Byzantine Fault Tolerance
What Do Medieval Generals and Modern TON Blockchain Have in Common?
Imagine: 1453, the walls of Constantinople.
Several armies have surrounded the last stronghold of the Byzantine Empire. The generals must attack simultaneously β otherwise, failure is certain. But among them are traitors, ready to sabotage the operation. Communication happens only through messengers, who might not reach their destination or might lie.
How do you make a unified decision under such conditions?
This problem seemed purely academic when it was first formulated in a scientific journal in 1982. Back then, no one could have predicted that decades later, its solution would become the foundation of a revolution that would change our understanding of money, trust, and power.
Today, this same problem is solved every few seconds in the TON blockchain. Network validators are those very Byzantine generals who must agree on which transactions to confirm. And among them, there can also be "traitors" β fraudsters trying to deceive the system.
Without understanding this connection, it's impossible to grasp how any modern blockchain works. After all, at the core of each one lies the answer to a simple question:
How can a group of strangers agree on something important without trusting each other?
Remember how I told you about validators who confirm transactions in the TON network? About how they stake huge amounts (hundreds of thousands of TON) as collateral and receive rewards for it?
But the main question that was probably spinning in your head remained:
"What prevents these validators from simply conspiring among themselves? A hundred or two hundred people gather in a Telegram chat, agree to start confirming fake transactions in their favor, and that's it. End of blockchain?"
This question might seem so obvious that many are even embarrassed to ask it.
If a group of people controls the entire network, what can stop them?
Today we'll reveal the mechanism that makes such conspiracy practically impossible.
And it turns out that the answer lies in that very Byzantine Generals Problem.
Prepare to be amazed: what seems like an obvious vulnerability is actually a well-thought-out defense.
1982: Nobody Believed in the Importance of This Problem
Now imagine a scientific conference in the early 80s.
Personal computers had just appeared, there was no internet as we know it, and cryptocurrencies were pure science fiction. And then three scientists from SRI International research institute publish a paper titled "The Byzantine Generals Problem" in the prestigious journal ACM Transactions on Programming Languages and Systems.
Leslie Lamport, Robert Shostak, and Marshall Pease had no idea they were creating the foundation for a future financial revolution.
For them, it was just a beautiful theoretical problem from the field of distributed computing β how to make computers in a network make coordinated decisions when some of them might work incorrectly.
The academic community reacted coolly.
"Interesting mathematical abstraction," "elegant proof of impossibility," "useful for understanding theory" β such were the reviews.
It seemed like an academic toy, a beautiful mental exercise that would never find real application.
Who could have thought that decades later, this "exercise" would process trillions of dollars daily?
The turning point came 27 years later.
October 31, 2008, the mysterious Satoshi Nakamoto publishes the Bitcoin white paper.
Nine pages of text that turned upside down our understanding of money, trust, and power. And at the foundation of this revolution lay precisely the Byzantine Generals Problem β but now applied to creating money without banks and governments.
Satoshi understood what academics didn't see: in a world where people don't trust each other but want to jointly create something valuable, the Byzantine Generals Problem becomes critically important.
The result: what was considered useless theory 40 years ago today protects the digital assets of millions of people worldwide.
The Complex Problem in Simple Terms
Let's understand what this famous problem is really about.
So, let's return to our siege example. Imagine yourself as the commander of one of the armies besieging Constantinople. Around the city are positioned nine other generals with their troops. You all understand: the city can only be taken by attacking simultaneously β if someone attacks earlier or later, the defenders will easily repel the assault.
The problem is that among your "allies" are traitors.
- Send false messages: "We attack tomorrow at dawn" (but don't attack themselves)
- Transmit distorted information: "General Theophan said to attack at noon" (although Theophan said "at dawn")
- Generally sabotage the operation for selfish motives
Communication between generals happens only through messengers.
- Not reach the addressee (killed by arrows)
- Be bribed and transmit false information
- Simply get lost in the fog of war
The question: how do you make a unified decision about the attack time under such conditions?
