` 22 D. Mazieres nodes can attempt to predict the final composite value before they even have a candi- date value. To do this, the composite value can be taken as combine(Z) when Z ≠ ç, otherwise combine(Y) when Y ≠ ç, otherwise combine(X) when X ≠ ç. This means the highest-priority node can optimistically initiate balloting at the same time as nom- ination, piggybacking its first ballot message PREPARE (described below) on its first NOMINATEmessage. 6.2. Ballot protocol Once nodes have a composite value, they engage in the ballot protocol, though nomi- nation may continue to update the composite value in parallel. A ballot b is a pair of the form b = ⟨n,x⟩, where x ≠ ⊥ is a value and b is a referendum on externalizing x for the slot in question. The value n ≥ 1 is a counter to ensure higher ballot numbers are always available. We use C-like notation b.n and b.x to denote the counter and value fields of ballot b, so that b = ⟨b.n,b.x⟩. Ballots are totally ordered, with b.n more signif- icant than b.x. For convenience, a special invalid null ballot 0 = ⟨0,⊥⟩ is less than all other ballots, and a special counter value ∞ is greater than all other counters. Wespeak of committing and aborting a ballot b as a shorthand for using federated votingtoagreeonthestatementscommitbandabortb,respectively.Foragivenballot, commit and abort are contradictory, so a well-behaved node may vote for at most one of them. In the notation of Section 5, the opposite of commit b would be “commit b,” but abort b is a more intuitive notation. Because at most one value can be chosen for a given slot, all committed and stuck ballots mustcontainthesamevalue.Roughlyspeaking,thismeanscommitstatements are invalid if they conflict with lower-numbered unaborted ballots. Definition (compatible). Two ballots b and b are compatible, written b ∼ b , iff 1 2 1 2 b .x = b .x and incompatible, written b ≁ b , iff b .x ≠ b .x. We also write b ≲ b or 1 2 1 2 1 2 1 2 b ≳ b iff b ≤ b (or equivalently b ≥ b ) and b ∼ b . Similarly, b ⋦ b or b ⋧ b 2 1 1 2 2 1 1 2 1 2 2 1 meansb ≤b (orequivalently b ≥ b ) and b ≁ b . 1 2 2 1 1 2 Definition (prepared). A ballot b is prepared iff every statement in the following set is true: {abort bold ∣ bold ⋦ b}. More precisely, then, commit b is valid to vote for only if b is confirmed prepared, which nodes ensure through federated voting on the corresponding abort statements. It is convenient to vote on these statements en masse, so wherever we write “b is prepared,” the surrounding context applies to the whole set of abort statements. In particular, a node votes, accepts, or confirms that b is prepared iff it votes for, accepts, or confirms, respectively, all of these aborts. Tocommitaballotbandexternalizeitsvalueb.x,SCPnodesfirstacceptandconfirm b is prepared, then accept and confirm commit b. Before the first intact node votes for commit b, the prepare step, through federated voting, ensures all intact nodes can eventually confirm b is prepared. When an intact node v accepts commit b, it means b.x will eventually be chosen. However, as discussed in Section 5.4.1, v must confirm commitbefore acting on it in case v is befouled. 6.2.1. Concrete ballot protocol. Figure 16 illustrates the per-slot state maintained by eachnode.Anodevstores:itscurrentphase';itscurrentballotb;thetwomostrecent ¨ incompatible ballots it has prepared (p,p ); the lowest (c) and highest (ℎ) ballot, if any, it has voted to commit and for which it has not subsequently accepted an abort (or for which it has accepted or confirmed a commit in later phases); a next value z to try if the current ballot fails; and the latest message received from each node (M). Ballots b, ¨ p, p , and ℎ are non-decreasing within a phase. In addition, if c ≠ 0—meaning v may