1. Introduction
Anyone who has spent time studying distributed systems eventually runs into the same uncomfortable truth: keeping a network of machines honest is expensive, and the more machines you add, the worse it gets. This is the puzzle sitting underneath Byzantine fault tolerant (BFT) consensus, and it's why the subject keeps resurfacing in enterprise blockchains, financial ledgers, and supply-chain platforms that can't afford to trust a single party outright (Androulaki et al., 2018; Nakamoto, 2008). Practical Byzantine Fault Tolerance, or PBFT, has been the field's reference point for over two decades now — and for good reason. Castro and Liskov's original design (Castro & Liskov, 1999) offers something rare: mathematically provable safety and liveness, resilience against up to ⌊(n − 1)/3⌋ faulty validators, and finality that arrives deterministically rather than probabilistically. In regulated environments, where "probably settled" isn't good enough, that last property matters more than almost anything else.
But — and this is really where the trouble starts — PBFT was never built with today's larger, geographically scattered validator sets in mind. Its prepare and commit phases require every validator to talk to every other validator, which sounds fine on paper until you realize the message count grows quadratically, as O(n²). Add more validators, and bandwidth balloons, confirmation times stretch out, and throughput quietly erodes (Yin et al., 2019; Buchman, 2016). Other protocols have tried to patch this. HotStuff and Tendermint, for instance, take different paths toward scalability, but each accepts trade-offs of its own, whether in finality semantics or in the sheer operational complexity required to run them (Yin et al., 2019; Buchman, 2016; Micali et al., 1999; Pass et al., 2017). And it isn't just theoretical — industrial studies have documented real bottlenecks once validator counts climb into the twenty-to-one-hundred range (Saxena et al., 2018), which happens to be exactly where a lot of permissioned deployments actually want to operate.
So the question this work sets out to answer is fairly narrow, almost stubbornly so: can PBFT's communication overhead be reduced without giving up the properties that made it trustworthy in the first place? O-PBFT (Optimized PBFT) is the answer we propose, and it's worth being upfront about what it isn't — it isn't a new consensus philosophy, nor does it throw away decades of formal reasoning about safety. Instead, it layers three mechanisms on top of the existing PBFT skeleton. First, BLS signature aggregation (Boneh et al., 2004; Swanson et al., 2019) replaces the flood of individual per-round broadcasts with one compact aggregate signature plus a small bitmap identifying signers — a change that, as it turns out, does most of the heavy lifting. Second, pipelining allows the pre-prepare, prepare, and commit stages to overlap under watermark ordering rather than proceeding strictly one after another (Yin et al., 2019; Herlihy & Wing, 1990). Third, an adaptive controller continuously watches round-trip time, mempool pressure, and timeout behavior, and uses that information to widen or narrow the pipeline — somewhere between one and three stages deep — depending on how the network is actually behaving in the moment (Buchman, 2016; Tanenbaum & Van Steen, 2017). All of this was implemented in Go and tested across commodity and cloud hosts (Ongaro & Ousterhout, 2014), which at least grounds the claims in something more concrete than simulation alone.
Three questions guided the evaluation, and it's probably useful to lay them out plainly rather than bury them in methodology later. RQ1 asked, quite directly, how much aggregation and pipelining actually reduced per-phase traffic — and whether that reduction came at the cost of deterministic finality, because a faster protocol that sacrifices certainty isn't really a win. RQ2 pushed further: did adaptive pipelining meaningfully raise throughput over sequential PBFT, or would the gains evaporate once safety and liveness constraints were properly enforced? RQ3, perhaps the most practically minded of the three, asked whether the system held up reliably once deployed across multiple availability zones, where network conditions are messier and less forgiving than a single data center.
The contributions that emerged, then, are threefold: a communication path that stays compatible with PBFT while carrying a noticeably lighter payload per phase; an adaptive, pipelined execution framework that responds to live network conditions rather than assuming a fixed depth; and a working, reproducible prototype tested against controlled workloads ranging from light traffic to genuine burst conditions. The remainder of the paper follows a fairly conventional arc. Section II places O-PBFT alongside both classical and more recent BFT protocols, tracing where it borrows and where it diverges. Section III lays out the optimization framework itself, along with the five-phase evaluation plan and the implementation's architecture. Section IV is where the numbers live — notation, the quorum relation, measurements, stress-test observations, and a discussion of what they mean. Section V closes things out with the broader takeaways.
As a preview of what's to come: under matched load tiers, O-PBFT's throughput came in at roughly 2.3× that of sequential classical PBFT baselines, a result that held up under paired t-tests at p < 0.01 with 95% confidence intervals, and with coefficient of variation staying under 2% across steady-state metrics on both hardware profiles tested (Castro & Liskov, 1999; Yin et al., 2019; Buchman, 2016). HotStuff- and Tendermint-class configurations were run on identical EC2 topology and identical transaction semantics — enterprise-style transfers with balance checks — specifically so that any observed differences could be attributed to protocol behavior itself, not to some quirk of mismatched test conditions.
None of this, it's worth saying clearly, came from relaxing PBFT's underlying guarantees. Deterministic finality stayed intact. The n > 3f resilience assumption stayed intact. The authenticated double-round structure that PBFT's safety proofs depend on was left exactly as Castro and Liskov specified it (Castro & Liskov, 1999). What changed was narrower and more surgical: how signatures move across the network, how stages are scheduled, and how the controller decides when to widen or tighten the pipeline. Verification still leans on quorum intersection and stable view semantics, just as the classical literature describes (Yin et al., 2019). Cutting corners on prepare or commit ordering might have squeezed out a bit more raw throughput, but it would have quietly removed the very guarantees that regulated, enterprise-grade deployments depend on — and that trade-off never seemed worth making.