Seems hopeless? That's exactly why the problem was considered purely theoretical for so long.
The Mathematics of Betrayal
Lamport and his colleagues didn't just describe the problem β they mathematically proved the boundaries of what's possible.
- n generals, each with their own army
- They exchange messages only through point-to-point (P2P) communication, no common room or broadcast
- Some generals are traitors who:
- can send different messages to different generals
- can lie or remain silent
- can transmit false information on behalf of others
- The rest are honest and trying to agree
- Task: all honest generals must reach the same decision (e.g., "attack" or "retreat"), and this decision must correspond to the commander's proposal if he's honest
Main theorem: consensus is possible only if traitors are fewer than one-third of the total number of participants.
Why the problem is unsolvable with 1/3 traitors: Example: 9 generals, 3 traitors
- Honest A,B,C initially want to "attack"
- Honest D,E,F initially want to "retreat"
- Traitors G,H,I tell group A,B,C: "We're for attack"
- The same traitors tell group D,E,F: "We're for retreat"
- Result: each group sees a majority in their favor and can't understand who's lying
The mathematical proof of impossibility isn't just theory. It's an iron law that can't be bypassed by any technical tricks. You can come up with more efficient algorithms, faster networks, smarter protocols β but crossing the 1/3 boundary is impossible.
Modern Interpretation
Now let's move to the 21st century and translate the medieval parable into modern technology language:
- Each validator in the blockchain is a separate "general"
- Each has their own copy of data and opinion about what's happening
- They must agree on which transactions to confirm
- Instead of riders with letters β TCP/IP packets
- Messages can be lost (connection break)
- Can arrive with delay (network lag)
- Can be intercepted and falsified (man-in-the-middle attacks)
- Hackers who captured a server
- Greedy operators wanting to deceive the system
- Governments trying to censor transactions
- Simply broken equipment transmitting random data
- Instead of simultaneous city assault β simultaneous block acceptance
- All nodes must agree: "Yes, this block is correct, we add it to the chain"
- If there's no agreement β the system stops or starts diverging
Practical blockchain example: Imagine two transactions arrive simultaneously:
Alice has exactly 50 TON in her account. Both transactions are technically correct, but only one can be executed. 1000 validators must agree on which one to process first:
- 300 honest validators received transaction #1 first and want to confirm it
- 300 honest validators received transaction #2 first and want to confirm it
- 400 traitor validators tell the first group: "We're also for transaction #1"
- The same traitors tell the second group: "We're also for transaction #2"
- Group A sees: 700 for transaction #1, 300 against
- Group B sees: 700 for transaction #2, 300 against
- Each group is sure they have the majority
- The system can't reach a unified decision and will lock up
Nodes will endlessly argue about which transaction to confirm first, and new blocks will stop being created.
That's why all blockchains are built so that attackers can't control more than 1/3 of the network's total power.
The principle is one: mathematically guarantee that honest participants always outnumber what's needed for decision-making.
From Theory to Satoshi's Revolution
"The root problem with conventional currency is all the trust that's required to make it work" β wrote Satoshi Nakamoto in one of his first forum messages.
Think about it: every time you use a bank card, you trust:
- The bank β that it won't lose your money
- The payment system β that it will correctly process the transaction
- The government β that it won't devalue the currency tomorrow
- The merchant β that they won't charge more than necessary
What if we create money without all these intermediaries? Money that works by itself, like physical coins, but can be transmitted over the internet?
This is where the Byzantine Generals Problem surfaced: creating digital money is a constant solution to the consensus question:
- Which transactions to consider valid?
- In what order to process them?
- How to prevent double spending?
- Who to trust with making these decisions?
Satoshi's genius wasn't in inventing something fundamentally new, but in assembling existing technologies:
- Byzantine Generals Problem (consensus without trust)
- Cryptographic hash functions (protection from forgery)
- Digital signatures (authorship confirmation)
- Economic incentives (mining and rewards)
Result: a system where thousands of strangers worldwide every 10 minutes agree on which Bitcoin transactions to consider correct. All without a central authority!
