CyberSecurity Mesh

HyperStructure
for the Digital World

Authors: David Carvalho, Sumit Chauhan

Date: 03/19/2024
Version: 1.02.04
White Paper Naoris Protocol

1.0. Abstract ................................................................................................................................................................................................... 1

2.0. Introduction ......................................................................................................................................................................................... 2

2.1. A New Era in CyberSecurity ................................................................................................................................................... 2

2.1.1. We’re Building a HyperStructure....................................................................................................................................... 3

2.2. Historical Background of Distributed Systems .............................................................................................................. 4

2.3. Current Approach to Cyber Risk and Defensive Capability Stagnation ................................................................ 4

2.4. Current Perspective on Cyberspace ................................................................................................................................... 7

2.5. The Importance of Intelligence Backed Actions ............................................................................................................. 9

2.6. Value of Cyber Assurance ....................................................................................................................................................... 9

3.0. New Design Principles for Reinventing Organizational Structures and Upgrading Society’s Security Posture .............. 11

3.1. Establishing Trust in Trustless IT systems ..................................................................................................................... 11

3.1.1. Simplified and Resilient Approach to Risk .............................................................................................................. 11

3.1.2. Parametric Bayesian Inferences and Modelled Consensus Secure Baselining ............................................ 12

3.2. From Centralized to Decentralized ................................................................................................................................... 12

3.3. From Siloed to Interoperable .............................................................................................................................................. 14

3.4. From Proprietary to Open .................................................................................................................................................... 15

4.0. HyperStructure ................................................................................................................................................................................. 16

4.1. The Need for Adopting A HyperStructure Ethos ........................................................................................................... 16

4.2. The Attributes of a HyperStructure .................................................................................................................................. 17

4.3. Outcomes of Adopting the HyperStructure Ethos ....................................................................................................... 19

5.0. Technology Backdrop and the Case for a New dPoSec Consensus Mechanism ....................................................... 20

5.1. The CyberSecurity CIA Triad - Confidentiality, Integrity and Availability of Data ........................................... 20

5.2. The Blockchain Trilemma and the Naoris Approach to Mitigating Risk .............................................................. 22

6.0. The Naoris Protocol’s CyberSecurity Mesh HyperStructure Framework .................................................................. 25

6.1. Ecosystem Overview .............................................................................................................................................................. 25

6.2. The Topography of the Decentralized CyberSecurity Mesh .................................................................................... 27

6.2.1. Blockchain Topography Overview .......................................................................................................................... 27

6.2.2. Risk Assessment Component Model on Topography ........................................................................................ 28

6.2.3. Threats vs Layers - Topography Risks ................................................................................................................. 30

6.3. Understanding the dPoSec Consensus Mechanism .................................................................................................... 31

6.3.1. What is Byzantine Fault Tolerance ........................................................................................................................ 32

www.naoris.com
White Paper Naoris Protocol

6.4. The Byzantine Generals’ Problem ..................................................................................................................................... 32

6.5. Types of Byzantine Failures ................................................................................................................................................ 33

6.6. BFT As A Solution from 10000 Feet .................................................................................................................................. 33

6.6.1. Consensus for a HyperStructure of Cyber-trust ................................................................................................ 34

6.6.2. Consensus Overview ................................................................................................................................................ 35

6.6.2.1. Distributed Proof of Security (dPoSec) ........................................................................................................... 35

6.6.2.2. Types of Validators ............................................................................................................................................. 36

6.6.2.3. dPoSec Protection Layer .................................................................................................................................. 36

6.6.2.4. dPoSec and Verge Clusters ............................................................................................................................... 38

6.7. Distributed Resilient Potential Validator Class (DRPVC) .......................................................................................... 40

6.7.1. Powering a Tokenized Machine Economy for Distributed CyberSecurity with the $NAORIS Token ............. 41

6.7.2. The Ecosystem ............................................................................................................................................................ 42

6.7.3. Consensus Rewards ................................................................................................................................................... 43

6.7.4. Stake Slashing ............................................................................................................................................................. 43

6.7.5. Naoris Distributed AI Enabled Intelligence ......................................................................................................... 43

7.0. Acknowledgements .......................................................................................................................................................................... 44

8.0. Disclaimer ........................................................................................................................................................................................... 45

www.naoris.com
White Paper Naoris Protocol

1.0. Abstract Naoris showcases a novel consensus mechanism

called Distributed Proof of Security (dPoSec),
We are Naoris Protocol, the CyberSecurity Mesh running on a purpose-built blockchain that can
HyperStructure 1 for the hyper connected world, record 50k-1M processes, network state changes
leveraging the best of Ethereum and conceived to and general transactions per second. The protocol
run in a multichain world, forever. operates using a new sharding-like architecture
Naoris Protocol’s disruptive and contrarian that we call Verge Clusters. Verge Clusters carry
design pattern makes networks safer as they case-specific security and compliance logic
grow, not weaker, by turning each device into a ensuring the integrity of all networks, devices
trusted validator node. and processes using the protocol.

Having been finalists in over half-a-dozen top Naoris Protocol is generalized yet powerful and
rated business and innovation accelerators around customizable, providing value to nation states,
the world, Naoris Protocol was conceptualized governance structures, industries, Web2, and the
and founded to tackle the most critical areas entire Web3 stack. It’s built for everyone without
of business and governance by a team with competing with existing L1 and L2 solutions. In
decades of experience and thought leadership fact, blockchain projects can adopt Naoris to
in CyberSecurity. Naoris Protocol promises avoid inheriting Web2 CyberSecurity risks, and
to revolutionize how security is approached, to enhance the integrity of their own validators
considered and implemented, allowing for and nodes.
safer information sharing environments,
decentralization, and ultimately, industry-wide The protocol is community-governed, censorship
standardization. resistant and conceived to change the game in
CyberSecurity, while simultaneously mitigating
As devices validate each other on a tokenized a $10T per year problem by at least an order of
machine economy, single points of failure are magnitude.
eliminated and a trusted communication layer is
established among devices in real time. In essence, Naoris is developing state-of-the-
We exist to pioneer the vision of building a art, scalable blockchain technology that is
Decentralized CyberSecurity Mesh that is: built to address a critical concern of the digital
world, and become adopted by all sectors of
• Unstoppable the economy. A pragmatic solution that can be
• Permissionless deployed in the next few years, not decades -
• Minimally Extractive and one that can self-heal, expand and thrive for
• Valuable generations to come. With a sense of urgency,
• Expansive but also a strategic focus on the infinite game,
• Positive Sum our vision is to become the world’s CyberSecurity
• Credibly neutral mesh HyperStructure that enables the permanent
neutralization of the cyber threat.
This, without relying on a myriad of legacy
centralized, siloed solutions, which typically
increase complexity and reaction time, while also
expanding the attack surface area of networked
systems.

