The 3f+1 rule is a mathematical condition for Byzantine Fault Tolerance (BFT), stating that a distributed network must have at least 3f + 1 total nodes to tolerate f Byzantine (arbitrarily faulty or malicious) nodes. This ensures the system can achieve safety (all honest nodes agree on the same state) and liveness (the network continues to make progress) despite the presence of adversaries. For example, to withstand 1 malicious node (f=1), the network requires a minimum of 4 nodes; to withstand 3 malicious nodes (f=3), it requires at least 10 nodes.
LABS
Glossary
3f+1 Rule
The 3f+1 rule is a formula defining the minimum number of nodes required in a distributed system to achieve Byzantine Fault Tolerance (BFT) in the presence of 'f' faulty or malicious nodes.
Chainscore © 2026
definition
CONSENSUS THEORY
What is the 3f+1 Rule?
A fundamental principle in Byzantine Fault Tolerant (BFT) consensus algorithms that defines the minimum number of nodes required for a network to tolerate a certain number of faulty or malicious participants.
The rule emerges from the need for a supermajority or quorum of honest nodes to outvote and isolate faulty behavior. In a vote, honest nodes (3f+1 - f = 2f+1) always constitute a two-thirds majority of the total network. This majority is large enough to reach agreement among themselves and is also too large for two conflicting honest majorities to exist simultaneously, which is the core guarantee of safety. Popular BFT consensus mechanisms like Practical Byzantine Fault Tolerance (PBFT) and its derivatives used in permissioned blockchains are built upon this principle.
This rule is distinct from the requirements for crash-fault tolerance, which only deals with nodes that fail silently. A crash-fault tolerant system, like Raft, follows a simpler 2f+1 rule. The extra +f nodes in the 3f+1 formula are the cost of defending against Byzantine faults, where nodes can lie, send conflicting messages, or otherwise act arbitrarily. This makes BFT consensus more resource-intensive but essential for trustless, adversarial environments.
In blockchain contexts, the 3f+1 rule underpins the security model of many proof-of-stake (PoS) and permissioned networks. Validator sets are often sized with this rule in mind to guarantee finality. However, it's crucial to distinguish this from Nakamoto Consensus used in Bitcoin, which achieves probabilistic security through proof-of-work and longest-chain rule without a fixed validator set or the strict 3f+1 requirement for immediate finality.
A practical implication is the 33% fault tolerance threshold: since f faulty nodes can be at most one-third of the total 3f+1 network (f / (3f+1) ≈ 33%). If more than one-third of the nodes become Byzantine, the guarantees of safety and liveness break down. This defines the resilience of the system and is a key parameter for network operators and token holders when evaluating the security of a BFT-based blockchain.
how-it-works
CONSENSUS MECHANICS
How the 3f+1 Rule Works
The 3f+1 rule is a fundamental fault tolerance formula that defines the minimum number of nodes required in a Byzantine Fault Tolerant (BFT) network to guarantee safety and liveness despite malicious actors.
The 3f+1 rule is a mathematical guarantee for Byzantine Fault Tolerance (BFT) consensus protocols, stating that a network of N nodes can tolerate up to f malicious (Byzantine) nodes if and only if N ≥ 3f + 1. This formula ensures the system maintains both safety (all honest nodes agree on the same valid state) and liveness (the network continues to produce new blocks) even when f nodes are arbitrarily faulty. The rule originates from the seminal Byzantine Generals Problem and is the theoretical bedrock for protocols like Practical Byzantine Fault Tolerance (PBFT), Tendermint, and HotStuff.
The logic behind the requirement stems from the need for an honest majority to outvote the malicious minority in any voting round. With N = 3f + 1 total nodes, the maximum number of faulty nodes is f. This guarantees at least 2f + 1 honest nodes remain. For a decision to be finalized, a supermajority (typically 2f + 1) of votes is required. Since the malicious nodes can only muster f votes, they cannot forge a fraudulent supermajority on their own, ensuring safety. Conversely, the honest nodes can always achieve the required 2f + 1 votes to make progress, ensuring liveness.
In practical blockchain implementations, this rule dictates the validator set size and security assumptions. For example, a network with 100 validators adhering to 3f+1 can tolerate up to 33 malicious validators (f = 33, since 3*33 + 1 = 100). If more than one-third of the validators become Byzantine, the protocol's guarantees break down, potentially leading to double-spending or chain halts. This is a key differentiator from Nakamoto Consensus (used in Bitcoin), which provides probabilistic security with a different fault model and does not have a strict 3f+1 requirement for its miner set.