The Devil's in the Details
As always, the devil is in the details. Let's honestly discuss why creating the perfect blockchain is much more complex than it seems at first glance.
FLP Impossibility Theorem
In 1985 (just three years after the Byzantine Generals publication), another trio of scientists β Fischer, Lynch, and Paterson β published work that put a cross on dreams of "perfect consensus."
The FLP theorem (by the first letters of their surnames) states: in an asynchronous network, it's impossible to guarantee consensus if at least one node can fail.
Translating from mathematical to human: if there's even the slightest uncertainty in the network (messages can be delayed, nodes can slow down), then a 100% reliable consensus algorithm doesn't exist.
- Any blockchain can "hang" under certain conditions
- You can't simultaneously guarantee speed AND reliability
- There are always trade-offs between different characteristics
How do modern blockchains live with this? They make reasonable assumptions:
- "The network works quite stably"
- "Most participants are interested in correct operation"
- "Truly catastrophic failures happen rarely"
TON is no exception β it's also based on such assumptions. But it makes them very carefully and conservatively.
CAP Theorem: You Can't Have Everything
Another fundamental problem is the CAP theorem (Consistency, Availability, Partition tolerance). It states that any distributed system can guarantee only two of three properties:
β Consistency β all nodes see the same data simultaneously β Availability β the system always responds to requests β Partition tolerance β the system works even if communication between nodes is disrupted
Practical example: Imagine the internet cable between Europe and America breaks. European and American TON nodes can't communicate with each other. What to do?
β Option 1: Stop the entire network until communication is restored (sacrifice Availability for Consistency) β Option 2: Allow the two halves to work independently (sacrifice Consistency for Availability)
β Option 3: Assume this doesn't happen (sacrifice Partition tolerance)
TON chooses the first option β in case of serious network partition, it prefers to temporarily stop rather than risk data integrity. This approach has its pros and cons.
Real-World Practical Limitations
Besides mathematical theorems, there are many practical problems that can't be solved with beautiful formulas:
- Messages between nodes don't travel instantly
- Different parts of the world have different delays
- During peak loads, the network can slow down
- Node operators make mistakes
- Hardware breaks at the worst possible moment
- Software updates introduce bugs
Why Perfect Solution Doesn't Exist
All these problems lead to a disappointing conclusion: the perfect blockchain doesn't exist and never will.
Any system is a set of trade-offs:
- Bitcoin chose reliability over speed
- Ethereum chose programmability over simplicity
- Solana chose speed over decentralization
- TON seeks balance between all characteristics
But even imperfect blockchains have already changed the world.
TON Consensus in Two Words (For Those Who Forgot)
Consensus is the way network nodes agree on what to consider truth. In blockchain's case β which transactions to accept, in what order to arrange them, which block to add next.
Why is this critical? Because without consensus, blockchain turns into chaos.
Now Back to the Question From the Very Beginning
Why can't validators simply conspire and start confirming transactions in their favor?
β Create a convenient Telegram chat and pin to the top: "Listen, let's start confirming fake transactions in our favor? Print ourselves a million TON out of thin air and scatter?"
What's the catch? Why doesn't such an obvious scheme work?
It turns out TON (like other modern blockchains) is built so that validator conspiracy is either economically unprofitable, technically impossible, or quickly detected and punished.
Often β all three variants simultaneously.
Let's examine each line of defense in order.
Three Lines of Defense Against Conspiracy
TON's architects weren't naive dreamers. They perfectly understood that people are greedy creatures, ready to do much for money. Therefore, they created a three-level protection system where each level insures the previous one.
Economic Protection: "Honesty is More Profitable Than Theft"
Let's start with the most obvious β money. In TON, only someone who stakes ~300,000 TON can become a validator. At the time of writing, that's about $1 million.
Imagine yourself as a potential fraudster:
- You spent a million dollars to become a validator
- Each month of honest work brings you roughly 3-5% annually from the stake
- That's $30,000-50,000 per year in passive income
- Question: why risk all this for a dubious adventure?
