burakoktenli / blade-swarm-governance-node Public

BLADE-SWARM Governance Node: Beam-Layer Authority for Directed Engagements, Swarm Node. Authority governance for attritable autonomous swarms at N=10 (physical testbed), N=50 (combined operation), and N=500 (DAWG-class). Each agent runs a Byzantine-fault-tolerant two-phase consensus gated by SATA peer trust, the four-tier HMAA authority state, and weighted MAIVA voting before the swarm commits, tolerating up to f = (N-1)/3 compromised agents per quorum with a quorum-intersection safety bound, Sybil resistance, and safe-halt-by-default under denied or degraded RF. Per-node ECDSA P-256 root of trust (ATECC608B) feeds a hash-chained distributed audit ledger gossiped across the mesh. Seven-stage AUTHREX pipeline, four-tier HMAA (T3/T2/T1/T0), TLA+ formal specification with five safety invariants and three liveness properties. Eighth BLADE platform. COTS reference hardware approximately $1,333 per node (Holybro X500 V2 + Pixhawk 6X + Raspberry Pi 5 + LoRa SX1276 mesh). TRL 3-4 simulator and formal spec; TRL 2 testbed design. Governs decision authority and audit; it does not govern weapons. Aligned with DoDD 3000.09, FY26 NDAA, and the NIST AI RMF.

blade-swarmswarm-autonomyattritable-autonomybyzantine-fault-toleranceconsensusquorum-intersectionsybil-resistancecontested-rfdawgsataadarahmaamaivaflameeramcaraecdsa-p256audit-ledgertla-plusdodd-3000-09
100KB simulation 15 files CC BY 4.0 DOI: 10.5281/zenodo.20351198
main 15 files · v1.0 · May 2026
Zenodo Open Simulator Project Page
README.mdRepository overview, architecture, consensus protocol, and usageMay 2026
blade-swarm-paper.pdfWorking paper: Authority-Governed Decentralized Swarm Consensus for Byzantine-Tolerant, Contested-RF CoordinationMay 2026
blade-swarm-simulation.htmlInteractive browser simulator · N=10/50/500 · five scripted scenarios · live pipeline and audit ledgerMay 2026
blade-swarm-AUTHREX_SWARM.tlaTLA+ formal specification: five safety invariants + three liveness properties; refines AUTHREX_MAIVAMay 2026
blade-swarm-verification-report.mdModel-checking results and safety/liveness property summariesMay 2026
blade-swarm-simulation-audit.mdSimulation methodology: simulator design, assumptions, threat model, and test scenariosMay 2026
blade-swarm-CONFIG.jsonMaster configuration: node definitions, electrical and mechanical connection mapsMay 2026
blade-swarm-ELECTRICAL.jsonElectrical connection map: power rails and data interfaces across subsystemsMay 2026
blade-swarm-MECHANICAL.jsonMechanical attachment map: frame mounts, masts, and connectorsMay 2026
blade-swarm-PARTS.csvReference bill of materials with interfaces and cost (CSV)May 2026
blade-swarm-build-guide.mdBuild and integration guide for the reference nodeMay 2026
blade-swarm-assembly-guide.mdNode assembly guide for the N=10 testbedMay 2026
blade-swarm-schematic.pdfElectrical design system schematic (node-graph view, color-coded by subsystem type)May 2026
blade-swarm-zenodo.jsonZenodo deposit metadata (authors, keywords, related identifiers)May 2026
LICENSECC BY 4.0May 2026
README.md

BLADE-SWARM Governance Node

Beam-Layer Authority for Directed Engagements, Swarm Node - Reference Architecture, Simulator, and Formal Specification

An authority-governance layer for decentralized autonomous swarms operating in contested and RF-denied environments. Each agent runs a Byzantine-fault-tolerant two-phase consensus gated by computed peer trust (SATA), the four-tier HMAA authority state, and weighted multi-agent voting (MAIVA) before the swarm commits to a coordinated action. The protocol tolerates up to f = (N-1)/3 compromised agents per quorum with a quorum-intersection safety bound, resists Sybil attacks via attested per-node identity, and defaults to a safe halt under denied or degraded RF. Every step writes a signed entry into a hash-chained distributed audit ledger gossiped across the mesh. It implements the seven-stage AUTHREX pipeline (SENSE, SATA, ADARA + IFF, HMAA, MAIVA, FLAME, ERAM + CARA) with a four-tier HMAA model (T3/T2/T1/T0), parameterised over N = 10, 50, and 500. Eighth platform in the BLADE family.

This is a reference architecture, simulator, and formal specification (TRL 3-4 simulator and formal spec; TRL 2 physical testbed design). No hardware has been fabricated. All parameter values are synthetic research placeholders. The architecture governs decision authority and audit; it does not govern weapons. No federal endorsement is claimed and no empirical claims are made about specific systems, operations, or named officials.

