV}(\mathsf{GST}+\rho )+1\}\), as needed.

Suppose next that \(F(\mathsf{GV}(\mathsf{GST}+\rho )+1) < 2\delta \). Then, by Theorem 6, all the properties in Figs. 2 and 3 hold for \({\mathcal {V}}=\min \{v \mid F(v) \ge 2\delta \}\) and \(d=2\delta \), and by Property E,

$$\begin{aligned} E_{\mathrm{last}}({\mathcal {V}}) \le \mathsf{GST}+\rho + \sum _{i=0}^{{\mathcal {V}}-1} F(i) + 3{\mathcal {V}}\delta . \end{aligned}$$

(34)

Since \(F(\mathsf{GV}(\mathsf{GST}+\rho )+1) < 2\delta \), \({\mathcal {V}}> \mathsf{GV}(\mathsf{GST}+\rho )+1\), and therefore,

$$\begin{aligned}&{\mathcal {V}}=\min \{v \mid 2^v \ge 2\delta \wedge v> \mathsf{GV}(\mathsf{GST}+\rho )+1\} {}\\&\quad = \min \{v \mid v \ge \lg {}2\delta \wedge v > \mathsf{GV}(\mathsf{GST}+\rho )+1\}, \end{aligned}$$

and therefore,

$$\begin{aligned} {\mathcal {V}}= \max \{\lceil \lg {}2\delta \rceil , \mathsf{GV}(\mathsf{GST}+\rho )+1\}, \end{aligned}$$

(35)

as needed.

Finally, plugging (35) into (34) and using the fact that \(\lceil \lg {}2\delta \rceil \le \lg {}2\delta + 1\), we get

$$\begin{aligned}&E_{\mathrm{last}}({\mathcal {V}}) \le \mathsf{GST}+\rho + \sum _{i=1}^{\lg {}2\delta } 2^i + 3(\lg {}2\delta + 1)\delta {}\nonumber \\&\quad \le \mathsf{GST}+\rho + 3\delta \lg {}\delta + 10\delta {}\nonumber \\&\quad = \mathsf{GST}+\rho + O(\delta \lg {}\delta ). \end{aligned}$$

(36)

Thus, from (29) and (36), and since \(F({\mathcal {V}}-1)\) can be arbitrarily large, we get

$$\begin{aligned}&E_{\mathrm{last}}({\mathcal {V}}) \le \mathsf{GST}+ \rho + \max \{3\delta \lg {}\delta , F({\mathcal {V}}-1)\} + 10\delta {}\\&\quad =\mathsf{GST}+ \rho + O(\max \{\delta \lg {}\delta , F({\mathcal {V}}-1)\}), \end{aligned}$$

as required. \(\square \)

By Proposition 1, we can apply Theorem 8 if (3) holds for \(U = 2\Delta \). Then \(F({\mathcal {V}}-1) \le 2\Delta \), which implies the following:

Corollary 23

Suppose that (3) holds for \(U = 2\Delta \), and \(\forall v>0.\, F(v)=2^v\). Then, every execution of FastSync with the eventual message delay \(\delta \) such that \(S_{\mathrm{first}}< \mathsf{GST}\) satisfies all the properties in Figs. 2 and 3 for \({\mathcal {V}}=\max \{\lceil \lg {}2\delta \rceil , \mathsf{GV}(\mathsf{GST}+\rho )+1\}\) and \(d = 2\delta \), and it holds:

$$\begin{aligned}&E_{\mathrm{last}}({\mathcal {V}}) \le \mathsf{GST}+ \rho + \max \{3\delta \lg {}\delta , 2\Delta \} + 10\delta {}\\&\quad = \mathsf{GST}+ \rho + O(\max \{\delta \lg {}\delta , \Delta \}). \end{aligned}$$