Slashing mechanism β losing money for deception
But suppose greed overcame common sense. You decided to try cheating β sign the wrong block, vote for a fake transaction, or simply sabotage the network.
- The system detects the violation (more on this later)
- Your stake partially or completely burns (slashing)
- You're excluded from the validator list
- You lose the right to future rewards
- For minor violations (offline, delays) β fine 1-5% of stake
- For serious violations (signing wrong blocks) β up to 100% of stake
- In the worst case, you lose the entire $1 million in one go
Opportunity cost β missed profit
Economists call this "alternative costs." Even if your scam works and you're not caught immediately, you still lose guaranteed income from honest work.
- Honest work: $50,000 per year, every year, for decades
- Successful scam: stole, say, $500,000, but can never become a validator again
- Conclusion: after 10 years of honest work, you would have earned more than you got from one-time theft
- Very high chance of being caught (system checks every action)
- Criminal liability (fraud is prosecuted in most countries)
- Reputational damage (try explaining to investors why you were kicked out for fraud)
Bottom line: for a rational person, honesty becomes the only reasonable choice.
Cryptographic Protection: "Agreement is Technically Impossible"
Okay, suppose economic incentives don't stop someone. Rich people sometimes do irrational things. What then?
Then cryptographic protection kicks in β mathematical algorithms that make conspiracy technically impossible or easily detectable.
Cryptographic signatures: you can't fake consensus
TON uses a complex system of cryptographic signatures to confirm consensus.
- Each validator signs a block with their private key
- Signatures are mathematically combined into one aggregated signature
- Forging such a signature without access to private keys is impossible
- Any network node can verify that the block is actually signed by the required number of validators
Practical example: Suppose attackers want to create a fake block where they print themselves a million TON. For this they need to:
- Gather 2/3 of all validators (more than 100 people)
- Force them all to sign this block with their private keys
- But each signature is tied to a specific validator!
- If even one validator refuses or claims coercion β the entire scheme collapses
Merkle proofs β you can't hide deception
Each block in TON contains a Merkle root β a cryptographic hash of all transactions in the block. Changing even one transaction without changing the Merkle root is impossible.
- You can't secretly add a fake transaction
- You can't remove an inconvenient transaction
- Any change becomes instantly visible to the entire network
- Traces remain forever in the blockchain
This sounds like an oxymoron, but in cryptography, it's possible. TON uses algorithms that generate random numbers deterministically β predictably, but only knowing a certain secret.
- For fair validator selection
- For fair task distribution
- To prevent manipulation by individual participants
Why "just agreeing" is impossible: Even if all validators conspired, they can't control these algorithms. The system itself determines who signs what and in what order.
Architectural Protection: "You Can't Control Everything at Once"
Finally, the third level of protection β the network architecture itself, which makes attack coordination extremely difficult.
Validator rotation every 18 hours
This is a good and simple solution. The validator composition changes almost twice a day:
- New validators enter the network
- Old ones temporarily exit
- No one knows in advance who will be a validator in the next cycle
- Conspiracy becomes much more difficult β you need to constantly attract new participants
- Attack requires coordination of hundreds of people daily
- The more people know about the conspiracy, the higher the chance of information leak
Sharding β you can't control everything at once
TON uses sharding β dividing the network into many parallel chains (shards). Each shard processes its part of transactions independently.
- Need to compromise not one chain, but dozens
- Each shard has its own set of validators
- Coordinating an attack on all shards simultaneously is practically impossible
Decentralized observation β additional control
TON operates on the principle of decentralized observation: any network participant can detect violations and receive economic reward for it.
- Any node can monitor validator work
- When detecting a violation, you can file a complaint (challenge) to the network
- If the complaint is justified β receive part of the violator's confiscated stake
- Economic incentive to catch fraudsters works for all participants!
This isn't a dedicated role like validators, but rather an economic mechanism that turns every network participant into a potential "detective." The more eyes watching the network, the harder it is to hide anything.
