Proposal: Bipartite Supervalidator Architecture

Development Fund Proposal Submission

Proposal file: /proposals/bipartite-supervalidator-architecture.md

---

Summary

This proposal separates CPU-bound cryptographic operations (ECIES view encryption/decryption, Speedy reinterpretation) from IO-bound state management (BFT consensus, sequencer DB writes, ACS updates) into two independently scalable machine classes. A proof-of-concept using Canton's actual crypto primitives demonstrates 4x throughput improvement and 7x latency reduction at 32 concurrent transactions. The architecture is backward-compatible and opt-in — existing Daml applications require no changes.

---

Checklist

• [x] Proposal file added under /proposals/
• [x] Milestones and funding amounts defined
• [x] Acceptance criteria included
• [x] Alignment with Canton priorities described

---

Notes for Reviewers

• This work is complementary to the ISS-based BFT ordering grant (approved 2026-03-23). Once ordering scales to 2500+ TPS, per-node ECIES encryption becomes the next binding throughput constraint. This proposal addresses that.
• The PoC benchmark source code is available in the CIPs repo under bipartite-poc/. It uses real JDK 21 crypto (ECDH P-256, AES-256-GCM, Ed25519) and real PostgreSQL writes — not simulated delays.
• The key architectural insight: ECIES encryption for Canton's sub-transaction privacy model is stateless (needs only read access to packages, contracts, topology) but consumes 35-43% of per-transaction CPU. Separating it from stateful DB/consensus work allows each to scale along its natural axis.
• Funding request: 3,500,000 CC across 5 milestones over ~24 weeks.