DSM Consensus
DSM Consensus
The Decentralized Security Mesh (DSM) is a Byzantine fault-tolerant consensus protocol for collective threat intelligence sharing.
Overview
Not a blockchain. Not cryptocurrency. Not mining.
DSM uses a lightweight Merkle-DAG with RAFT-like consensus to sign, validate, and propagate security events.
| Property | Value |
|---|---|
| Consensus | BLS signature aggregation |
| Fault Tolerance | f=(n-1)/3 Byzantine |
| Data Structure | Merkle DAG |
| Epoch Duration | 5 minutes |
| Gossip Port | 7946 |
Architecture
┌─────────────────────────────────────────────────────────────────┐│ Layer 3: Consensus ││ Validators aggregate microblocks into checkpoints ││ BLS signature aggregation for Byzantine fault tolerance │└─────────────────────────────────────────────────────────────────┘ ↑┌─────────────────────────────────────────────────────────────────┐│ Layer 2: Validation ││ Merkle DAG of microblocks from all edge nodes ││ Gossip protocol for block announcement │└─────────────────────────────────────────────────────────────────┘ ↑┌─────────────────────────────────────────────────────────────────┐│ Layer 1: Detection ││ Edge nodes create microblocks for security events ││ TPM-signed, cryptographically verifiable │└─────────────────────────────────────────────────────────────────┘Data Structures
Microblock (M)
Security event record created by edge nodes:
{ "type": "M", "node_id": "edge-uuid-12345", "seq": 1847, "prev": "sha256-of-previous-microblock", "timestamp": "2025-12-07T18:35:00Z", "payload_hash": "sha256-of-security-event", "event_type": "ids_alert|mitigation|threat_intel|policy_update", "signature": "tpm-signed-data", "neuro": { "ter_hash": "sha256-of-current-ter", "w_fingerprint": "sha512-of-current-weights", "posf_signature": "32-byte-neural-signature" }}Checkpoint (C)
Epoch aggregation created by validators:
{ "type": "C", "epoch": 147, "timestamp": "2025-12-07T18:40:00Z", "merkle_root": "root-of-all-microblocks-in-epoch", "included_ranges": { "edge-uuid-12345": [1840, 1850], "edge-uuid-67890": [923, 935] }, "validator_id": "validator-uuid-001", "signature": "tpm-signed-checkpoint", "agg_signature": "bls-aggregated-sig-from-quorum"}Consensus Protocol
Byzantine Fault Tolerance
def bft_quorum_required(total_validators: int) -> int: """ Tolerates f=(n-1)/3 Byzantine (malicious) validators.
For n=10 validators: f=3 Byzantine tolerated, require 7 signatures For n=7 validators: f=2 Byzantine tolerated, require 5 signatures """ f = (total_validators - 1) // 3 quorum = total_validators - f return quorumBLS Signature Aggregation
from bls import aggregate_signatures, verify_aggregate
# Each validator signs the checkpointsignatures = [ validator1.sign(checkpoint_hash), validator2.sign(checkpoint_hash), validator3.sign(checkpoint_hash), # ...]