Publication

DOI: 10.5281/zenodo.20351198
Author: Burak Oktenli · Georgetown University, M.P.S. Applied Intelligence
ORCID: 0009-0001-8573-1667
License: CC BY 4.0 · Version: v1.0 · May 2026 · Document ID: ICD-SWARM-001 v1.0 · Working paper WP-2026-08

Consensus and Authority Model

  • SATA (peer trust): continuous per-peer trust scoring from attested identity, behavioural consistency, and audit-chain integrity; low-trust peers are down-weighted and excluded from quorum formation
  • HMAA (authority tier): four tiers (T3 autonomous / T2 supervised / T1 confirmed / T0 halt); tier escalation requires quorum agreement, tier downgrade is asymmetric and can be triggered unilaterally for safety
  • MAIVA (weighted voting): sub-quorum decomposition with Dempster-Shafer weighted voting and a quorum-intersection bound guaranteeing safety while no more than f = (N-1)/3 agents per quorum are compromised
  • FLAME + CARA (timing and recovery): FLAME contracts the deliberation window under threat density and expands it under ambiguity; CARA provides bounded-liveness recovery and isolates misbehaving agents with a corrective audit entry
  • Root of trust: per-node ECDSA P-256 keypair on a Microchip ATECC608B secure element (private key never leaves the chip); hash-chained distributed audit ledger gossiped over the mesh

Reference Hardware (per node)

  • Frame and propulsion: Holybro X500 V2 quadrotor kit (4x 2216 KV880 motors, 4x BLHeli_S 20A ESC, 1045 props, integrated PDB)
  • Flight controller: Pixhawk 6X autopilot (triple-redundant IMU)
  • Companion compute: Raspberry Pi 5 8GB with active cooler
  • Mesh radio: LoRa SX1276 (915 MHz control plane) + Wi-Fi 6 USB (telemetry plane)
  • Navigation: Holybro M9N GNSS module with magnetometer on a mast
  • Root of trust: Microchip ATECC608B secure element; governance-bus level shifter (TXB0108)
  • Power: 4S 5000 mAh LiPo; addressable status LED ring for tier indication
  • Reference BOM: approximately $1,333 per node (optional camera +$50); approximately $13.3K for the N=10 testbed baseline

Formal Verification (TLA+)

  • AUTHREX_SWARM.tla refines the AUTHREX_MAIVA module with sub-quorum decomposition, Byzantine fault bounds, FLAME deliberation-window contraction, tier-downgrade asymmetry, and CARA bounded liveness
  • Five safety invariants (S1 TierCeiling through S5 ByzantineBound) and three liveness properties (L1 EventualCommitOrAbort through L3 CARATermination)
  • Model-checked on a reduced-scale instance; this establishes the properties for that instance and is not a proof for arbitrary N

Simulator Scenarios

  • S1 Nominal - healthy swarm, all agents T3, clean RF; consensus commits
  • S2 Single Byzantine agent - one compromised node attempts an unauthorized commit; quorum intersection rejects it
  • S3 Sybil probe - spoofed-identity peers; SATA and attested identity exclude them from quorum
  • S4 Contested RF - degraded mesh; FLAME contracts and the swarm safe-halts by default
  • S5 Denied / degraded - link loss beyond the Byzantine bound; tier downgrade to T0 with signed audit

Standards Alignment

  • DoDD 3000.09 (autonomy in weapon systems; authority tier model mapped to HMAA T3/T2/T1/T0; governs decision authority, not weapons)
  • FY26 NDAA (autonomous-systems assurance and audit provisions)
  • NIST AI RMF 1.0 (govern, map, measure, manage; reflected in authority gating and tamper-evident audit)

Related Work

  • SATA: 10.5281/zenodo.18936251
  • HMAA: 10.5281/zenodo.18861653
  • CARA: 10.5281/zenodo.18917790
  • ADARA: 10.5281/zenodo.19043924
  • MAIVA: 10.5281/zenodo.19015517
  • FLAME: 10.5281/zenodo.19015618
  • BLADE-EDGE (defense): 10.5281/zenodo.19177472
  • BLADE-AV (automotive): 10.5281/zenodo.19232130
  • BLADE-MARITIME (maritime): 10.5281/zenodo.19246785
  • BLADE-INFRA (critical infrastructure): 10.5281/zenodo.19277887
  • BLADE-SPACE (orbital): 10.5281/zenodo.20183269
  • BLADE-CUAS (counter-UAS): 10.5281/zenodo.20299604
  • BLADE-AGENT-HSM (agentic AI): 10.5281/zenodo.20299821
  • BLADE-INFRA-OT (IT/OT bridge): 10.5281/zenodo.20342067
  • BLADE-FINANCE (financial sector): 10.5281/zenodo.20374692

Author

Burak Oktenli
Georgetown University, M.P.S. Applied Intelligence
ORCID: 0009-0001-8573-1667
Website: burakoktenli.com