Description
Currently any Validator can read from the multiple Scan APIs served Super Validators, and compare them for consistency, using the BFT Read proxy built into the Validator.
This means that any application that wants to avoid trusting any specific Super Validator needs to operate a Validator node. This makes sense for Canton applications that submit transactions via Daml commands processed on Participant nodes. But applications that primarily analyze the data produced by the Super Validators, such as risk management analytics vendors, dashboards and API providers, want to provide application value whether or not they also choose to operate a Validator node. And even application providers who do operate a Validator node frequently want to operate triggers and automation that rely on the Scan API, separately from the transaction-submitting Validator node.
These application development partners want a set of libraries that their applications can use, which will perform BFT comparisons on reads from Scan APIs operated by the Super Validators. These libraries should allow the application developer relying on them to define either an f + 1 threshold, or a 2f + 1 threshold, according to their threat model. By "f + 1" or "2f + 1" threshold we mean that the libraries can take as input the number of available Scan APIs, calculate the BFT fault level f for that number of data sources, and compare the reads for consistency before returning read data to the client.