We consider a set of processes communicating asynchronously over reliable point-to-point channels. Each process maintains the following local or shared variables:

\begin{itemize}
  \item \textbf{\textit{received}}: the set of messages that have been received via the reliable broadcast primitive but not yet ordered.
  \item \textbf{\textit{delivered}}: the set of messages that have been ordered.
  \item \textbf{\textit{prop}[$r$][$j$]}: the proposal set announced by process $j$ at round $r$. It contains a set of messages that process $j$ claims to have received but not yet delivered.
  \item \textbf{\textit{winner}$^r$}: the set of processes that have issued a valid \texttt{PROVE} for round $r$, as observed through the registry.
  \item \textbf{\texttt{R-Broadcast}$(\texttt{PROP}, S, r, j)$}: a reliable broadcast invocation that disseminates the proposal $S$ from process $j$ for round $r$.
  \item \textbf{\texttt{R-Delivered}$(\texttt{PROP}, S, r, j)$}: the handler invoked upon reception of a \texttt{RB-cast}, which stores the received proposal $S$ into $\textit{prop}[r][j]$.
  \item \textbf{\texttt{READ}()} : returns the current view of all valid operations stored in the DenyList registry.
  \item \textbf{\texttt{ordered}$(S)$}: returns a deterministic total order over a set $S$ of messages.
  \item \textbf{\texttt{hash}$(T, r)$}: returns the identifier of the next round as a deterministic function of the delivered set $T$ and current round $r$.
\end{itemize}

\resetalgline
\begin{algorithm}
  \caption{Atomic Broadcast with DenyList}
  \begin{algorithmic}[1]    
    \State $\textit{received} \gets \emptyset$
    \State $\textit{delivered} \gets \emptyset$
    \State $r_1 \gets 0$

    \vspace{1em}
    % --- A-Broadcast ---
    \State \nextalgline \textbf{A-Broadcast}$_j(m)$
    \State \nextalgline \hspace{1em} $\texttt{R-Broadcast}_j(m)$

    \vspace{1em}
    % --- R-delivered ---
    \State \nextalgline \textbf{R-Delivered}$_j(m)$
    \State \nextalgline \hspace{1em} $\textit{received} \gets \textit{received} \cup \{m\}$
    \State \nextalgline \hspace{1em} \textbf{repeat while} $\textit{received} \setminus \textit{delivered} \neq \emptyset$
    \State \nextalgline \hspace{2em} $S \gets \textit{received} \setminus \textit{delivered}$
    \State \nextalgline \hspace{2em} $\texttt{R-Broadcast}(\texttt{PROP}, S, r_1, j)$

    \vspace{0.5em}
    \State \nextalgline \hspace{2em} \textbf{wait until } $|\{j_1 : |\{i_1 : (i_1, \textit{PROVE}(<r_1, j_1>)) \in \texttt{READ}[i_1]()\}| \geq n - f\}| \geq n -f$
    \State \nextalgline \hspace{2em} $\texttt{APPEND\_LINE}[j](r_1)$
    \State \nextalgline \hspace{2em} $B[r_1] \gets {1, ..., n}$ 
    \State \nextalgline \hspace{2em} \textbf{do}
    \State \nextalgline \hspace{3em} \textbf{for each } $j_1 \in B[r_1]$
    \State \nextalgline \hspace{4em} \textbf{if } $\nexists i_1 \text{ s.t. } \texttt{PROVE}[j_1](<r_1, i_1>) == \text{TRUE}$
    \State \nextalgline \hspace{5em} $B[r_1] \gets B[r_1] \setminus \{j_1\}$
    \State \nextalgline \hspace{2em} \textbf{while } $|B[r_1]| \geq f+1$
    \State \nextalgline \hspace{2em} $\textit{winner}[r_1] \gets \{j_1 : |\{i_1 : (i_1, \textit{PROVE}(<r_1, j_1>)) \in \texttt{READ}[i_1]()\}| \geq n - f\}$

    \vspace{0.5em}
    \State \nextalgline \hspace{2em} \textbf{wait } $\forall j \in \textit{winner}[r_1],\ \textit{prop}[r_1][j] \neq \bot$
    \State \nextalgline \hspace{2em} $M \gets \bigcup_{j \in \textit{winner}[r_1]} \textit{prop}[r_1][j] \setminus \textit{delivered}$
    \State \nextalgline \hspace{2em} \textbf{for each } $m \in \texttt{ordered}(M)$
    \State \nextalgline \hspace{3em} $\textit{delivered} \gets \textit{delivered} \cup \{m\}$
    \State \nextalgline \hspace{3em} $\texttt{A-Delivered}_j(m)$
    \State \nextalgline \hspace{2em} $r_1 \gets \textit{hash}(M, r_1)$

    \vspace{1em}
    % --- R-Delivered ---
    \State \nextalgline \textbf{R-Delivered}$_j(PROP, S, r, j_j)$
    \State \nextalgline \hspace{1em} $\textit{prop}[r][j_j] \gets S$
    \State \nextalgline \hspace{1em} \texttt{PROVE}$[j](<r, j_1>)$ 

    \vspace{1em}
    % --- APPEND_LINE() ---
    \State \nextalgline \textbf{APPEND\_LINE}$_j(r)$
    \State \nextalgline \hspace{1em} \textbf{for each } $i_1 \in (1, ... , n)$
    \State \nextalgline \hspace{2em} \texttt{APPEND}$[j](<r, i_1>)$

  \end{algorithmic}  
\end{algorithm}

\subsection{Round mecansism}

We assume that the hash function is deterministic and without collisions. Because we're sure that the round contains at least f + 1 processes as winners, the next round ID is unpredictable by a process who would not follow the protocol and would drop messages legally sent by non-byzantine process.
Also, it ensures that if a byzantine process try to go faster than the others, he will at least wait the faster non-byzantine process to progress.