Summary of all three protections: Even if someone very rich and very determined wants to attack TON, they'll have to:
- Spend hundreds of millions of dollars buying stakes
- Coordinate actions of hundreds of validators worldwide
- Deceive cryptographic algorithms (which is impossible)
- Do this every 18 hours with a new participant composition
- Avoid detection by any of thousands of observing nodes
- All this for dubious profit that's less than potential damage
That's why validator conspiracy remains in the realm of theoretical discussions rather than practical threats.
What If Someone Still Tries?
Alright, we've covered the theory. But let's be honest β in the real world, there are always people ready to risk everything for a big score. Cryptocurrency history is full of examples of attacks that were "theoretically impossible."
So what will happen if someone still decides on madness and tries to attack TON? Let's go through it step by step.
Attack Scenario: "Imagine the Nightmare"
Suppose a mega-villain appears β some crazy billionaire, hostile state, or consortium of major exchanges. They have unlimited resources and iron will to see it through.
For a successful attack, you need to control more than 1/3 of the total stake. At the time of writing, about 770 million TON is staked in the network. So the attack needs at least 256 million TON.
Cost at $3 per TON: over a billion dollars.
But this is just the beginning. As soon as the attacker starts buying such volumes, TON price will skyrocket. The real attack cost could reach 3-5 billion dollars.
It's not enough to just buy tokens β you need to become validators. This requires:
- Technical expertise (set up and maintain nodes)
- Geographic distribution (hundreds of servers worldwide)
- Operational security (protecting private keys)
- Time β you can only become a validator at certain moments
Now you need to coordinate hundreds of validators' actions simultaneously. Remember the rotation every 18 hours? This means the composition of "evil" validators constantly changes.
- How to communicate safely? (any correspondence can be intercepted)
- How to synchronize actions across time zones?
- What to do with validators who changed their minds?
- How to hide preparation from Fishermen and other observers?
Suppose all previous steps were somehow miraculously completed. What can the attacker do next?
- Stop the network (refuse to sign blocks) :)
- Censor transactions (not include them in blocks) :D
- Create temporary network confusion xD
What they CANNOT do (even with 51% control):
- Create TON out of thin air (violates cryptographic rules) ;(
- Steal others' tokens (no access to private keys) ;(
- Change past transactions (protected by hashes) ;(
- Cancel confirmed operations (block finality) ;(
Maximum damage: The worst an attacker can do is block the network for a few hours. Painful, but not catastrophic.
Real Numbers: Bankruptcy Calculation
Now let's honestly calculate the economics of such an attack.
Attack cost (conservative estimates):
- Buying 256 million TON at rising prices: ~$3 billion
- Technical infrastructure (servers, software, personnel): ~$50 million
- Operational coordination costs: ~$100 million
- Total: minimum $3.15 billion
- Fishermen monitor the network 24/7
- Automatic anomaly analysis systems
- Average detection time: 10-30 minutes
- When fraud is detected β slashing up to 100% of stake
- Loss of $3+ billion in one go
- Plus reputational damage and possible criminal prosecution
- Earn from shorting TON? (but volumes will be limited)
- Harm competitors? (dubious business strategy for $3 billion)
- Political motives? (there are cheaper ways)
Conclusion: even for a billionaire, this is an economically irrational venture.
Why Byzantine Generals Matter Today
We've come a long way β from medieval sieges to modern cryptocurrencies. Time to summarize and understand why this ancient problem remains relevant in the 21st century.
The Byzantine Generals Problem isn't just a beautiful academic abstraction. It's a fundamental problem of any systems where you need to coordinate actions of participants who don't trust each other.
The essence remains unchanged: how can a group of people make a unified decision when some of them might lie, sabotage, or pursue their selfish interests?
Understanding Nuances = Understanding Blockchain
Many people perceive blockchain as magical technology that somehow provides trust by itself. But now you know the truth: there's no magic.
- Carefully designed economic incentives
- Time-tested cryptographic algorithms
- Architectural solutions based on understanding human nature
P.S. If you've read to the end, you now understand blockchain better than 90% of people in crypto.
Thank you for your attention and see you soon!
Author: Arthur Yan