The rule's implications are critical for proof-of-stake (PoS) networks using BFT-style consensus. It defines the slashing conditions and economic security: to attack the network, an adversary would need to control more than one-third of the total staked value or voting power. This makes validator decentralization a direct security concern, as excessive concentration of stake in fewer than 3f+1 entities reduces practical fault tolerance. System architects use this rule to calculate the minimum viable validator count and the associated security budget required for their network.
key-features
CONSENSUS MECHANISM
Key Features and Implications
The 3f+1 rule defines the fault tolerance threshold for Byzantine Fault Tolerant (BFT) consensus protocols, determining how many malicious nodes a network can withstand while remaining secure and functional.
01
Fault Tolerance Threshold
The rule states a BFT network of N nodes can tolerate up to f faulty nodes, where N = 3f + 1. This means the system remains safe (consistent) and live (able to progress) as long as at least 2f + 1 nodes are honest. For example, a network with 4 nodes (N=4) can tolerate 1 faulty node (f=1).
02
Byzantine vs. Crash Faults
The 3f+1 formula is specifically for Byzantine faults, where nodes can act arbitrarily (e.g., lie, delay, or collude). This is more stringent than Crash Fault Tolerance (CFT), which only assumes nodes fail by stopping (crashing). CFT protocols like Raft require only 2f+1 nodes to tolerate f crash faults.
03
Mathematical Derivation
The formula ensures two critical properties:
- Safety: All honest nodes agree on the same state. Requires N - f > f, or N > 2f.
- Liveness: The network can make progress. Requires N - f ≥ f + 1, or N ≥ 2f + 1. Combining these yields the minimal N = 3f + 1. This guarantees a two-thirds supermajority (≥ 2/3) of honest nodes.
04
Practical Implications for Blockchains
This rule sets the security parameters for major protocols:
- Tendermint / Cosmos: Requires >2/3 of validator voting power for finality.
- PBFT (Practical Byzantine Fault Tolerance): The foundational protocol using this model.
- Validator Set Sizing: To tolerate 33 malicious validators (f=33), a network needs at least N = 100 validators total.
05
Comparison to Nakamoto Consensus
Proof-of-Work (Bitcoin) uses probabilistic finality and a different security model. It tolerates up to 50% of honest hash power for safety, but requires >50% for liveness—less strict than BFT's >66% requirement for immediate, deterministic finality. This highlights the trade-off between finality speed and adversarial tolerance.
06
Limitations and Assumptions
The 3f+1 model operates under specific synchrony assumptions—messages are delivered within a known time bound. Under partial synchrony (networks with unknown delays), protocols become more complex. It also assumes independent failures; correlated failures or Sybil attacks (one entity controlling many nodes) can break the model.
etymology-origin
CONSENSUS MECHANICS
Origin and Etymology
The 3f+1 rule is a foundational principle in Byzantine Fault Tolerant (BFT) consensus protocols, establishing the minimum network size required to tolerate malicious actors.
The 3f+1 rule originates from the Byzantine Generals' Problem, a classic computer science dilemma formalized by Lamport, Shostak, and Pease in 1982. It mathematically defines the resilience threshold for a distributed system: to tolerate f faulty or malicious nodes (Byzantine faults), the total network must consist of at least 3f + 1 nodes. This ensures that the honest majority (2f + 1) can always reach consensus despite the presence of f adversarial nodes attempting to disrupt the process. The rule is the bedrock of Practical Byzantine Fault Tolerance (PBFT) and its many blockchain derivatives.
The logic stems from the need for liveness and safety. For a system to make progress (liveness), it must receive 2f + 1 votes to confirm a proposal. To guarantee safety and prevent conflicting decisions, any two sets of 2f + 1 votes must overlap by at least one honest node. The minimum network size that satisfies both conditions is 3f + 1. In a network of 4 nodes (f=1), for example, 3 honest nodes can outvote the 1 malicious one. This principle is why many early BFT-based blockchains, like Hyperledger Fabric's initial consensus, required a specific, fixed number of validating peers.
