Blockchain consensus has long been constrained by the trilemma among security, latency, and decentralization. This paper proposes BlueBottle, a novel two-layer consensus architecture that decouples core consensus from decentralized safety enforcement. The core layer employs BB-Core—a protocol tolerating up to $f$ Byzantine faults with $n = 5f + 1$ validators—achieving sub-second optimistic finality under partial synchrony. The guardian layer, BB-Guard, operates asynchronously to detect violations, generate distributed timestamps, propagate cryptographic evidence, and resolve forks, thereby ensuring strong safety and liveness. Experimental evaluation demonstrates that BlueBottle’s core layer reduces end-to-end latency by 20–25% compared to Mysticeti, while simultaneously delivering high throughput, low latency, strong decentralization, and robustness against adversarial participants. BlueBottle thus transcends the conventional trade-off frontier among performance, security, and decentralization.

Blockchain consensus faces a trilemma of security, latency, and decentralization. High-throughput systems often require a reduction in decentralization or robustness against strong adversaries, while highly decentralized and secure systems tend to have lower performance. We present BlueBottle, a two-layer consensus architecture. The core layer, BB-Core, is an n=5f+1 protocol that trades some fault tolerance for a much lower finality latency with a medium-sized core validator set. Our experiments show that BB-Core reduces latency by 20-25% in comparison to Mysticeti. The guard layer, BB-Guard, provides decentralized timestamping, proactive misbehavior detection in BB-Core, and a synchronous recovery path. When it observes equivocations or liveness failures in the core -- while tolerating up to f<3n/5 faulty nodes in the primary layer -- guard validators disseminate evidence, agree on misbehaving parties for exclusion or slashing, and either restart the core protocol (for liveness violations) or select a canonical fork (for safety violations). Together, these layers enable optimistic sub-second finality at high throughput while maintaining strong safety and liveness under a mild synchrony assumption.