We consider a set of processes communicating asynchronously over reliable point-to-point channels. Each process maintains the following local or shared variables:

\begin{itemize}
  \item \textbf{\textit{received}}: the set of messages that have been received via the reliable broadcast primitive but not yet ordered.
  \item \textbf{\textit{delivered}}: the set of messages that have been ordered.
  \item \textbf{\textit{prop}[$r$][$j$]}: the proposal set announced by process $j$ at round $r$. It contains a set of messages that process $j$ claims to have received but not yet delivered.
  \item \textbf{\textit{winner}$^r$}: the set of processes that have issued a valid \texttt{PROVE} for round $r$, as observed through the registry.
  \item \textbf{\textit{window}}: the list of the ids from the $f+1$ last rounds. \textit{window.pop()} remove the first value of the array. \textit{window.push(x)} append x as the last value of the array.
  \item \textbf{\texttt{RB-cast}$(\texttt{PROP}, S, r, j)$}: a reliable broadcast invocation that disseminates the proposal $S$ from process $j$ for round $r$.
  \item \textbf{\texttt{RB-delivered}$(\texttt{PROP}, S, r, j)$}: the handler invoked upon reception of a \texttt{RB-cast}, which stores the received proposal $S$ into $\textit{prop}[r][j]$.
  \item \textbf{\texttt{READ}()} : returns the current view of all valid operations stored in the DenyList registry.
  \item \textbf{\texttt{ordered}$(S)$}: returns a deterministic total order over a set $S$ of messages.
  \item \textbf{\texttt{hash}$(T, r)$}: returns the identifier of the next round as a deterministic function of the delivered set $T$ and current round $r$.
\end{itemize}

\resetalgline
\begin{algorithm}
  \caption{Atomic Broadcast with DenyList}
  \begin{algorithmic}[1]    
    \State $\textit{proves} \gets \emptyset$
    \State $\textit{received} \gets \emptyset$
    \State $\textit{delivered} \gets \emptyset$
    \State $\textit{window} \gets [\bot]^{f+1}$
    \State $r_1 \gets 0$

    \vspace{1em}
    % --- AB-Broadcast ---
    \State \nextalgline \textbf{AB-Broadcast}$_j(m)$
    \State \nextalgline \hspace{1em} $\texttt{RB-Broadcast}_j(m)$

    \vspace{1em}
    % --- RB-delivered ---
    \State \nextalgline \textbf{RB-delivered}$_j(m)$
    \State \nextalgline \hspace{1em} $\textit{received} \gets \textit{received} \cup \{m\}$
    \State \nextalgline \hspace{1em} \textbf{repeat while} $\textit{received} \setminus \textit{delivered} \neq \emptyset$
    \State \nextalgline \hspace{2em} $S \gets \textit{received} \setminus \textit{delivered}$
    \State \nextalgline \hspace{2em} $\texttt{RB-broadcast}(\texttt{PROP}, S, r_1, j)$
    \State \nextalgline \hspace{2em} $\textit{proves} \gets \texttt{READ}()$
    \State \nextalgline \hspace{2em} $\texttt{PROVE}[j](r_1)$
    % \State \nextalgline \hspace{2em} $r_1 \gets \max\{r : j,\ (j, \texttt{PROVE}(r)) \in \textit{proves}\} + 1$
    
    \vspace{0.5em}
    \State \nextalgline \hspace{2em} $\texttt{APPEND}[j](r_1)$
    \State \nextalgline \hspace{2em} $S \gets \{1, ..., n\}$
    \State \nextalgline \hspace{2em} \textbf{repeat while} $|S| \leq n - f$
    \State \nextalgline \hspace{3em} \textbf{forall} $i \in S$
    \State \nextalgline \hspace{4em} \textbf{if} $\neg \texttt{PROVE}[i](r_1)$
    \State \nextalgline \hspace{5em} $S \gets S \setminus i$

    \vspace{0.5em}
    \State \nextalgline \hspace{2em} $\textit{winner}[r_1] \gets \texttt{READ\_ALL}()$
    \State \nextalgline \hspace{2em} \textbf{wait } $\forall j \in \textit{winner}[r_1],\ |\textit{prop}[r_1][j] \neq \bot| \geq f+1$
    \State \nextalgline \hspace{2em} $T \gets \bigcup_{j \in \textit{winner}[r_1]} \textit{prop}[r_1][j] \setminus \textit{delivered}$

    \vspace{0.5em}
    \State \nextalgline \hspace{2em} \textbf{for each } $m \in \texttt{ordered}(T)$
    \State \nextalgline \hspace{3em} $\textit{delivered} \gets \textit{delivered} \cup \{m\}$
    \State \nextalgline \hspace{3em} $\texttt{AB-deliver}_j(m)$
    \State \nextalgline \hspace{2em} $r_1 \gets \textit{hash}(T, r_1)$

    \vspace{1em}
    % --- READ_ALL() ---
    \State \nextalgline \textbf{READ\_ALL}$(r)$
    \State \nextalgline \hspace{1em} \textbf{for each } $j \in (1, ... , n)$
    \State \nextalgline \hspace{2em} $win[j] \gets \{j_1: \texttt{READ}_{j_1}() \ni (j, \texttt{PROVE}(r))\}$
    \State \nextalgline \hspace{1em} \textbf{for} $i \in (1, ... , n)$
    \State \nextalgline \hspace{2em} \textbf{for} $j \in (1, ... , n)$
    \State \nextalgline \hspace{3em} \textbf{if} $i \in win[j]$
    \State \nextalgline \hspace{4em} $count[i] ++$
    \State \nextalgline \hspace{1em} \textbf{return} $\{i: count[i] \geq n-f\}$

  \end{algorithmic}  
\end{algorithm}

\subsection{Round mecansism}

We assume that the hash function is deterministic and without collisions. Because we're sure that the round contains at least f + 1 processes as winners, the next round ID is unpredictable by a process who would not follow the protocol and would drop messages legally sent by non-byzantine process.
Also, it ensures that if a byzantine process try to go faster than the others, he will at least wait the faster non-byzantine process to progress.