In blockchain contexts, the rule is directly applied in consensus algorithms like Tendermint Core (used by Cosmos) and Istanbul BFT (used by early Ethereum testnets). It establishes the finality threshold—once a block is approved by 2f + 1 validators, it is irreversibly finalized. This is contrasted with Nakamoto Consensus (used by Bitcoin), which provides probabilistic finality and has different security assumptions. The 3f+1 model is preferred in permissioned blockchain networks where validator identities are known and the total node count can be controlled to meet this exact resilience requirement.
examples
THE 3F+1 RULE
Examples in Blockchain Consensus
The 3f+1 rule is a fundamental fault tolerance principle in Byzantine Fault Tolerant (BFT) consensus protocols, defining the minimum number of nodes required to withstand malicious actors.
01
Core Fault Tolerance Formula
The rule states that a Byzantine Fault Tolerant (BFT) network of N nodes can tolerate f faulty nodes (where faulty includes malicious or non-responsive) if the total nodes follow the formula: N = 3f + 1. This ensures that the honest majority (2f + 1) can always outvote the faulty nodes (f) to achieve consensus, even if they collude.
02
Practical Node Calculation
To determine the required network size for a given threat model:
- Tolerate 1 bad actor? You need N = 3(1) + 1 = 4 total nodes.
- Tolerate 3 bad actors? You need N = 3(3) + 1 = 10 total nodes.
- With 100 nodes? The network can tolerate f = (N-1)/3 = 33 faulty nodes. This math underpins the security guarantees of protocols like PBFT (Practical Byzantine Fault Tolerance).
03
Comparison to Nakamoto Consensus
Unlike BFT's 3f+1 rule, Nakamoto Consensus (used by Bitcoin) has a different security model:
- Tolerance is probabilistic, based on Proof-of-Work hashrate majority.
- It requires >50% (f < N/2) of the honest mining power to prevent a 51% attack.
- Finality is not immediate; it requires multiple block confirmations. This highlights the trade-off between deterministic finality (BFT) and decentralized permissionless entry (Nakamoto).
04
Application in Tendermint & Cosmos
The Tendermint BFT engine, used by the Cosmos ecosystem, implements the 3f+1 rule. A validator set of 100 voting power can tolerate validators representing ~33 voting power being Byzantine. Consensus proceeds in rounds with pre-vote, pre-commit, and commit phases, requiring +2/3 of the voting power (which aligns with the honest 2f+1 majority) to finalize a block.
05
Limitation: The Sybil Attack Problem
The 3f+1 rule assumes nodes are identified and countable. It does not, by itself, solve the Sybil Attack problem where one entity creates many fake identities. Therefore, BFT protocols are typically used in permissioned or proof-of-stake settings where node identity or stake is tied to a scarce resource, making Sybil attacks economically prohibitive.
CONSENSUS MECHANISMS
Comparison: Fault Tolerance Models
A comparison of how different Byzantine Fault Tolerance (BFT) consensus models handle node failures and malicious actors.
| Model / Metric | Classic BFT | Practical BFT (PBFT) | Delegated BFT (dBFT) | Tendermint BFT |
|---|---|---|---|---|
Minimum Honest Nodes Required |
|
|
|
|
Maximum Tolerated Byzantine Nodes (f) | f < n/3 | f < n/3 | f < n/3 | f < n/3 |
Network Synchrony Assumption | Synchronous | Partially Synchronous | Partially Synchronous | Partially Synchronous |
Finality | Probabilistic | Instant (Deterministic) | Instant (Deterministic) | Instant (Deterministic) |
Leader Election | Fixed / Round Robin | Round Robin (View Change) | Delegated (Electoral) | Round Robin (Proposer) |
Communication Complexity per Consensus Round | O(n²) | O(n²) | O(n) | O(n²) |
Typical Use Case | Theoretical Framework | Permissioned Consortium Chains | Public Blockchains (e.g., Neo) | Public Blockchains (e.g., Cosmos) |
security-considerations
BYZANTINE FAULT TOLERANCE
Security Considerations and Limits
The 3f+1 Rule is a foundational principle in Byzantine Fault Tolerant (BFT) consensus mechanisms, defining the minimum number of validators required to guarantee network security and liveness in the presence of malicious actors.
