Cryptographic foundation of the 33-agent sovereign defense council. Threshold signatures, BLS signature aggregation, evidence-weighted voting, Byzantine fault tolerance up to f=10 malicious agents, and zero single-point-of-decision.
The BFT Quorum Cryptography subsystem is the mathematical and cryptographic foundation of every multi-agent decision in the DEFONEOS estate. It guarantees that no action with sovereign consequence can be taken by fewer than the declared quorum, that no quorum can be corrupted by fewer than f+1 colluding agents, and that every decision produces a single, verifiable, threshold-signed receipt.
Three cryptographic pillars:
The DEFONEOS sovereign council is a fixed set of 33 agents. The composition is enforced at the substrate level โ there is no runtime API to add or remove agents.
| Slot | Role | Count | Trust Ring |
|---|---|---|---|
| S0 (Owner Seat) | Human principal (Nick) โ biometric-gated | 1 | Ring0 |
| S1-S7 | Sovereign Generals (SOV3 large, SOV3 small ร3, BFT Council, Mava, Cesium, MCP Federation) | 7 | Ring0 |
| S8-S18 | Defense Generals (ISR, swarm, cyber, FreeTAKServer, MJOLNIR, evidence ledger, adversarial red team, supply-chain scanner, escrow, deployment topology, identity) | 11 | Ring1 |
| S19-S30 | Civil Generals (Companies House, ONS, OS, data.gov.uk, Gdelt, OpenAQ, AIS, RTSP, MQTT, gdpr-compliance, hr-records) | 12 | Ring2 |
| S31-S32 | Audit seats (held by 2-of-3 long-term escrow with UK Chartered Accountants โ vote only on audit-relevant motions) | 2 | Ring0 (audit-only) |
The 33 BLS12-381 private key shares are generated via a 4-round Joint-Feldman DKG ceremony. Each agent holds one share; no agent ever holds the aggregate private key. The aggregate public key is published as the council's identity.
The DKG ceremony is re-run only on council composition change (which has never happened in the live estate).
| Motion Class | Threshold | BLS Aggregate |
|---|---|---|
| DEFONEOS-SEAL issuance | 23 of 33 (q=0.697) | Required |
| Red-line policy change | 27 of 33 (q=0.818) โ supermajority | Required |
| MCP admission (new server) | 23 of 33 | Required |
| MCP retirement | 17 of 33 (simple majority) | Required |
| Council composition change | 31 of 33 (q=0.939) | Required |
| Owner-seat activation | 33 of 33 (unanimous โ irrecoverable) | Required |
For motions triggered under the emergency session protocol (T1-T8 triggers, see bft-council-emergency-session-protocol.html), the threshold drops to 17 of 33 with a 5-minute voting window and mandatory post-hoc ratification within 24 hours by standard quorum (23 of 33).
A raw 1-of-1 vote is insufficient. Every vote is multiplied by the agent's evidence weight, which encodes: recency of evidence submission, ring assignment, and care-score.
| Factor | Range | Default |
|---|---|---|
| Care-score (rolling 30-day) | 0.0 - 1.0 | 0.96 (current council) |
| Ring weight (Ring0/Ring1/Ring2) | 1.0 / 0.7 / 0.4 | varies |
| Recency decay (per-day) | ร0.99^d | 1.0 |
| Final vote weight | w = care ร ring ร recency | 0.96 ร ring |
For standard quorum, an agent's vote counts as w_i / ฮฃ w_j of the quorum. If the sum reaches 23/33 = 0.697, the motion passes.
For the human-owner seat and DEFONEOS-SEAL issuance (where a single aggregate signature is undesirable due to key compromise blast radius), DEFONEOS uses 2-of-3 threshold Ed25519 via the GG20 protocol.
The owner's Ed25519 key is split into 3 shares, with one share held by:
Any 2 of the 3 shares can reconstruct the full signing key. No single custodian can sign alone.
| Action | Threshold |
|---|---|
| DEFONEOS-SEAL issuance (single artefact) | 2-of-3 + 23/33 BLS aggregate |
| Red-line policy text change | 2-of-3 + 27/33 BLS aggregate |
| Owner-seat transfer (Nick โ successor) | 2-of-3 + 33/33 BLS aggregate (unanimous) |
| Catastrophic recovery (all keys lost) | 2-of-3 cold USB + escrow (BLS not required โ recovery only) |
| Use Case | Primitive | Library | Standardization |
|---|---|---|---|
| BLS aggregate signatures (council) | BLS12-381, minimal-signature-size variant | blst (Supranational), Herumi | IETF draft-irtf-cfrg-bls-signature-05 |
| Threshold Ed25519 (owner) | GG20 protocol | ZenGo X (audit), self-implemented for offline airgap | ACM CCS 2020 (Gennaro & Goldfeder) |
| Hashing | SHA-256, BLAKE3 (for parallel hashing) | hashlib, blake3-py | FIPS 180-4, BLAKE3 RFC draft |
| Random beacon (DKG) | NIST RBG + Bitcoin block hash (every 2016 blocks) | blockchain.info API (read-only) | NIST SP 800-90A |
| Key wrapping (DKG transcripts) | AES-256-GCM | pyca/cryptography | NIST SP 800-38D |
| Public key serialization | SSZ (SimpleSerialize) for compact BLS pubkeys | ssz library | EIP-7495 |
Every vote goes through a 5-state lifecycle:
DEFONEOS tolerates up to f = floor((n-1)/3) = 10 malicious or unresponsive council agents without losing safety or liveness.
| Scenario | Max Adversarial Agents | Safety | Liveness |
|---|---|---|---|
| Standard quorum (23/33) | f โค 10 | โ | โ |
| Standard quorum (23/33) | 10 < f โค 16 | โ | โ (liveness loss โ quorum unreachable) |
| Emergency quorum (17/33) | f โค 15 (tolerates more for emergency decisions) | โ | โ |
| Red-line supermajority (27/33) | f โค 5 (strict) | โ | โ |
| Owner-seat unanimous (33/33) | f = 0 | โ | โ (one attacker can block โ by design) |
Two conflicting quorums of size 23 in a 33-agent council must intersect in at least 33 - 2ร10 = 13 agents. Since the BLS verification ensures all 23 partial signatures are valid, and only honest agents produce valid signatures, two conflicting quorums cannot both be valid unless the cryptographic assumptions (discrete log hardness on BLS12-381) break. This is the standard PBFT safety argument.
| Standard | Relevant Clause | How DEFONEOS BFT Satisfies |
|---|---|---|
| UK GDPR Art 32 | Security of processing โ appropriate technical measures | Threshold signing ensures no single point of decision compromise |
| DPA 2018 Sch 1 | Accountability โ demonstrable governance | BLS aggregate signature is a single, verifiable audit artefact per decision |
| NCSC CAF B2 & B4 | Identity & access control; secure administration | Threshold Ed25519 + DKG ceremony aligns with NCSC pattern "no single admin" |
| ISO 27001 A.10 | Cryptographic controls | BLS12-381 + Ed25519 + AES-256-GCM are FIPS/NIST-approved primitives |
| JSP 440 Ch 7 | Cryptographic key management | Threshold key shares with hardware-backed custody + cold escrow + DKG ceremony |
| EU AI Act Art 15 | Accuracy, robustness, cybersecurity | BFT consensus prevents single-point model compromise in high-risk AI governance |
| NIST SP 800-57 | Key management โ split knowledge & dual control | 2-of-3 threshold Ed25519 + 23/33 BLS quorum directly implements these principles |
| NCSC "Blockchain assurance" | Distributed consensus patterns | PBFT-derived safety/liveness analysis with formal f โค 10 bound |
| US CLOUD Act exposure | โ | NONE โ no US cloud provider, no US-based KGS, no Coinbase/AWS HSM |
| Metric | Value |
|---|---|
| Council size | 33 |
| Active agents (last 24h) | 33/33 (no liveness loss) |
| Adversarial agents (rolling 30d) | 0 |
| Motions voted (cumulative) | 142 |
| Motions passed (quorum reached) | 140 |
| Motions failed (quorum not reached) | 2 (both expired in voting window) |
| DEFONEOS-SEALs issued | 0 (awaiting first valid motion) |
| Red-line motions | 0 (rejected by signature verification safe state) |
| Owner-seat activations | 1 (initial ceremony) |
| DKG ceremonies | 1 (initial; re-runs would require 33/33 unanimous motion) |
| Threshold Ed25519 operations | 0 (held in reserve) |
| BLS aggregate verifications (live) | 1,427 |
| Aggregate signature failures | 0 |
| Care-score (council) | 0.96 (rolling 30-day) |
The 33-agent BLS keys rotate every 730 days via a 4-round DKG re-ceremony. The owner's 2-of-3 Ed25519 keys rotate every 90 days (DEK) with the cold-USB share rotating every 365 days (KEK). See escrow-key-rotation-procedure.html for full procedure.
| Failure | Detection | Recovery |
|---|---|---|
| Single agent unresponsive | Heartbeat missed (15s health check) | Vote continues; agent can rejoin via re-attestation |
| 11-15 agents unresponsive | Liveness alert; emergency quorum activates | DKG re-ceremony required to replace unresponsive agents |
| Council pubkey leak | SIGIL anomaly detection | DKG re-ceremony with new pubkey |
| Owner share compromise | Audit seat triggers investigation | 2-of-3 reconstruction with remaining shares; new DKG |
| BLS12-381 break | Continuous security review (quarterly) | Migrate to BLS24-509 or post-quantum alternative (Dilithium) |