SURAKSHA सुरक्षा

Security Model — Mathematical Trust, No Simulation

v2.8.2

YAKMESH's comprehensive security stack: hardware attestation, KARMA trust tiers, Sybil defense, and the strike system.

KARMA Trust Tiers

Nodes earn trust through verifiable hardware, precise time sources, and sustained good behavior. Trust tiers are named after Nepali expedition team roles:

Tier Nepali Weight Requirements
SIRDAR सिरदार 2.0× Expedition Leader — Atomic clock + AES-NI + 30 days
SATHI साथी 1.5× Trusted Companion — GPS+PPS + AES-NI + 14 days
PATHIK पथिक 1.25× Traveler on Path — PTP + AES-NI + 7 days
YATRI यात्री 1.0× Pilgrim — NTP + AES-NI + 1 day
NAYA नया 0.25× Newcomer — Unverified (new nodes, VMs) 
import { TrustProfile, KARMA_TIER, TIER_WEIGHT } from 'yakmesh/security/trust-tier';

const profile = new TrustProfile({ dokoId: nodeId });

// Get node's current tier
const tier = await profile.evaluateTier();
console.log(tier);                    // "sathi"
console.log(TIER_WEIGHT[tier]);       // 1.5

// Check if node meets threshold
if (TIER_WEIGHT[tier] >= TIER_WEIGHT[KARMA_TIER.PATHIK]) {
  // Allow privileged operations
}

Hardware Attestation

Prove you're running on real silicon, not a VM or simulation. AES-NI timing analysis detects emulation.

Real Hardware

  • • AES-NI instructions: ~1-3 cycles
  • • Consistent timing patterns
  • • Low variance across samples

VM/Emulation

  • • Software AES: 10-100× slower
  • • High timing variance
  • • Detectable jitter patterns
import { HardwareAttestor } from 'yakmesh/security/hardware-attestation';

const attestor = new HardwareAttestor();

// Challenge a peer to prove real silicon
const challenge = attestor.createChallenge();
const response = await peer.respondToChallenge(challenge);

// Verify timing proves real AES-NI
const result = attestor.verifyResponse(response);
if (result.isRealSilicon) {
  console.log('Verified real hardware');
} else {
  console.log('Likely VM or emulation');
}

Silicon Parity

"One Silicon = One Vote" — Prevents large server farms from dominating the network.

Weight Division Formula

effectiveWeight = tierMaxWeight / coreCount

A 100-core server gets the same total weight as a single-core Raspberry Pi. This prevents resource-rich attackers from gaining disproportionate influence.

Setup Cores Effective Weight
Raspberry Pi40.50
Desktop PC80.25
Server640.03
100-core farm1000.02

Sybil Graph Analysis

Detects coordinated fake identities through network topology analysis.

Clustering Coefficient

Sybil clusters have unusually high clustering (>0.7). Real networks have organic, lower clustering.

Edge Cut Ratio

Insular clusters (<0.1 edge cut) are flagged. Real nodes connect broadly across the network.

Behavior Correlation

Sybils often come online/offline together. Correlated uptime patterns trigger investigation.

Component Isolation

Genuine nodes form one giant component. Sybil clusters are often isolated subgraphs.

Strike System

"Three Strikes — Then Math Speaks" — Progressive penalties for bad actors.

Strike 1: Warning

Fresh start allowed. Strike is recorded against hardware fingerprint.

Strike 2: Probation

7-day probation period. Trust weight reduced to 0.5×. All actions monitored.

Strike 3: Permanent Ban

Hardware fingerprint banned. Cannot rejoin network even with new keys.

Hardware Fingerprint Tracking

Strikes are tied to AES-NI hardware fingerprints, not just keys. Generating new keypairs doesn't reset strikes — the silicon is remembered.

Mesh-Consensus Revocation

Revoke malicious nodes through mathematical consensus, not central authority.

2/3 Threshold Attestation

When 2/3 of trust-weighted peers attest to bad behavior, a revocation certificate is automatically generated and propagated.

  • • All attestations are ML-DSA-65 signed
  • • Revocation certificates are verifiable by any node
  • • No central authority needed

Active Defense Systems

Beyond passive trust scoring, YAKMESH employs active behavioral monitoring to detect and respond to trusted nodes turning malicious.

VEGATI — Velocity Detection

Establishes behavioral baselines using exponential moving averages, then detects sudden changes via z-score anomaly detection. Alerts at 2σ (elevated), 3σ (warning), and 4σ (critical) deviations.

ZIMMEDARI — Attestation Accountability

Tracks attestation accuracy per node. Nodes that file false accusations have their attestation weight reduced. Prevents weaponization of the revocation system.

Trust-Proportional Rate Limiting

Trusted nodes get higher rate limits (up to 5×), but face proportionally harsher penalties if they abuse that trust. Veteran nodes betraying the network are banned 3× longer.

STUPA Emergency Broadcasts

Revocation messages use a special high-priority STUPA channel that bypasses normal rate limits, ensuring rapid propagation of critical security events.

KHATA Trust Protocol

Kryptographic Handshake for Automated Trust Acceptance — The gossip layer for trust information.

Message Types
• ATTESTATION_REQUEST
• ATTESTATION_RESPONSE
• CHALLENGE_FORWARD
• CHALLENGE_RESPONSE
• REVOCATION_ANNOUNCE
• STRIKE_ANNOUNCE
• GEO_PROOF_ANNOUNCE
• LANDMARK_VERIFY

Continue the Journey

← Previous
PRAMAAN

Geographic proofs
Next →
TIVRA

Hardware acceleration