Consensus: Blocklace + Cordial Miners
dregg federations use the Blocklace protocol with Cordial Miners for total
ordering. This replaces the previous Morpheus DAG-BFT. The Blocklace is a
CRDT DAG where equivocation is structurally detectable, and Cordial Miners
provides 3-round BFT finality.
Three-Tier Execution Model
Not all operations require consensus. dregg provides three execution tiers
with increasing coordination cost:
| Tier | Mechanism | Latency | When Used |
|---|---|---|---|
| Sovereign (PCO) | Local execution + STARK proof | Instant | Default. Agent proves own state transitions. No federation contact. |
| Optimistic (Stingray COD) | Bounded counters, commit-on-demand | Fast (local) | Concurrent resource spending. Each silo debits locally within its budget slice. |
| Ordered (Cordial Miners) | Blocklace DAG, 3-round BFT | 3 rounds | When total ordering is required: nullifier tracking, shared state, disputes. |
Most turns execute at the sovereign tier. Agents escalate to ordered consensus only when they need it (double-spend prevention, public orderbooks, dispute resolution).
The Blocklace
The Blocklace is a DAG data structure where each block references all known tips (its causal predecessors). Key properties:
- CRDT semantics: The DAG grows monotonically. Blocks are never removed. Merging two views of the Blocklace is a simple union.
- Equivocation detection: If a node produces two blocks at the same round with incompatible parents, both are visible in the DAG. This is an irrefutable proof of Byzantine behavior -- no voting or accusation protocol needed.
- Quiescent: No messages are sent when there are no transactions to process. Unlike traditional BFT protocols, idle federations consume zero bandwidth.
- Causal ordering: Parent references encode happened-before relationships. The DAG provides partial ordering without any consensus protocol.
A three-node federation after two rounds. Each round-1 block references all known round-0 tips (its causal past). The highlighted ring marks the round-1 tip selected as leader by lowest-hash; its causal history is appended to the total order.
Cordial Miners (Total Ordering)
When total ordering is needed, Cordial Miners operates over the Blocklace:
- A miner creates a block referencing all known tips (cordial dissemination).
- When 2f+1 blocks at the same round are observed, the round is closed.
- A deterministic rule (lowest hash among qualifying round-r blocks) selects the leader for that round.
- The leader's causal past, minus already-committed blocks, is appended to the total order.
Finality requires 3 communication rounds. Safety relies on the Blocklace's equivocation-detection property. Tolerates f < n/3 Byzantine nodes.
A single-node federation (n=1) is simply Cordial Miners with a trivial committee. The same code path handles solo agents and large federations -- no special "solo mode."
Constitutional Consensus (Membership)
Federation membership is governed by Constitutional Consensus -- a democratic protocol built on the Blocklace:
- h-rule admission: A node is admitted when h existing members reference its join-request block in their own blocks (typically h = 2f+1).
- Timeout-leave: A node that has not produced a block within a configured timeout is automatically removed from the active set. No eviction vote needed.
- Democratic: No distinguished authority controls membership. The constitution is the rule set; enforcement is structural via the Blocklace.
This replaces epoch-based reconfiguration: membership changes are continuous and take effect as soon as the Blocklace records sufficient support.
Persistence and Bootstrapping
Nodes persist state across restarts using redb (ACID, WAL, crash-safe):
- Blocklace blocks: Persisted incrementally as they arrive. On restart, the node reconstructs its DAG view from stored blocks.
- Ledger checkpoints: Every 100 committed blocks, the full ledger state (cell commitments, note tree, nullifier set) is checkpointed atomically.
- Application state: JSON atomic snapshots for hosted cells and app services.
Fast-Sync for New Nodes
A new node joining a federation does not replay the full Blocklace history:
- Request the latest checkpoint from any federation peer (checkpoint serving API).
- Verify the checkpoint's attested root against a known trust anchor.
- Resume Blocklace participation from the checkpoint height.
Sync time is O(checkpoint_size), not O(history) -- typically seconds for a mature federation.
Network Dissemination
- Cordial dissemination: Reactive push with frontier exchange. Each node pushes new blocks to peers and responds to frontier queries with missing causal history.
- Chunked sync: Up to 100 blocks per push for catch-up scenarios.
- Plumtree gossip: Eager push (degree 3) for spanning-tree delivery, lazy push (IHave) for redundancy.
- QUIC transport: All communication over QUIC with multiplexed streams and 0-RTT resumption.