01
Core Definition
The 3f+1 Rule states that a Byzantine Fault Tolerant (BFT) network requires a total of N = 3f + 1 nodes to tolerate f faulty or malicious (Byzantine) nodes. This ensures both safety (all honest nodes agree on the same state) and liveness (the network can continue to produce new blocks). The formula derives from the need for a two-thirds supermajority (2f + 1) of honest nodes to outvote the faulty ones.
02
Fault Tolerance Threshold
The rule establishes the maximum tolerable adversarial power. For a network with N total validators:
- Maximum faulty nodes: f ≤ (N - 1) / 3.
- This means the network can remain secure even if up to one-third of the validators are malicious or offline. For example, a network with 100 validators (N=100) can tolerate up to f=33 Byzantine nodes before safety is compromised.
03
Safety vs. Liveness Guarantees
The 3f+1 configuration is the minimal setup to solve the Byzantine Generals Problem in a partially synchronous network.
- Safety (Consistency): Guaranteed because any two sets of 2f+1 honest nodes must intersect in at least f+1 honest nodes, preventing conflicting finalization.
- Liveness (Progress): Guaranteed because 2f+1 honest nodes (a quorum) can always be formed to finalize new blocks, as they outnumber the f faulty nodes.
04
Practical Implications for Blockchains
This rule underpins the validator set design for many Proof-of-Stake (PoS) networks using BFT consensus (e.g., Tendermint, IBFT).
- Validator Set Size: Dictates the minimum number of validators for a given security budget.
- Finality: Blocks confirmed by 2f+1 pre-commits are considered final (not subject to reorgs).
- Network Overhead: Larger N increases communication complexity (O(N²) messages per round), creating a scalability trade-off.
05
Comparison to Other Fault Models
The 3f+1 requirement is specific to Byzantine faults (arbitrary, malicious behavior).
- Crash Fault Tolerance (CFT): Requires only 2f+1 total nodes to tolerate f nodes failing by stopping. This is less stringent (e.g., Raft consensus).
- Synchronous Networks: With guaranteed message delivery bounds, only 2f+1 total nodes are needed to tolerate f Byzantine faults, but this model is unrealistic for global blockchains.
06
Limitations and Attack Vectors
While foundational, the 3f+1 model has assumptions and limits:
- Assumes Honest Majority of Stake: In PoS, validators are weighted by stake; a malicious entity controlling >1/3 of the total stake can violate safety.
- Not Immune to Cartels: If f+1 validators collude, they can halt the network (censorship attack) by refusing to vote.
- Long-Range Attacks: Not prevented by consensus alone; requires additional mechanisms like weak subjectivity checkpoints.
BLOCKCHAIN CONSENSUS
Common Misconceptions
Clarifying persistent misunderstandings about core blockchain mechanisms, starting with the often-misapplied 3f+1 rule for Byzantine Fault Tolerance.
The 3f+1 rule is a fundamental principle of Byzantine Fault Tolerance (BFT) that defines the minimum number of nodes required in a network to tolerate 'f' malicious or faulty nodes. It states that a system needs a total of N ≥ 3f + 1 nodes to guarantee safety (all honest nodes agree on the same state) and liveness (the network continues to produce new blocks) despite up to 'f' Byzantine (arbitrarily malicious) failures. This works because honest nodes, numbering at least 2f + 1, always form a super-majority (more than two-thirds) of the network, ensuring they can outvote any malicious coalition and reach consensus on the valid chain. This model underpins classical BFT consensus protocols like PBFT (Practical Byzantine Fault Tolerance).
CONSENSUS
Frequently Asked Questions
The 3f+1 rule is a fundamental principle for Byzantine Fault Tolerant (BFT) consensus protocols, defining the minimum number of nodes required to guarantee safety and liveness in the presence of malicious actors.
The 3f+1 rule is a mathematical requirement for Byzantine Fault Tolerant (BFT) consensus protocols, stating that a network must have at least 3f + 1 total nodes to tolerate f faulty or malicious nodes while maintaining both safety (all honest nodes agree on the same state) and liveness (the network continues to produce new blocks). This rule ensures that honest nodes always maintain a two-thirds majority (2f + 1) of the total network, which is necessary to reach agreement and prevent forks, even when up to f nodes are Byzantine (acting arbitrarily). It is a cornerstone of classical BFT algorithms like Practical Byzantine Fault Tolerance (PBFT) and underpins the validator set sizing for many Proof-of-Stake networks.
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall