“…To get microsecond-scale latency, BFT protocols need to avoid expensive public-key cryptography and reduce communication rounds in the common path-and doing so has typically required increasing rather than decreasing the number of replicas [1,51,62]. Meanwhile, decreasing the number of replicas has usually required unbounded memory, sophisticated, or tailored trusted computing bases such as append-only-memory [23], SGX [14], TrInc [57], or reliable hypervisors [92]. Limiting the amount of memory is a significant challenge in the design of uBFT, as the standard technique to handle Byzantine behavior in systems with 2đť‘“ +1 replicas requires storing all messages received, leading to long message histories [4,86], which consume unbounded memory.…”