What Enterprise Consensus Needs to Optimize For
Enterprise use cases care about four things that public chain consensus largely ignores.
Transaction finality. When a bank settles a trade, it needs to know the settlement is final, not “probably final after six confirmations.” Probabilistic finality (where there is a decreasing but nonzero chance of reversal) is unacceptable for regulated financial transactions. Enterprise consensus needs deterministic finality: once confirmed, the transaction cannot be reversed.
Throughput. Enterprise systems process hundreds or thousands of transactions per second. Bitcoin’s 7 TPS and Ethereum’s 15-30 TPS are inadequate. Enterprise consensus mechanisms need to support 1,000+ TPS without exotic hardware.
Latency. Sub-second to single-digit-second confirmation times. A supply chain event recorded on a blockchain should be confirmed within seconds, not minutes or hours.
Energy efficiency. ESG concerns and operational cost make proof-of-work a non-starter for enterprise deployments. Consensus should use minimal computational resources beyond normal transaction validation.
Raft: Simple and Fast
Raft is a leader-based consensus protocol originally designed for distributed systems. In blockchain context, Hyperledger Fabric uses Raft for its ordering service. A leader node orders transactions into blocks, and follower nodes replicate those blocks. If the leader fails, followers elect a new leader.
Raft Consensus Flow:
Client ──► Leader (Orderer) ──► Append to log
│
├──► Follower 1: Replicate ✓
├──► Follower 2: Replicate ✓
└──► Follower 3: Replicate ✓
│
▼
Majority confirmed → Commit block
Leader election: If leader fails, followers with most
up-to-date logs are eligible to become new leader.
Properties:
✓ Crash fault tolerant (survives f failures with 2f+1 nodes)
✗ NOT Byzantine fault tolerant (trusts all nodes are honest)
✓ Deterministic finality (committed = final)
✓ Throughput: 2,000-3,000+ TPS
✓ Latency: sub-secondRaft is fast and simple but has a critical limitation: it assumes all nodes are honest. If a compromised node sends conflicting messages or corrupts data, Raft has no mechanism to detect or recover from it. This makes Raft suitable for consortiums where all participants are legally bound and technically competent, but risky when there is any possibility of adversarial behavior among node operators.
PBFT and Its Variants: Byzantine Fault Tolerance
Practical Byzantine Fault Tolerance (PBFT) handles the scenario where some nodes might be malicious. It guarantees consensus as long as fewer than one-third of the nodes are faulty or compromised. Hyperledger Sawtooth supports PBFT, and several other enterprise platforms use PBFT-derived algorithms.
PBFT Consensus Phases:
Phase 1, Pre-prepare:
Primary node assigns sequence number to request
Broadcasts <PRE-PREPARE, view, seq, digest> to all replicas
Phase 2, Prepare:
Each replica validates and broadcasts PREPARE message
Waits for 2f matching PREPARE messages (quorum)
Phase 3, Commit:
Each prepared replica broadcasts COMMIT message
Waits for 2f+1 matching COMMIT messages
Executes request and sends reply to client
Properties:
✓ Byzantine fault tolerant (survives f faults with 3f+1 nodes)
✓ Deterministic finality
✗ Communication complexity: O(n²) messages per consensus round
✗ Throughput degrades with node count (practical limit ~20-30 nodes)
✓ Latency: 1-3 secondsThe O(n²) message complexity is PBFT’s Achilles heel. With 10 nodes, each consensus round requires roughly 100 messages. With 50 nodes, it is 2,500 messages. Performance degrades rapidly beyond 20-30 nodes. This is why PBFT-based networks work well for small to medium consortiums but struggle with large participant counts.
Istanbul BFT (IBFT): Production-Grade BFT
Istanbul BFT is a PBFT variant used by Quorum and Hyperledger Besu. It is designed for Ethereum-compatible networks and adds features like validator set management (adding/removing validators without restarting the network) and round-robin block proposal to prevent a single proposer from becoming a bottleneck.
IBFT2 (the improved version in Besu) handles validator rotation, configurable block time, and has better recovery from network partitions. It is the default consensus for enterprise Ethereum deployments.
Corda’s Notary Service: A Different Approach
R3 Corda does not use traditional blockchain consensus at all. Instead, it uses a notary service that validates transactions for uniqueness (preventing double-spends) without necessarily seeing the full transaction details. Notaries can be simple (single node, crash fault tolerant) or clustered (multi-node, BFT).
This architecture is intentional. In Corda, transactions are only shared between involved parties, not broadcast to the network. There is no global ordering of all transactions. The notary only ensures that a specific state has not been consumed twice, a much lighter-weight consensus requirement than ordering every transaction across the network.
Comparison for Decision-Making
┌─────────────────┬───────────┬──────────┬───────────┬──────────┐
│ │ Raft │ PBFT │ IBFT2 │ Notary │
│ │ (Fabric) │(Sawtooth)│ (Besu) │ (Corda) │
├─────────────────┼───────────┼──────────┼───────────┼──────────┤
│ Fault tolerance │ Crash │Byzantine │ Byzantine │ Config. │
│ Max faults │ f of 2f+1│ f of 3f+1│ f of 3f+1│ Varies │
│ Throughput │ 3000+ │ 1000-2000│ 500-1500 │ 1000+ │
│ Latency │ <1s │ 1-3s │ 2-5s │ <1s │
│ Finality │ Instant │ Instant │ Instant │ Instant │
│ Node limit │ 50+ │ 20-30 │ 20-30 │ N/A │
│ Complexity │ Low │ High │ Medium │ Low │
│ Best for │ Trusted │ Semi- │ Ethereum │Financial │
│ │consortium │ trusted │ compat. │ services │
└─────────────────┴───────────┴──────────┴───────────┴──────────┘Making the Choice
If all participants are known, legally bound, and you trust they will not act maliciously at the node level, Raft gives you the best performance. This covers most intra-company and close-partnership deployments.
If participants might have conflicting interests and you need protection against individual node operators behaving dishonestly, PBFT or IBFT2 provides Byzantine fault tolerance at the cost of performance and scalability.
If you are building for financial services and need point-to-point privacy with lightweight consensus, Corda’s notary model is purpose-built for that world.
The right consensus mechanism is the one that matches your trust model, not the one with the most impressive theoretical properties. Over-engineering consensus, using BFT when Raft would suffice, wastes performance. Under-engineering it, using Raft when participants have adversarial incentives, creates security gaps. Know your participants, know your risks, and choose accordingly.