¹ https://jacob.energy/hyperstructures.html

www.naoris.com Page 1
White Paper Naoris Protocol

2.0. Introduction
2.1. A New Era in CyberSecurity that it works on any networked device, whether
smartphone, computer, or self-driving car. By
CyberSecurity has finally met the blockchain, and harnessing the power of the infinitely scalable
the implications for the world of data security are blockchain across a truly vast number of users,
momentous. Naoris enables a reality where individuals and
businesses can feel more secure as they carry
Naoris Protocol provides the world’s first out their everyday business, distributing cyber-
blockchain-based cyber-enforced mesh resilience mechanisms through dPoSec, a
HyperStructure, bringing a game-changing CyberSecurity, assurance and trust dedicated
platform to address 35 years’ worth of industry consensus power structure.
practice through the unrivalled security
potential of ethical blockchain use. Following The ultimate goal is for the default security
the HyperStructure ethos of our use case, Naoris solution to stop deferring to the creation of
suggests a decentralized security enforcement device and network silos - which themselves
protocol that is unstoppable, permissionless, introduce significant risk factors - and instead
minimally extractive and credibly neutral, with a gravitate toward a distributed, democratic
win-win default baseline mentality. Every device trust-generating framework.
becomes a cyber-trusted validator node, making
networks safer as they grow, not weaker. For much of the past half century, device
and network security has operated on siloed
Global spending on CyberSecurity products principles, with most environments (regardless
and services has never been as high as it is of criticality to society and business) based on
today, being expected to exceed $1.75 trillion centralization of data and processing. As such,
cumulatively for the five-year period from 2021 each of the supporting devices within such
to 2025. 2 Despite this, cybercrime damages will ecosystems become a potential point of weakness,
cost users, companies, and governmental entities resulting in imminent failure in the event of any
$10.5 trillion yearly by 2025, up from $3 trillion internal or external threat materializing.
USD in 2015. 3
This creates a high-risk state of existence, as the
Leveraging the benefits of blockchain compromise of a single networked device would
technology, Naoris Protocol enables individuals undoubtedly allow the attacker to gain access and
and businesses to assert unprecedented control control over an entire network of devices, their
over their data and digital security. Bypassing services and operational processes - allowing for
traditional industry practice which makes use abuse and/or subversion of all operational assets
of potential single points of security failure like within the exploited level of access, whether the
vendors, intermediaries and third parties, Naoris environment is a traditional business, industry,
Protocol elevates the peer-to-peer format into a or a critical asset, such as a nation state agency
truly collaborative security infrastructure where or critical infrastructure.
an increased number of users results in enhanced,
instead of reduced, digital security. Thus the threat actor has the capability to wreak
havoc in terms of IP exfiltration and ownership
Naoris is a CyberSecurity ecosystem that is of critical applications, and impersonation,
agnostic to device or operating system, meaning

2
https://CyberSecurityventures.com/CyberSecurity-spending-2021-2025/
3
https://CyberSecurityventures.com/cybercrime-damage-costs-10-trillion-by-2025/

www.naoris.com Page 2
Introduction Naoris Protocol

becoming in effect an APT (advanced persistent 2.1.1. We’re Building a HyperStructure.

threat). Such a threat could go undetected for
weeks, months, years or indeed indefinitely - and The risk of systemic CyberSecurity failure cannot
be fully undetectable during that time. be solved by a traditionally framed company as
the company itself could become a single point
Threat actors exploit business critical systems of failure for the integrity of the CyberSecurity
for personal profit, to further the agendas of mesh. Therefore, Naoris Protocol is a DAO
certain groups or power structures, or as an act governed protocol, using quadratic voting.
of cyberwar, cyber-terrorism or cyber-espionage.
Regrettably, results generated by traditional siloed This vision for a HyperStructure that is a mission-
CyberSecurity frameworks frequently under- critical piece of digital planetary infrastructure,
deliver. These same techniques and underlying built to run forever, requires 7 bold design
weaknesses are the accepted standard, employed principles:
as current industry norms across Web2 and
Web3 - making countless networks vulnerable to 1. Unstoppable: It runs indefinitely; devices
exploitation. Current CyberSecurity solutions and networks can adopt it or abandon it, but
have yet to effectively address these threats. it cannot be stopped.

Naoris Protocol introduces fundamental 2. Permissionless: Users and builders cannot

changes to this traditional approach, addressing be deplatformed - it’s censorship resistant
these persistent risks. Through bleeding edge and accessible by anyone.
CyberSecurity and blockchain technology,
Naoris Protocol turns centralized computer 3. Minimally Extractive: Near base cost fees
networks with traditionally untrusted devices disincentivize forking, while powering a
into a decentralized cyber-secure mesh, where treasury for ecosystem development managed
a swarm of cyber-trusted devices validate each by the DAO.
other.
4. Valuable: Conceived to be a for-public
Devices operate within a tokenized machine endeavor, and yet, extremely valuable to own
economy, where single points of failure are and govern - which sparks an ecosystem
eliminated, and threats are identified and around it.
mitigated in near real time under a dedicated
consensus model that rewards devices for 5. Expansive: It has built-in incentives for
consistent trusted behavior. Naoris Protocol is a users to behave fairly, and for builders to build
genuine game-changer. on top of it.

The company’s objective is not only to exponentially 6. Positive Sum: Wide adoption and usage of
improve data security and verification, but to the protocol results in a win-win environment
play a fundamental role in the ongoing evolution for all network participants.
of the CyberSecurity landscape and its future.
Therefore, today’s distributed threats demand a 7. Credibly Neutral: To be adopted by a wide
new kind of solution: range of DAO-based governance structures,
companies and individuals, HyperStructures
need to be credibly neutral.

www.naoris.com Page 3
Introduction Naoris Protocol

2.2 Historical Background of Distributed or accepting the risks that a third-party black box tool
Systems or collection of tools offers - along with the potential
internal threats all the people operating those tools
The notion of provable distributed truth, i.e. on the organization or client’s behalf bring.
provable distributed integrity, has existed since
the beginning of networked computing. The It should also be assumed that the current
use of concurrent processes that communicate infrastructure is already compromised, or will
through message-passing had its origins in be in the future, even if current best practice is
operating system architectures studied as early achieved and duly validated. As such, the more
as the 1960s. crucial and valuable the resources at play - such
as strategic plans, mergers and acquisitions and
The Advanced Research Projects Agency Network other important documents, intellectual property
(ARPANET) was an early packet switching network (IP), Personal Identifiable Information (PII)
and the first network to implement the protocol databases, payment card industry info P(CII), and
suite TCP/IP. Both technologies became the so on.
technical foundation of the Internet.
The more sensitive the data, the more attractive
The first widespread distributed systems were local- it is to bad actors, and the higher the risk
area networks, like Ethernet, which were devised endangering this digital asset, the loss of which
in the 1970s. ARPANET itself, the predecessor of the (if left unchecked) could lead to a survivability
internet, was released for testing in the late 1960s, and event for the business or at the very least high-
its email was devised in the early 1970s as a federated impact monetary and/or reputational damage.
environment.
2017 was the year when a series of incidents in
E-mail became the most prosperous program of the cyber threat arena resulted in the definitive
ARPANET, and arguably the earliest example of a large- recognition of some universal truths. There was
scale distributed application. The analysis of distributed unwavering evidence regarding monetization
computing, from a perspective of local architectures procedures, attacks on democracies, cyberwar,
and networks, became its own branch of computer transformation and abuse of malicious
science. infrastructures, along with the dynamics
contained in threat agent groups.
2.3. Current Approach to Cyber Risk and
Defensive Capability Stagnation However, 2018 and the years after have also
attracted successful operations against cyber-
Within any corporate or critical environment, criminals, albeit insufficient. Law enforcement,
having a central point of governance should governments and businesses have successfully
produce the assumption that any infrastructure shut down illegal dark markets, de-anonymized
will at some point be compromised, or vulnerable most of the Dark net and arrested many cyber-
to falling prey to external power structures with criminals. Moreover, state-sponsored campaigns
their own agendas - if it is not in that state already. were revealed and specific intelligence regarding
The fact is that trust is an asset that cannot be such technologies deployed by nation states were
outsourced without incurring massive risk. also leaked, potentially benefiting the privacy of
citizens and the rule of law, while allowing cyber
Despite this, circumstances are such that there is criminals to have access to top nation-state level
currently little alternative to accepting the risks that hacking tools.
centralization and the intricacies offered by it, and/

