ISS-Based BFT #53 Milestone 3: Governance, Security & Production Readiness

Milestone 3: Governance, Security & Production Readiness

| Estimated Delivery | Month 4 (July 2026 if approved in March) | | :---- | :---- | | Focus | Canton topology integration, governance workflows, security hardening, crash recovery |

Deliverables:

• Full integration with Canton's topology management for BFT ordering governance: adding/removing sequencers, dynamic BFT parameter configuration via dedicated topology transaction types.
• Online reconfiguration at epoch boundaries: topology freeze, deferred activation, and BFT ordering topology notification service for domain owners.
• BFT domain bootstrap procedure: genesis package creation, P2P network formation with challenge-response authentication, and 2f+1 startup threshold.
• BFT sequencer onboarding workflow: state transfer, P2P integration at epoch change, and queuing/retry of incoming requests during synchronization.
• Manual pruning via dedicated Admin API gRPC endpoint, with operator documentation on safe pruning timestamps.
• Crash recovery: persistence of partial consensus progress, in-memory cache reconstruction for BFT time calculations, and consistency verification on restart.
• Security hardening: authenticated dissemination, protection against request flooding, replay attack prevention across epoch boundaries, and write relay support for observing nodes.
• Internal security audit covering BFT time monotonicity, deduplication correctness, and fault tolerance under topology changes.
• Final release: merged code into the main Canton branch, included in a tagged release.

Acceptance Criteria:

• Throughput Demonstration
• Governance Demonstration

_Originally posted by @hythloda in https://github.com/canton-foundation/canton-dev-fund/issues/53#issuecomment-4254774313_