Snowman is the consensus protocol implemented by the Avalanche blockchain and is part of the Snow family of protocols, first introduced through the original Avalanche leaderless consensus protocol. A major advantage of Snowman is that each consensus decision only requires an expected constant communication overhead per processor in the `common' case that the protocol is not under substantial Byzantine attack, i.e. it provides a solution to the scalability problem which ensures that the expected communication overhead per processor is independent of the total number of processors $n$ during normal operation. This is the key property that would enable a consensus protocol to scale to 10,000 or more independent validators (i.e. processors). On the other hand, the two following concerns have remained: (1) Providing formal proofs of consistency for Snowman has presented a formidable challenge. (2) Liveness attacks exist in the case that a Byzantine adversary controls more than $O(\sqrt{n})$ processors, slowing termination to more than a logarithmic number of steps. In this paper, we address the two issues above. We consider a Byzantine adversary that controls at most $f<n/5$ processors. First, we provide a simple proof of consistency for Snowman. Then we supplement Snowman with a `liveness module' that can be triggered in the case that a substantial adversary launches a liveness attack, and which guarantees liveness in this event by temporarily forgoing the communication complexity advantages of Snowman, but without sacrificing these low communication complexity advantages during normal operation.

翻译：Snowman是Avalanche区块链实现的共识协议，属于Snow协议家族的一员，该家族最初通过原始的Avalanche无领导者共识协议引入。Snowman的主要优势在于：在协议未遭受严重拜占庭攻击的“常规”情况下，每个共识决策仅需每个处理器承担期望常数的通信开销，即它提供了一种可扩展性问题的解决方案，确保在正常运行期间每个处理器的期望通信开销与处理器总数$n$无关。这一关键特性使得共识协议能够扩展至10,000个或更多独立验证者（即处理器）。然而，以下两个问题始终存在：（1）为Snowman提供形式化的一致性证明一直是个艰巨挑战；（2）当拜占庭敌手控制超过$O(\sqrt{n})$个处理器时，存在活性攻击，导致终止步骤数超过对数级别。本文针对上述两个问题展开研究。我们考虑控制最多$f<n/5$个处理器的拜占庭敌手。首先，我们为Snowman提供了一种简洁的一致性证明。随后，我们为Snowman补充了一个“活性模块”，该模块可在重大敌手发起活性攻击时触发，通过暂时放弃Snowman的通信复杂度优势来保证此情况下的活性，同时在正常运行期间不牺牲这些低通信复杂度优势。