www.naoris.com Page 4
Introduction Naoris Protocol

This all contributes to making society more tendency is reflective of the high amount of
unsafe, and opening the way to cyber-terrorism interest by news online news services, web
and other disruptive and destructive cyber-threat services and indeed across the whole Internet
actor capabilities - by 2022, risking incurring and traditional media regarding CyberSecurity
large damages transversally on democratic- problems.
social capabilities, critical infrastructure damage In its 2022 Tech Trends, Gartner identifies
and subversion, ransomware of critical areas of CyberSecurity mesh as one of the core
society like healthcare and energy systems. technologies the majority of the world’s
As a consequence trust levels in institutions organizations will be using in the next few years,
were observed declining heavily, in parallel with to address these vulnerabilities.
obvious perceived and real-world risks. Inevitably
public perceptions of the limited capability to In summary, some of the main trends in the cyber
prevent or even respond to such risks increased, threat landscape over the course of the last half
despite the widening use of best-in-breed cyber decade were:
tools and their wider dissemination and enforced
cyber standards. Despite the lack of mitigation, • Number of attacks and expertise of malicious
data security has never had a higher public actors in cyberspace continuing to increase;
profile and awareness, a trend that will inevitably
increase in the coming years. • Malicious infrastructures keep evolving
their capabilities involving multipurpose
The CyberSecurity community is struggling to configurable functions for traditional cyber-
maintain parity, in the endless arms race between defense subversion such as anonymization,
defenders and attackers. Although every year the detection and encryption evasion;
CyberSecurity industry has achieved records
in security-related investments, they have • Usage of decentralized ledgers as backbones
also brought new documented cyber-attacks for important threats such as botnets;
of automated and manual natures, global data
breaches, and costly information loss and theft. • APT Advanced Persistent Threats and FUD
Fully UnDetectable threats are becoming the
From this standpoint, there arguably is a market norm, increasing detection times on average
failure in CyberSecurity; that is, the fact that for breaches to 280 days in average 4;
theoretically higher defense levels and higher
associated expenses cannot successfully reduce • State-sponsored attacks are one of the
levels of real world cyber threat exposure. most omnipresent malicious threat agents
Whether that is a result of a segmented in cyberspace and the top concern of
CyberSecurity marketplace, lack of awareness, or governmental and commercial defenders.
capability, are themes of vibrant discussions in Traditional cyber-defense environments do
the corresponding communities. not seem to be able to protect such high-
value targets from advanced attacks;
The simple fact is, however, that in recent years,
there has been a clearly documented increased • Cyber-war is entering heavily into
quantity of information on the occurrence of cyberspace, creating increased worries to
malicious CyberSecurity events and cyberspace critical infrastructure and industry, especially
abuse, following year-on-year trends. This in areas that are critical but legacy, or are in
budgetary crisis or geopolitical crisis.

4
https://www.ibm.com/security/data-breach

www.naoris.com Page 5
Introduction Naoris Protocol

Despite being widely known that a data breach of the problem cannot be understated: the 2017
response plan backed by a risk management Equifax hack compromised the private financial
strategy is a proactive way to be prepared for data of over half of the population of the United
such events, the vast majority of companies that States.
handle user data or provide user services have
neither. As such, user data continues to bleed Perhaps more ominously, earlier in 2021, the
into deep web markets, allowing for data abuse, SolarWinds hack - which is still in the mitigation
fraud, scams and identity theft as a common and damage control phase - saw the divulgence of
occurrence. Increasingly, the average consumer state secrets and highly confidential government
internet user ultimately foots the bill, for the files, resulting in some of the world’s largest
damage to their lives caused by the negligence of transfers of wealth and IP in history.
their service providers and data custodians.
Its cleanup is estimated at 100 Billion USD and
The average cost of a data breach currently stands will take years. Cyber experts agree that even
at just over $4.25 million USD, representing a after all that work is done, there will be no way
significant vacuum for value across all industries. to be sure the attackers have been successfully
In addition to the high cost of data breach and excluded from the currently infiltrated networks.
threat mitigation, users of these networks often The opaque digital warfare occurring around us
experience a compromise of their private data, at all times continues to impact the average user
wherein one data breach can result in a cascading more intensely than anything humankind has
leak of their personal information. And the scale historically experienced. 5

2021 Digital ocean

Contact 10.000.000
Tracing
data
38.000.000
Experian
Brazil Microsoft
T-Mobile

Syniverse
40.000.000
220.000.000
Facebook 250.000.000
533.000.000
Pakistani
mobile operations
500.000.000
115.000.000
2020 Canva
EasyJet
139.000.000 9.000.000

SolarWinds Thailand Visitors

Dubsmash 50.000.000 100.000.000
162.000.000 Indian citizens
275.000.000

Capital One
OxyData ShareThis
2019 100.000.000
Facebook 380.000.000 41.000.000
420.000.000

Houzz Quora
Apollo 100.000.000
Chinese 57.000.000 MyfitnessPal
200.000.000 150.000.000 Twitter
resume leak
202.000.000 Nametest 330.000.000
2018 Firebase 120.000.000
100.000.000

Cathay Pacific MyHeritage

Airways
94.000.000 Marriott 92.283.889

International
Aadhaar 333.000.000
1.100.000.000
Spambot
2017
Equifax Google+
711.000.000
143.000.000
52.500.000 River City
Media
Mail ru
27.000.000
340.000.000

Dailymotion Friend
2016
85.200.000
Finder Network Yahoo
500.000.000
412.000.000 LinkedIn
MySpace
Tumblr
117.000.000 65.000.000
Fling
164.000.000
40.000.000

Data Breaches by number of records lost 6

5
https://www.rollcall.com/2021/01/11/cleaning-up-solarwinds-hack-may-cost-as-much-as-100-billion/
6
https://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/

www.naoris.com Page 6
Introduction Naoris Protocol

Today, there are various risk-mitigating solutions themselves may be paired using almost any technique
to choose from, as mentioned above. These of Sybil immunity to generate an openly, verifiably
solutions, however, are not perfect, and rely on secure environment for such critical backbone data
strategies that must be established to otherwise and metadata transactions. A Sybil attack is an attack
circumvent some vulnerabilities with this model, in which the identities of the node are subverted
while keeping it clearly ahead of traditional and a large number of pseudonymous identities is
technologies used in this space. As such, to produced to gain access to the network.
achieve a design of a system that identifies
deceptive inputs from malicious actors that own 2.4. Current Perspective on Cyberspace
nodes or have subverted them in their workings,
while discouraging such subversion activities, we Today, it is evident from the degree to which it has
suggest that the most important cyber platform become ubiquitous to use multiple devices across
of the current age will be the one that focuses multiple networks, that such complexity passes
on the way to pick the ideal model for the job at mostly undetected in our own lives.
hand. Thanks to mobility, traditional computers have
evolved from mainframes to portable laptops, to
With this in mind, it requires the provision of a safe, powerful mobile phones, smart-watches, smart-cars,
performance-heavy and light-processing, elastic smart-refrigerators, smart-homes and tablets - all
cyber-dedicated consensus mechanism, relying connected. Computers have experienced a massive
on multichain capabilities, whether for speed or change, from mainframes to very portable devices.
resiliency, and for added risk-mitigation across
trusted-nodes following a permissioned-defined list
of rules of engagement. The consensus mechanics

The Internet of Things

2020
50 50.1 Billion

An Explosion of Centralized Risk 2019

42.1 Billion
40 2018
34.8 Billion
2017
28.4 Billion
2016
22.9 Billion
30
2015
18,2 Billion
2014
14.4 Billion
20 2013
11.2 Billion
2012
8.7 Billion
10 2009
1992 2003 10 Billion
1,000,000 0.5 Billion

