Verifiable Agreement Without a Leader After each validator has independently computed the matching results for a tick, the network must agree on a single, canonical outcome. BULK achieves this through a leaderless consensus mechanism based on BLS (Boneh-Lynn-Shacham) threshold signatures. This process can be understood through an analogy of a high-security digital vault. Imagine a vault that requires 100 cryptographic keys to authorize a withdrawal. Instead of a single master key, the key is split into 100 unique “shares” using a technique called Shamir’s Secret Sharing, and one share is given to each of 100 guards. No single guard’s share can open the vault, and the full master key is never assembled in one place. To authorize a transaction, a threshold of, say, 80 guards must each present their key share. A special cryptographic lock then combines these 80 shares to create a single, valid signature that opens the vault, without ever exposing the original master key. BULK’s consensus mechanism operates on this very principle. The state delta (the set of trades and balance changes from a tick) is the “transaction” to be authorized. Each validator holds a secret key share corresponding to a global public key for the exchange. To vote on the outcome of a tick, each validator uses its secret share to sign the hash of the state delta it computed, producing a “partial signature” These partial signatures are then broadcast across the network. A state delta is considered valid and final only when a quorum of validators, signs off on an identical result. The system is designed for both speed and resilience:
  • Fast-Path Liveness: If ≥80% of the stake-weighted validators agree on the result, the tick is committed in a single round.
  • Base Liveness: If consensus is lower but still above a threshold (e.g., ≥60%), the tick can be finalized in a second round.
  • Mismatch Resolution: If there is a mismatch in the results or a quorum cannot be reached, the tick is simply skipped, and all orders from that tick are rolled over to the next. This ensures there is zero risk of a network fork or inconsistent state.
This BLS quorum mechanism is incredibly fault-tolerant, the system can maintain safety and liveness even if up to 20% of the validator stake is malicious and an additional 20% is offline or non-responsive. Validators that frequently produce divergent results are automatically “jailed,” meaning they are temporarily prevented from participating in matching, thus preserving the health of the network.