// Chapter 07 · Protocol

Threat Model

Six ways a node can go bad.

9 min4 sectionsProtocol

Every attack has a named mitigation.

// 7.0 · and we name what we don't defend too

// Threat model · shape

Six misbehaviour categories. Eleven named threats. Three explicit non-defenses.

Detection lives at the coordination layer. Enforcement is uptime-based: a node that fails liveness or validation earns nothing for that period. There is no slashing; staked principal is never seized.

Six misbehaviour categories

// 7.1 · increasing severity · detection at the coordination layer

// Misbehaviour register · 6 categoriesseverity 1 → 5

// 01
Soft offline
sev 1/5
Fails to accept tasks for more than 24h without prior unstake notification
// detection Coordinator heartbeat monitor
// 02
Failed PoE
sev 2/5
Returns a result whose PoE hash does not match on reconstruction
// detection Hash-commitment check
// 03
Wrong result
sev 3/5
Returns valid PoE but the output is wrong, caught by redundant re-dispatch
// detection Redundancy comparison (sampled second node)
// 04
Provably malicious
sev 4/5
Returns deliberately corrupted, manipulated, or fabricated data
// detection Forensic analysis on returned payload
// 05
Collusion
sev 5/5
Multiple nodes return matching wrong results to bypass the redundancy check
// detection Statistical analysis of result agreement
// 06
Sybil identity
sev 5/5
Single operator runs multiple node identities to capture more work than allowed
// detection Behavioural fingerprinting · IP / hardware overlap

Enforcement is uptime-based

// 7.2 · no slashing · the reward model carries enforcement

// 7.2 · From launchAvailable now

A non-reconstructing PoE hash is rejected; the request is re-dispatched.
Sampled re-dispatch catches a wrong-but-well-formed result and flags the node.
Failing liveness or validation earns no uptime credit; that pool share redistributes to online nodes.
Persistent failure drops the node from the active set. No slashing; staked principal is never seized.

// 7.2 · As the network opensPlanned

Same uptime-based model. Reputation tracking records per-node history as the network opens.
Persistent bad actors are flagged and stop earning. Stake stays locked and is returned in full on unstake.

Named threats and mitigations

// 7.4 · eleven vectors · four clusters

// Cluster · Network2 vectors

threatEavesdropping on dispatched request payloads
mitigationEnd-to-end encryption to the recipient node's RSA public key
threatImpersonating a node
mitigationSigned messages verified against the registered public key

// Cluster · Protocol3 vectors

threatReturning a forged result
mitigationHash-commitment check + sampled redundant re-dispatch
threatReplay of a previously valid result
mitigationrequest_id is unique per request; commitment binds result to request
threatColluding nodes returning matching wrong results
mitigationStatistical analysis of agreement; flag both, escalate validation

// Cluster · Operational3 vectors

threatOne operator running multiple sybil identities
mitigationBehavioural fingerprinting, hardware / IP overlap detection
threatCoordinator going offline
mitigationIn-flight tasks pause; documented single point of failure at launch
threatCoordinator going dishonest
mitigationPlanned decentralised validator quorums; at launch, social

// Cluster · Smart contract3 vectors

threatCompromise of a tax-destination wallet
mitigationOwner-key destination rotation (Part VIII.8)
threatSmart contract exploit on $PRLX
mitigationOwner-key transfer pause + audited migration path
threatSmart contract exploit on NodeRegistryLocker
mitigationContract audit + emergency pause; stake and reward balances kept separate so the reward path can never drain principal

What the launch network does not defend

// 7.4 note · three named gaps · honest accounting

// Out of scope · 3 entries · at launch

// 01
Coordinator segmentation honesty
A dishonest coordinator could segment unfairly. Planned decentralised validator quorums address this.
// 02
Node side-channel attacks
Out of scope. The node is treated as a trusted-but-verified execution environment.
// 03
Submitted payload correctness
The network does not validate that a submitted model, simulation, or render scene is semantically correct. It validates that the result matches what the algorithm produces on the payload.

How detection scales

// 7.5 · five mechanisms · O() cost per network size

// Detection cost profiles · 5 mechanisms

Hash-commitment verificationScales gracefully
One SHA-256 reconstruction per request. At 10,000 requests per second the coordinator uses under one CPU core. Essentially free to scale.
// cost per requestO(1)
Sampled redundant re-dispatchScales with throughput
A fraction of requests run on a second node. A planned calibration target is 5% rate; rate adapts upward when validation disagreements exceed a threshold.
// cost per requestO(R·t)
Statistical agreement (collusion)Does not scale
Pairwise comparisons across the active node set. A 10,000-node network needs ~50 million comparisons per epoch, so a clustering approximation is planned. A flagged node drops from the active set and earns nothing while its stake sits idle, which backstops this layer.
// cost per epochO(n²)
Behavioural fingerprinting (sybil)Scales gracefully
Constant-time hardware/IP/network-fingerprint check at registration plus periodic re-check during operation. Scales with the registration rate, not network size.
// cost per registrationO(r)
Reputation trackingScales gracefully
Incremental per-node counter for uptime and validation success. Memory scales linearly with network size; CPU is negligible. On-chain snapshot at epoch boundaries (planned design).
// cost memoryO(n)

// Key claim

The mechanisms that scale gracefully defend the most mechanical attacks. The one that does not scale is backstopped by the strongest economic disincentive.

// Where to go next · reading path

Soft offline

Failed PoE

Wrong result

Provably malicious

Collusion

Sybil identity

Coordinator segmentation honesty

Node side-channel attacks

Submitted payload correctness