# Aggregate into single signatureagg_signature = aggregate_signatures(signatures)
# Verify with all public keysvalid = verify_aggregate( agg_signature, checkpoint_hash, [v.public_key for v in validators])Epoch Flow
T+0:00 Epoch 147 begins │T+0:30 Edge nodes create microblocks ├── edge-12345: M[1840], M[1841], ... ├── edge-67890: M[923], M[924], ... └── Gossip propagation │T+4:30 Validators collect microblocks └── Build Merkle tree │T+4:45 Lead validator proposes checkpoint └── checkpoint.merkle_root = compute_root() │T+4:50 Validators verify and sign ├── validator1.sign(checkpoint) ├── validator2.sign(checkpoint) └── ... │T+4:55 BLS aggregation └── agg_signature = aggregate(signatures) │T+5:00 Checkpoint finalized └── Epoch 148 beginsGossip Protocol
Message Propagation
Node A creates microblock M[1847] │ ├──► Validator 1 │ │ │ ├──► Validator 2, 3 │ │ │ │ │ └──► All validators │ │ │ └──► Nearby edge nodes │ └──► Direct peers (peer-to-peer)Gossip Configuration
gossip: port: 7946 fanout: 4 # Peers to forward to interval: 100ms # Gossip cycle max_pending: 1000 # Queue size bootstrap_nodes: - "validator1.hookprobe.mesh:7946" - "validator2.hookprobe.mesh:7946"Merkle DAG
Structure
Epoch 147 Merkle Tree:
[Root] / \ [Hash AB] [Hash CD] / \ / \ [Hash A] [Hash B] [Hash C] [Hash D] | | | | M[1840] M[1841] M[923] M[924] | | | | edge-12345 edge-12345 edge-67890 edge-67890Merkle Proof
def verify_inclusion(microblock, proof, root): """Verify microblock is included in checkpoint""" current = hash(microblock)
for sibling, direction in proof: if direction == 'left': current = hash(sibling + current) else: current = hash(current + sibling)
return current == rootNode Roles
Edge Nodes
Responsibilities:
- Create microblocks for security events
- Sign with TPM/PoSF
- Gossip to peers and validators
- Store local microblock history
Validators
Responsibilities:
- Collect microblocks from edge nodes
- Build Merkle trees
- Propose checkpoints
- Sign and aggregate BLS signatures
- Maintain checkpoint history
Requirements
| Role | Hardware | RAM |
|---|---|---|
| Edge | Any tier | 256MB+ |
| Validator | TPM required | 1GB+ |
POD-010 Integration
┌─────────────────────────────────────────────────────────────┐│ POD-010: DSM Ledger & Consensus Engine │├─────────────────────────────────────────────────────────────┤│ Services: ││ - dsm-node (Microblock creation & gossip) ││ - dsm-validator (Checkpoint creation if validator) ││ - dsm-consensus (BLS aggregation & verification) ││ - dsm-api (Query interface for blocks) ││ ││ Storage: ││ - Local: LevelDB/RocksDB for microblocks ││ - Persistent: PostgreSQL for checkpoints ││ - Cache: Redis for pending validations ││ ││ Integration Points: ││ - POD-006: Receives security events ││ - POD-007: Logs mitigation actions ││ - POD-005: Exports metrics to Grafana ││ - POD-002: Validates node identities via IAM │└─────────────────────────────────────────────────────────────┘Configuration
dsm: node: id: "${HOOKPROBE_NODE_ID}" role: "edge" # edge, validator, or both
tpm: enabled: true key_path: "/var/lib/hookprobe/tpm/dsm-key" pcr_indices: [0, 1, 2, 3, 7]
validator: enabled: false certificate_path: "/var/lib/hookprobe/certs/validator.pem"
consensus: epoch_duration: 300 # 5 minutes quorum_threshold: 0.67 # 2/3 required signature_timeout: 30 # seconds
storage: microblocks: backend: "rocksdb" path: "/var/lib/hookprobe/dsm/microblocks" retention_days: 30 checkpoints: backend: "postgresql" table: "dsm_checkpoints" retention_days: 365
gossip: port: 7946 bootstrap_nodes: - "validator1.hookprobe.mesh:7946" - "validator2.hookprobe.mesh:7946"Security Guarantees
Tamper-Evidence
- Microblock chain: Each block references previous hash
- Merkle tree: Modification invalidates root
- BLS aggregation: Requires 2/3 validator consensus
Non-Repudiation
- TPM signatures: Hardware-backed, unforgeable
- Attestation: Proves node integrity at signing time
- Sequence numbers: Prevents replay attacks
Privacy
- IP anonymization: Hashed before inclusion
- Payload separation: Only hash stored in microblock
- Selective disclosure: Full payloads only to authorized nodes
CLI Commands
# View DSM statushookprobe-ctl dsm status
# List recent microblockshookprobe-ctl dsm blocks --recent 10
# View checkpointhookprobe-ctl dsm checkpoint --epoch 147
# Verify inclusionhookprobe-ctl dsm verify --block <hash> --checkpoint <epoch>Metrics
# Microblocks createdrate(dsm_microblocks_created_total[5m])
# Checkpoints finalizeddsm_checkpoints_total
# Gossip propagation latencyhistogram_quantile(0.95, dsm_gossip_latency_seconds)
# BLS aggregation timedsm_bls_aggregation_secondsNext Steps
- NEURO Protocol - Neural signing for DSM
- HTP Protocol - Transport layer
- Collective Defense - How DSM enables the mesh