0
‘90 ‘92 ‘94 ‘96 ‘98 ‘00 ‘02 ‘04 ‘06 ‘08 ‘10 ‘12 ‘14 ‘16 ‘18 ‘20

Exponential Growth overview of centralized devices globally over time

www.naoris.com Page 7
Introduction Naoris Protocol

We end up dependent for most of our computing, definition of network theory, a network is
work and play on the World Wide Web, the internet characterized by scholars as a “complicated pattern
and other supporting mobile wireless networks. of connections among numerous interdependent
An incredible variety of kinds of hardware systems, elements”.
architectures and networks are connected to form
a worldwide cyberspace. The absolute penetration Scholars of network theory recognize that since
of networks and technology in contemporary networks are complicated and centerless like
society means that everyone and everything are the systems that make up cyberspace as we
to some level connected, even in the most remote know it, deep levels of uncertainty are inevitable
of locations. It is unsurprising that we as a society in generating, managing or planning security
and as users inevitably cease to fully comprehend environments for complex networks. As will be
the inter-connectivity of today’s world due to its discussed further on in this paper, despite the
sheer complexity, and start to overlook its vast lack of feasibility in achieving full understanding
vulnerabilities and risks. of complex global networks and their weak
points in federated organizations, a blockchain-
From an individual perspective, cyberspace is just based approach of ‘divide and conquer through
a “platform” in society, as described previously. consensus’ is possible (and indeed verifiable.)
It is a fluid and constantly developing ‘living
system’ or network, and also an environment that When we take network theory and proceed to
has so many things happening at once within apply it within cyberspace, it becomes increasingly
it, that it is now far from governable. When important from both a theoretical and practical
it comes to governments’ attempts to come standpoint. Cyberspace is a significantly networked
up with effective policy, governance systems, environment, and as such, it’s completely
compliance rules and laws to try to cut back on interdependent - because of its operational
the ever-increasing number of cyber-attacks, objectives and the nature of its services provided to
these attempts are present and documented - but organizations and consumers by organizations and
siloed and behind the curve of innovation, which consumers. It is, in essence, a worldwide network
can be demonstrated by the varied regulations of programs in which fresh and varied technologies
and attempts at standardization - such as Data have been continually developed and deployed
Privacy Shield, GDPR, Health Insurance Portability on a daily basis, and as is widely known - despite
and Accountability Act of 1996 (HIPAA), Payment efforts to the contrary - there are vulnerabilities
Card Industry Data Security Standard (PCI-DSS), in these technologies and supporting frameworks
National Institute of Standards and Technology that are known and unknown, unwillingly created,
(NIST), ISO/IEC 27000 standards family. As and discovered daily.
digital complexity grows, convergence and
interoperability of these standards becomes less There is also no such thing as linear, expected
and less viable. inherent risk, danger or vulnerability of a cyber
network or a protocol, software or otherwise any
The sophistication and dangers originating from method, despite the wildly illogical current strategy
these varied phenomenon are not currently that currently prevails in the space of opting for the
quantifiable, only estimates exist - since these are ‘proving the negative’ tactic with expected current
best-efforts led within specific time frames, within low probability results. A completely different
specific environments and concluded through approach is suggested in this paper, with a
limited intelligence and budgets, it will be indeed dedicated distributed consensus of principles,
impossible to ever achieve truly global actionable dPoSec, placed on the control of risk, vulnerability,
consensus. Even though there is no international truth and trust in the digital context of our world.

www.naoris.com Page 8
Introduction Naoris Protocol

The context of such problems are best described permits the unsavory prospect of the destruction
with self-similarity theory through the dynamics or harming of numerous critical sectors like critical
which frequently are observed within study cases infrastructure or government structures by focusing
on such types of theories called the ‘cascading the cyber-assault in areas which might look to the
dynamic events’. unsuspecting observer as less crucial. This leaves
any nation-state or critical infrastructure available
The self-similarity concept in the context of to weaknesses that can be exploited due to weak
networks and systems is a time-developing implementation of security policies of a completely
phenomenon that remains constant the more different allied nation-state, industry or sector
you zoom into the network. It is said to exhibit (such as the Solarwinds hack of 2021 - 56% of cyber
self-similarity if the numerical value of certain attacks occur through third parties.)
observable quantity of devices in this case {f(z,t)}
f(z,t) measured at different times are different 2.5. The Importance of Intelligence Backed
but the corresponding system criticality rules of Actions

“
devices irrelevant of their inner complexity at a
given value of {z/t^{y}} {z/t^{y}} remains invariant. Action may be the true way of
“
This phenomenon seems to happen in networks if
measuring intelligence 7.
the quantity {f(z,t)}, f(z,t) exhibits dynamic scaling,
just as in a fractal. The idea is just an extension of Napoleon Hill
the idea of similarity of two networks in this case.
Note that two networks are similar if the numerical intelligence noun (ABILITY)
values of their devices or systems are different, [ U ] the ability to learn, understand, and make
however the corresponding system criticality rules judgments or have opinions that are based on
- such as the criticality of the applications on their reason 7:
devices - coincide with adjustments that can’t fit intelligence noun (SECRET INFORMATION)
into a linear paradigm. [ U, + sing/pl verb ] secret information about
the governments of other countries, especially
A cascading event is a scenario in which, if ripples enemy governments, or a group of people who
disperse across areas or sectors from the point of collect and deal with this information:
source, changes can be proven incrementally - in
this case through an ecosystem of consensus given Despite the general ‘abuse’ in the CyberSecurity
the right incentives. We let the various parts of the space of the word ‘intelligence’, in this context
fractal network work do the right thing, being fully we suggest using it as a means of source of
conscious of the truth of other fractal locations. knowledge, truth seeking, and judgment making
We’ve established in the former paragraphs based on reasoning that the blockchain ecosystem
that many networks and systems don’t normally allows for such distributed proofs to be created
function in a simple linear fashion, and have neither and independently verified (intelligence noun,
linear risks or vulnerabilities, but these same risks ABILITY.)
or vulnerabilities tend to create new risks either by
repetition or by inheritance. 2.6 Value of Cyber Assurance

Within this case, once we employ the cascading event Modern society is dependent on the equilibrium
into some cyber-attack it efficiently transforms of complicated infrastructure programs for
into a more dangerous and uncontrollable version virtually every economic and social purpose.
of a multi-sector cyber-attack. This enables or The damage that can occur both from cyber-

7
https://dictionary.cambridge.org/dictionary/english/intelligence

www.naoris.com Page 9
Introduction Naoris Protocol

war type attacks to future cyber-terrorism is This shows the deep significance and importance
well known and accepted by nation-states and of changing our perspective and understanding
their agencies (US’s Cyber Command, UK’s Cyber of cyberspace, from the traditional approach
Defense Force and Cyber Incident Response to a multidisciplinary or even a non-standard
teams, among others) regarding the dangers and theoretical standpoint. Network theory, self-
risks coming directly or indirectly from cyber- similarity concepts and the understanding and
attacks, that could have a crippling impact on the consensus needed around critical environments,
country’s economy, health, safety, and security, and the negative energy unleashed by cascading
and social stability at large. The vital value of events, contribute greatly to the field of cyber
infrastructure is a consequence of developing security and its solution-finding quest.
lasting interconnectivity.
Theoretically and in the real world, it is crucial to
Likewise, individual business sectors within comprehend the size of interconnectivity across
a connected economic model are inherently the world. It is, by understanding a cyber-attack
shaky, and disturbance in any single industry can within a single sector or area which might not be
activate a ripple through the economy, impacting deemed important but can have a massive effect
businesses that indirectly and directly interact on a country’s safety/organizational capability,
with the impacted sector. that we have the power to envisage and indeed
project solutions into this important problem.
Hypothetical Case Study. 1. This enables us to create better answers and new
Within a nuclear power station, a group approaches based on the blockchain, that offer
of critical PLC’s and SCADA systems are new techniques, never possible before in a robust
attacked using the notorious Duqu malware. manner that can deal with cyber-attacks now and
Its core is shutdown as quickly as possible in the future. By following new models and plans
to prevent damage, this creates issues with of defense through distributed systems, areas
power and voltage levels in an aging electrical of business that are separated in principle can
infrastructure - affecting hospitals, airports, operate together in consensus. Additionally, it
dams, and even the stock market, creating helps professionals within those organizations or
unmanageable brownouts that end up heavily structures to devise effective coverage to ensure
affecting the economy, and causing loss of life the security and sustainability of their physical
through a cascading event. and virtual universe is maintained through
control and verifiable unbiased visibility, across
Hypothetical Case Study. 2. various cyber domains within their networks and
Most banks use the SWIFT System, a federated outside of their environment.
semi-centralized system. If a SWIFT terminal
is subverted by a nation state threat actor
that is under a SWIFT system isolationist
sanction, the cascading event would paralyze
areas of the economy directly dependent on
quick loans, that would in turn paralyze other
more diverse sectors of business through a
cascading event, hurting the reputation of the
western banking system, weakening ongoing
sanctions, making future deployments more
difficult, and fostering the adoption of other,
alternative banking systems, etc.

www.naoris.com Page 10
White Paper Naoris Protocol

From a reward perspective every validator node

3.0. New Design Principles for
that is randomly chosen within a business, or
Reinventing Organizational other organization, receives bonus rewards for
Structures and Upgrading validating a breach or the submission of new
Society’s Security Posture intelligence data, or otherwise some compromise
of the ruleset defined when compared to normal
3.1. Establishing Trust in Trustless IT Systems block rewards. Thus ensuring that the whole
ecosystem’s main focus is squarely on the task of
Given today’s rapidly growing CyberSecurity finding malpractice or other malicious subversive
risks, the demand for a difficult-to-disrupt activities.
method to complement traditional CyberSecurity
techniques is growing. The fact that spoofing, Each client within a Verge Cluster is put under
cyber-attacks and other types of disturbances what is treated as an equally critical and optional
seem to be growing in frequency and severity, setting, that can be optimised to define special
makes the requirement to meet this need an all privileges for each set of data. Additional
important one. Such abuses of currently existing privileged data containing blocks will result in
infrastructure, architecture and protocols have allocating more rewards for the correct work.
the potential for catastrophic impacts on our
own lives and global financial activity. In order 3.1.1. Simplified and Resilient Approach to Risk
to accomplish this need, Naoris offers to operate
through a set of abstractions that greatly drop Arguably, in regards to security tools in general,
the risk of being compromised, along with a sophistication is its own enemy, as so many
strategy that defines trust and reliability by a alarms are generated through so many possible
set of well proven methods that include zero- attack vectors that it becomes unmanageable.
knowledge proof techniques under validators for Organizations suffer higher costs through
verification of Merkle hash trees. increased supporting staff, or supporting
infrastructure, with the potential solution costing
This situation ensures that attacks are mitigated sometimes more than they gain through mitigated
even at the limit of a completely subverted risks, from a cost management perspective or due
corporate network, in which every verifier node to being overwhelmed with possible threats via
is acting with malicious intent. Regardless of third parties to manage their own security, which
how many verifier nodes exist to be verified, the brings extra risks. Naoris suggests that it be
majority in comparison will always be chosen leveraged to its fullest by organizations creating
at random from the online network where the an ecosystem in which companies, organizations,
verification source is, thus the probability to or users DAO`s secure each other indirectly
guess and act to compromise any selected without the risk of loss of data or breach. By
network apart from sizing are negligible. doing so or by using centralized solutions, Naoris
becomes an evermore resilient and trustable
Resilience is also added to the context of super environment that does not transfer data
distributed truth finding operations, through but, their quantum-resistant one-way collision
enforcement of mandatory consensus of at least resistant hashes.
two high-tier trust-nodes. These nodes have
much higher computing power and follow known
cyber security standards in a verifiable manner,
and as such can provide various operations over
the hash tree and the source hashes.

www.naoris.com Page 11
New Design Principles Naoris Protocol

3.1.2. Parametric Bayesian Inferences and and identified uniquely, all the device drivers
Modelled Consensus Secure Baselining enabled should be known and identified uniquely,
etc. These will all be part of a secure signature
Arguably the domains of CyberSecurity that is going to be collected by the sensor on the
experiencing huge transformation is endpoint system and stored on the blockchain.
security and AI backed solutions. Despite the
constant advances in this domain to mitigate There are quite a few applications of such a
known threats, a lot is still needed in order to technique, notably finding potential malware or
achieve truly mature-network-sized endpoint otherwise unwarranted or untrusted software
protection. We propose a succession of running alongside well known and expected
techniques, compared with the standard strategy. applications, even a certain executable file that
The objective is to predict and avert a wide array was known but suddenly has a different signature
of risks are direct or as part of a cascading event. due to a code injection attack or the use on an
unwarranted or subverted library, and even risky
The security of a certain network can directly be malwareless system actions like:
influenced by the importance of applications and
the data used by a particular business process. • running a command as superuser or root,
The possibility that a change in the process or new
application can be malicious, can be determined • connecting to the internet through an insecure
by several means. It can be by the user that made protocol like SMB, RDP, FTP or an Anonymous
the change, portion of the change, timing of the socks5 Proxy among other examples.
change, rate of change per period of time, previous
historical records on changes, circumstance After that Modelled Consensus Secure Baselining
of other running applications, and a number of (MCSB) is defined and may be used as a parameter
other different activities. Thus, whenever there for Bayesian inferences made by the AI engine in a
is information of a particular kind that needs to future disturbance of that same expected secure
be processed in order to get an unambiguous signature.
conclusion based on probability or evaluation of
the risk, Bayesian networks are a good choice in 3.2 From Centralized to Decentralized
order to create whitelisting / blacklisting rules
that are validated over time through consensus. Decentralization isn’t a new phenomenon. It
was a part of the social structures of early
The Bayesian network’s formalisation was devised human societies. They were small Neolithic
in order to allow for an efficient representation of decentralized communities of under 100 people
probability given a list of truths. The procedure in which everybody was responsible to and for
enables a system to learn from experience, and it one another. A smaller population size allowed
unites the areas of AI and neural networks. this type of governance to be more streamlined.
But later such small communities morphed into
In this context, Naoris enables the owner of a Verge complicated and hierarchical societies dependent
Cluster, through the Naoris DApp for Command & on centralized forms of government.
Control (C&C) to set learning timers for different
systems. An example can be given for a potential The concept of a ruler taking the lead and
critical system, where the owner sets learning centralizing decision-making was suggested as
timers for an initial 30 days, where all applications a solution to the growing issues. The revolution
that run there should be known and identified led to increased production, and as communities
uniquely, all the libraries called should be known became larger, it was impossible to keep a state of

www.naoris.com Page 12
New Design Principles Naoris Protocol

overall peace without a central power to manage This increasingly leads to a call for a possible
social interactions. solution to the loss of trust among traditional
organizations, and to establish live intermediaries
Centralization was initiated with the that add to the capability to reduce the requirement
establishment of a central authority; the cost for trust between different individuals. This is
of production was ultimately decreased due to why decentralization which delegates, validates
standard methods of production and trade, and and ensures fairness in decision-making and
improved production quality was also achieved planning from central authorities is vital.
and led to greater coordination within society.
Distributed ledgers aren’t new. They offer a secure
The major benefit of using centralized systems solution for record keeping and accounting. DLT
was its efficiency. It is easier to make decisions is a type of network of interconnected devices
when a system is centralized, and there are within a network with no central server that
virtually no duplicate roles. Additionally, because distributes information; instead, the networks of
of the centralization of authorities, society is able connected devices cooperate in order to create
to become fairly steady, predictable and stable a consensus regarding sharing and storage of
particularly in projects that require final and fast information. Because of the consensus protocol
decisions to be made without great care for what that all machines are in agreement with, when the
the whole wants or needs or is best. information is recorded on the ledger system, it
will be necessary to achieve, ideally, the consensus
The flaws in centralization become apparent. One of all machines to allow for that information to be
of the main drawbacks of centralization is the altered. This ensures the security of immutability,
assumption that the top management/board/ as well as the transparency of a trusted system.
control-systems always have the best interests
of the people or systems under their wing. As Decentralization is vital to the progress of
centralization systems grow they are often shown civilization. Additionally, decentralization through
to experience a decline in their effectiveness. technologies like blockchain can result in the
Another issue with centralization is censorship transparency of, and accountability in: finance,
and lack of truth and transparency. governance communications, CyberSecurity,
auditing, enforcement of standards and other
If unchecked centralized systems can result in an crucial tasks.
unbalanced exercise of control by a small group
of elites. The crisis of trust that hit across the Sectors like supply chain management as well as
globe following the aftermath of 2008’s financial property rights, contractual agreements, as well
meltdown has been explained as the result of the as digital identity, CyberSecurity, data assurance
collapse of trustworthy institutions like banks and trust are all areas that can greatly benefit from
and financial institutions. This was followed by decentralized technology. In the end, it is very
other critical failures of centralization, such as clear that blockchains will play a significant role
the misuse of technology and information for in the good governance of global sustainability,
monitoring, interference of centralized, often as well as equitable economic development and
wealthy power structures for the benefit of the security of operations in all domains of digital
the few, or biased decisions caused by being technology, which are, obviously, backed by trust
influenced by private funds or corporate giants systems and security in digital form.
or other large organizations of centralized power,
etc.

www.naoris.com Page 13
New Design Principles Naoris Protocol

3.3. From Siloed to Interoperable other locations of this whitepaper. However, a

number of industry studies and reports have shed
The CyberSecurity industry is facing an important the spotlight in recent times. A survey conducted
issue that is markedly slowing progress towards in 2017 conducted by Enterprise Strategy Group
improving security postures for businesses (ESG) found that 40% of 412 respondents utilized
and organizations across the globe. It is about between 10 to 25 safety tools. In addition 33%
the dispersion of security operations within of those surveyed utilized between 26 and 50
organizations. This can be due to a variety of security tools. A 2017 study in the field of financial
reasons, such as the use of multiple diverse security services from market research organization
tools, the lack of the management structures or Ovum discovered that over 73 percent of
absence of interconnected processes, etc. While respondents used more than 25 security tools
the causes behind isolation of security operations in their security processes. The majority of the
could be different, all companies suffer the same organizations that were surveyed had more than
negative effects and repercussions. 100 security tools. All these tools are siloed and
do not talk to each other, they are in most cases
Security operations are composed of a variety black boxes themselves that can insert risk into
of teams within an organization, each of which the organizations, but barring a decentralized
might use a different technique or stack of tools. solution, they are “the only” option.
In many instances, companies employ specialized
tools to deal with specific scenarios. In the Gartner identifies in its 2022 Tech Trends the
short-term the addition of a dedicated tool might CyberSecurity mesh as one of the core technologies
appear like a sensible option however it only the majority of the world’s organizations will be
increases the workload for operations over the using in the next few years.
long run. With each tool, businesses must educate Gartner analyst Felix Gaehtgens said the
their employees and they may need to alter their CyberSecurity mesh approach is a strategy rather
process. It’s not difficult to see the reasons why than a structure. However, the idea improves the
this isn’t an effective strategy, particularly for alignment of organizations and the threats they
CyberSecurity, due to the emergence of new face: “Attackers don’t think in isolation. They think
threats and emerging security technologies in silos,” he noted.
evolving with the added complexity that devices
on premise and on cloud, and now within unsafe Naoris suggests that businesses or users in
networks of people working from home and their centralized or decentralized organizations should
associated risks - such CyberSecurity structures have an alternative that empowers them with
are not made to work across networks and do the layers of trust and support needed to deliver
not support today’s decentralized workforce the essential security mesh strategy required in
mentality, in other words we`re using centralized a naturally decentralized way that benefits from
solutions in a decentralized world. decentralization instead of seeing it as a risk.
While being by its own nature, orders of magnitude
It’s quite difficult technically and operationally more resilient than centralized siloed tools, and
to determine the exact amount of equipment not vulnerable to black box stemming attacks
employed in security operations because it’s a like supply chain attacks and breaches of trust, a
sensitive issue that could compromise the security decentralized CyberSecurity mesh approach that is
of the company. Many of them are siloed both owned by themselves is desirable and preferred, as
in their management and operations, so it’s not there is no need to transfer risk to any third parties.
unusual that these tools themselves are a source The CyberSecurity mesh naturally embraces the
of risk towards the organization as discussed in defense in depth principle and suggests that all

www.naoris.com Page 14
New Design Principles Naoris Protocol

needed centralized “traditional” cyber tools should stacks, companies are unsure of the security
still be used in conjunction and within the mesh and protection against risks in open-source
that secures environments and assures the tools applications.
themselves are not compromised.
Although open source makes code available, it’s
observed that visibility of sources is not enough
This includes identity fabric, security analytics as to reduce the security risks that are posed to
well as policy management and useful dashboards. an individual project in the majority of cases.
Interoperability and distributed security will be Security experts report that in certain situations
the main ingredient in creating and implementing the visibility of source code can help to bring
a security mesh. This will certainly change how projects to secure and stable conditions.
CyberSecurity is thought about and delivered.
Naoris, as one of the contributors to open
3.4. From Proprietary to Open source, strongly believes that open source
code doesn’t create any significant obstacles
A rapidly emerging trend noticed by companies is to security. Instead, it enhances the security
the trend of trying to know the basic advantages of code by involving a wide range of users with
and disadvantages of implementing open- the capability to report bugs swiftly providing
source-based tools and how they’ll impact their customers and the general public at large
CyberSecurity plans. The rise of a number of with tangible examples of reusable, reliable,
open-source IoT platforms such as DeviceHive, refactorable and as a consequence of scrutiny,
Macchina, Eclipse IoT and ThingSpeak as well secure code.
as many others and an array of open-source

www.naoris.com Page 15
White Paper Naoris Protocol

4.0. HyperStructure

Valuable

Minimally Positive
Extractive Sum

Permissionless Expandable

Credibly
Unstoppable
Neutral

Following the Ethos: Attributes of The Naoris Protocol HyperStructure

4.1 The Need for Adopting the HyperStructure that various actors interested in tampering with
Ethos such an important infrastructure will attempt.

Escalating planetary scale cyber threats demand The traditional definition of infrastructure is
a new set of design principles. Traditionally “the basic physical and organizational structures
framed companies are subject to various attacks and facilities (e.g. buildings, roads, power
that stem from abuse of power, censorship, and grids) needed for the operation of a society or
bribery, to name a few. To address these risks enterprise”. Clearly, a digital world requires
and many others, single points of failure need to digital infrastructure. And as we have learned,
be eliminated from the picture for a long term digital infrastructure such as Social Media and
solution to emerge. News platforms, which are owned by centralized
entities, may be great business models for the
In short, the digital infrastructure that is moguls running it, but are not in the best interest
required to address CyberSecurity issues in the of the general public. Decentralized models point
21st Century needs to outlive its founders, the to a better path.
company that started building it and the attacks

www.naoris.com Page 16
HyperStructure Naoris Protocol

A CyberSecurity mesh that is engineered to work of builders to come into fruition without
enable every device to protect each other needs going spoiled shortly after, while benefiting the
to go beyond being a digital infrastructure - it many, not the few.
has to be antifragile, becoming stronger the more
it is attacked - and designed to serve everyone, In the Digital Age, CyberSecurity, like Privacy,
without prejudice, for generations to come, if not needs to become a basic human right.
forever.
For a Decentralized CyberSecurity Mesh to 4.2. The Attributes of a HyperStructure:
become the massively adopted protocol that
finally is able to turn billions of untrusted devices 1. Unstoppable
into the most secure network of networks that the 2. Permissionless
world has ever seen, a paradigm shift is required. 3. Minimally extractive
Therefore, we’re not just building a protocol. 4. Valuable
We’re building a HyperStructure. 5. Expandable
6. Credibly neutral
A DAO (Decentralized Autonomous Organization) 7. Net positive.
governed protocol via quadratic voting may be
an important initial step towards effectively • Unstoppable: Protocols that are unstoppable
maintaining a planetary scale for-public are built to run indefinitely, without degrading.
CyberSecurity infrastructure, but to build No one should be able to stop such a protocol.
something that becomes mission critical for Not even power structures or the creators
realizing the future we believe we all deserve, of the protocol itself. HyperStructures
new, bold design principles should be adopted. should be multichain, else they are subject
We can’t do the same things over and over and to the longevity of the blockchain in which
expect different results. the protocol runs. HyperStructures’ smart
contracts and mission critical files should be
Before we outline and describe the attributes that hosted on the permaweb, meaning that they
make a protocol a HyperStructure, it is important should remain online indefinitely, come rain
to note that although all HyperStructures are or come shine. Devices and networks can
protocols, not all protocols are HyperStructures. adopt it or abandon it, but one of the main
attributes of a HyperStructure is that it can’t
Another point worth mentioning is that at the time be stopped. The off switch does not exist, so
of this writing (January 2022), HyperStructures even a DAO wide vote would not be able to
are more a Concept than a Thing. This means turn it off, removing another attack vector of
that as more protocols are built according to a the CyberSecurity Mesh.
HyperStructure Ethos, definitions may change
slightly and new attributes may prove to be as • Permissionless: Approval by a trusted
important or more important than the ones authority is not required to join the network
explored below. and any user who wishes can participate in
the protocol. All devices who become part of
What we currently know for a fact is that building the CyberSecurity Mesh become validators
a HyperStructure is more than desirable for of the state of the network and the same
building the foundations of the new internet. level of security is presented to everyone.
HyperStructures may actually be the only way to Users and builders cannot be deplataformed.
build truly important digital infrastructures that HyperStructures need to be censorship
are capture resistant and allow the dreams and resistant and accessible by anyone.

www.naoris.com Page 17
HyperStructure Naoris Protocol

• Minimally Extractive: We defend that security handshakes will be. Naoris Protocol
HyperStructures need to be minimally derives its value not from Total Value Locked
extractive - which means, a protocol should (TVL), but rather from Total Value Secured
charge near base cost fees to incentivize (TVS). The more valuable networks join the
adoption, and disincentivize forking, while CyberSecurity mesh, the more valuable the
ensuring that the ecosystem development protocol becomes.
treasury is managed by the DAO remains
robust to allow a strong ecosystem to emerge. • Expansive: Powering potentially hundreds of
While Naoris Protocol has a clear vision of billions of security validations per day, the
what its core should be, being able to adapt protocol needs to possess built-in incentives
and evolve the CyberSecurity Mesh and the for users to behave fairly and for builders
ecosystem around it is critical for its longevity to continue iterating on the protocol and
and effectiveness against cyber threats. building on top of it at the application level.
Most well funded blockchain protocols are
• Valuable: The protocol is conceived to be a able to set up an ecosystem development
for-public endeavour, and yet, extremely grants program, but how many can continue to
valuable to own and govern, which sparks an foster the ecosystem in the years to come? For
ecosystem around it. If a protocol is not useful the longevity of grants programs to increase,
for its users, it has no reason to be adopted, a positive feedback loop is required. A portion
and stay relevant for the long term. If owning of the minimally extractive fees generated by
and governing a protocol does not provide a growing number of participating devices
any benefit to its governors, it becomes hard needs to be directed towards a dedicated
to maintain. Altruistic actors may exist, but treasury for ecosystem grants, which is known
they are not common. The challenge is to as a Web3 sustainability loop. For the long term
strike a balance between accessibility for all success of a HyperStructure, there should
and value for the ones governing the protocol. be incentives for entrepreneurs to continue
The larger the Mesh becomes, the more working on defending the mesh against new
valuable it becomes. In a tokenized machine threats. CyberSecurity is a dynamic realm and
economy with a capped token supply, it’s thinking that this nature will change would be
natural to imagine that the more valuable both dangerous and foolish.
the mesh becomes, the more valuable the
underlying tokens responsible for the

Dynamics that
Disburse at make $TOKEN↑
beginning as usage↑

Curate $ w/ Workers:
$ TOKEN core “Work to grow web3 Project
criteria: networt and Ecosystem
generation (1) growth devs, app
devs ... revenue↑,
(2) mission $TOKEN

Network
revenue

The Web3 Sustainability Loop Model, as proposed by Dr. Trent

McConaghy, Co-founder @ Ocean Protocol.

www.naoris.com Page 18
HyperStructure Naoris Protocol

• Positive Sum: Wide adoption and usage of the 4.3. The Likely Outcome from Adopting the
protocol results in a win-win environment HyperStructure Ethos
for all network participants. This happens
at all levels of the protocol. As more devices Our belief is that the attributes of a HyperStructure
of a network use the CyberSecurity Mesh, are not just powerful on their own - they are highly
they become safer for all participants of synergistic. Building an important piece of digital
the network. As more networks of networks infrastructure for Web2, Web3 and securing
participate on verge clusters, entire economic potentially all of the devices in the world with a
sectors subject to the same compliance peer-to-peer blockchain enabled CyberSecurity
standards become more secure, with verge Mesh is an endeavour that requires thoughtful
cluster-wide learnings as attacks on any planning and design principles.
devices belonging to a network inside of a
verge cluster are attempted. The net value Once built on such an Ethos, a protocol becomes
for society at large is access to security that a for-public infrastructure optimized for massive
aims to cost an order of magnitude less than adoption and its network effects, while actually
current CyberSecurity stacks, while bringing solving the underlying challenges for which the
detection and mitigation capabilities one protocol was designed to present solutions for.
order of magnitude higher. On a technology
development level, the minimally extractive Building the first HyperStructures is a privilege
fees power an ecosystem development grants that our generation can enjoy as technological
program, giving the community a clear path breakthroughs in the realm of blockchain scaling
forward and blossoming a growing number and decentralized governance converge with
of projects maintaining and building on top a new global value system that unfolds new
of the Naoris Protocol. Providing competitive possibilities for everyone.
participants an opportunity to collaborate on
certain levels, using the same infrastructure As the transition from Web2 to Web3 accelerates,
for the benefit of all provides further elements with powerful crypto economic incentives at
for a positive sum environment. its core, new autonomous and self actualizing
structures for the world can be imagined, and
• Credibly Neutral: To be adopted by a wide one day we hope that future generations can
range of governments, companies and look back into this point in time and marvel,
individuals, which are known to have different acknowledging the advantages brought forward
priorities and objectives, HyperStructures by the trailblazers and pioneers who ventured
need to be credibly neutral. They need to into a new world that is more equitable, resilient
treat everyone fairly and provide the same and adaptable to the new conditions of the ever
level of access and service to all users, to the expanding digital paradigm.
extent that it’s possible to treat people fairly
in a world where everyone’s capabilities and
needs are so different (Buterin, 2020).

www.naoris.com Page 19
White Paper Naoris Protocol

5.0. Technology Backdrop and CIA triad.

the Case for a New dPoSec In the context of CyberSecurity it is necessary

Consensus Mechanism to examine the CIA triad as a model to develop
CyberSecurity architectures. These core security
5.1. The CyberSecurity CIA Triad - Confidentiality, principles guide CyberSecurity policies, however
Integrity and Availability of Data they aren’t the only ones; Naoris’s Protocol seeks
to offer a hyper-resilient cyber security mesh that
The idea of the CIA triad was created over time encompasses these core principles of CyberSecurity
and does not originate from a single source. and more.

Confidentiality was first proposed in 1976 through These core principles apply to ecosystems of
a study of an organization called by the U.S. Air any kind and magnitude, and must be taken into
Force. account to decisively mitigate the risk that occurs
at the baseline level. Stemming from a myriad of
The concept of Integrity was discussed in an threat methods that include breaches of trust and
article in 1987 titled “A Comparative Study with the tampering or subversion of trusted systems
Commercial as well as Military Computer Security and processes. Naoris Protocol is governed by a
Policies” composed by David Wilson and David Distributed Proof of Security Consensus (dPoSec)
Clark. The paper acknowledged that computing model that enables the environment to focus on
in commercial settings had an obligation to keep growth and wider adoption by mitigating internal
accurate accounting records and correct data. risks as well as validating other spaces for risks and
threats. This creates a positive-sum decentralized
While it’s not as simple to locate the original effect in true HyperStructure fashion, providing
source, the notion of Availability was made a win-win position for the Web3 community at
popular in 1988. In 1998 the public was introduced large with a permissionless and wholly beneficial
to the three concepts as a whole, known as the approach that is credible and credibly neutral.

Confidentiality, Integrity and Availability referred

to as the CIA triad is a framework developed to
help organizations establish appropriate policies
that manage the way they deal with security and
information.
The aim for the triad framework is to guarantee
y
rit

that data is stored correctly and in a consistent

Av
eg

manner, until changes are authorized by an

ail
Int

ab

authenticated authority or participant whenever

ilit

they choose.
y

Information
Security
Data must be protected from disclosure due to the
nature of the information that the organization is
Confidentiality responsible for creating, processing and storing.

Confidentiality refers to the capability not to

divulge information to unauthorized persons,
programs or processes. Confidentiality is related

www.naoris.com Page 20
Technology Backdrop Naoris Protocol

to the security of information as it requires the when they need it, which includes prompt
control of access to that information, and includes access capabilities, remote or local as needed,
the capability to obtain or unencrypt such no matter the time of day, the place of residence,
information through access control methods. It geographical location or any other factor. Outages
is essential to make sure that only authorized or DDOS attacks are examples of availability
individuals are able to access information and that failures.
unauthorized individuals are not. In simple terms,
confidentiality implies that something is kept The completeness and accuracy of data is
secret and shouldn’t be divulged unintentionally essential for the success of any organization,
to individuals or organizations. ecosystem or entity, centralized or decentralized.
The reliability and authenticity of data, processes
When confidentiality has been compromised and other operational assets are fundamental
it could lead to loss of privacy or disclosure and critical, to ensure they are not susceptible to
of confidential information, IP, or the critical manipulation.
leakage of data to others or the general public.
There are many kinds of information that It is important to note that integrity is essential
can be considered confidential, for example in order to safeguard data when it is being used,
financial details, health records or other not just for the operational capability of any
sensitive information like cryptographic keys ecosystem, but also when used by others and by
or passwords. Certain types of information are trusted third parties of that ecosystem.
more critical than others and therefore require a
greater level of security. Implementations of such The CIA triad should be held to the highest regard
security methods within information systems are from an architecture perspective and validated
Access Level Restrictions (ACLs), used within through the highest trusted methods possible, the
cryptographic algorithms for data in transit or at Security Goals of the RMIAS Model enhances the
rest. Triad and focuses on 8 goals that are considered
key for a best in class baseline security level.
Integrity refers to the protection against
the destruction and/or modification of data, The CIA Triad:
assuring that the information is not altered in • Confidentiality
an undetected way, as well as ensuring that the • Integrity
integrity of the information is maintained and it • Accessibility/Availability
can be trusted and has not been tampered with.
This applies to data as well as files, processes Plus the supporting 5 Security Goals, RMIS:
and even whole systems. This means that a cyber • Accountability
security threat or vulnerability to specific cyber • Privacy
attacks can be assessed by compromising any • Trustworthiness and Authenticity
of the fundamentals. Integrity is founded upon • Non-Repudiation
encryption and hashing or hashing only, in order • Auditability
to provide the highest level of security against
tampering and subversion, as well as cyber- The rapid adoption of innovations stemming from
related threats like cyber-espionage or sabotage Blockchain 1.0 to Blockchain 2.0 and Blockchain
of critical processes or data. 3.0 have an implicit promise offering bold claims
of censorship resistance and unprecedented
Availability or accessibility ensures that flexibility, however as much of this beloved
information is accessible to all who need it, technology, if not all, still rests firmly on real-

www.naoris.com Page 21
Technology Backdrop Naoris Protocol

world critical digital services and networked The promoted perspective offers an alternative
systems that make up Web2 architecture. approach towards distribution studies that result
in the development of many new protocols that
We at Naoris present this as a serious intrinsic have led to a number of breakthroughs. We
baseline threat, and a false sense of security for should not forget that this distribution technique
Web 3.0 applications that end up inheriting the uses a consensus approach that was released a
risk of Web 2.0 systems. Naoris believes that decade ago, after which you can find an entirely
safeguarding Web 3.0 using Web 2.0 solutions, new collection of protocols which are being
if any, defeats the overall purpose of bringing developed to surpass the Nakamoto definition,
services under the most trusted platform in the maintaining the original baseline ethos while at
world. Naoris proposes a solution that can grow the same time using the former as a launchpad
in parallel with other innovations to achieve the for improving and innovating around it, with the
best that Web 3.0 can offer. aim of creating a better world.

As such the Naoris Hyperstructure oversees a Consensus and its own efficiency have been the
wholesome and positive-sum use case for all major areas of focus since the start of computing,
Web2 and Web3 participants that care about with every up-to-date improvement, we are
the quality of their CyberSecurity and service, closer to solving the key questions and problems
while benefiting the whole community with their like never before.
participation.
In order to achieve an agreement or consensus on
5.2. The Blockchain Trilemma and the Naoris what will happen to the blockchain on each cycle,
Approach to Mitigating Risk. all participants, be it block producers, validators
or other kinds of participants need to have the
In regards to the Blockchain Trilemma it can most current information to process .
be said that Blockchains are fundamentally
connected by an absolute truth that is focused on
three vectors, they are, Security, Scalability, and Scalable
Decentralization. It is because of the decentralized
nature of blockchain systems, that certain
requirements were defined as fundamental to
its workings. Since the inception of blockchains,
ms
te

a constant communication stream between all

ys
os

Ty

participants was deemed as paramount.

ec

p
ica
in
ha

lh
-c

igh

There are numerous ways we can define a

lti

-TP
Mu

distributed system. For instance the way in which

Sc
ha

it exists, in the most simple form, in one single

ins

Traditional chains (BTC, ETH,...)

computer. The central unit of control, the bus
unit, the input output channel, and memory units
Decentralized Secure
are independent components that collaborate via
distribution.

Satoshi achieved a breakthrough in the field of

distribution by offering definitions resolving
immediate issues and omitting intermediaries.

www.naoris.com Page 22
Technology Backdrop Naoris Protocol

This is referred to as synchronicity and is triad) and other well known security standards.
generally a limitation in decentralized networks, These standards constitute the basis of good
which requires extra potential time to spread security architecture by design, ensuing trust
information throughout the network to all at the baseline level and mitigating risk to its
participants. operations. This is true for blockchain systems
and supporting environments, like wallets,
Security refers to the resiliency of the blockchain miners, exchanges, bridges and L2 Protocols.
against attacks at the protocol level, as well as
the ability to change the blocks’ data, which is Naoris Protocol’s security is firmly rooted not
also known as its source of truth. only in its ability to process data in a scalable,
decentralized and secure way, as validated by the
Scalability generally refers to the amount of Web3 protocol in question, but also its capability
transactions, users and protocols that the to be resilient against a plethora of threats and
blockchain can support without slowing or cascading risk events.
increasing transaction fees. It is often utilized
in conjunction with the term “throughput” also Events that are currently not managed from
known as “transactions every second” that a a decentralized perspective if managed at all.
specific blockchain can permit. For example, Noaris must extend its resiliency
to cover a more risky, single-point of failure or
Decentralization refers to how well-organized centralized perspective that uses opaque black
nodes, governance, and ownership of tokens or box vendors for traditional security.
pieces of data or smart contracts are distributed
across the blockchain ecosystem. Blockchains Vendors that operate without any enforcement,
depend on a network of worldwide distributed validation or mitigation efforts for any baseline
nodes to achieve consensus which is basically server, process, access control management
an agreement about the type of modifications or system, integrity, trust, patch level, known
changes the blockchain could undergo. threat or service risk being enforced or
validated before any data is submitted or
A decentralized network requires more time to validated by a node. This will lead to potential
achieve consensus across all nodes as compared to attacks of various criticality levels against the
a single central node. This is why decentralization availability of the system and its security and
is fundamentally in opposition to scalability. trust and overall survivability and resilience.
Additionally the scalability factor is directly
related to the security of blockchain. This is due Blockchains, supporting infrastructures and other
to the fact that a small network is susceptible DLT systems, just like any other system based
to being targeted and could have its irreparable on real world infrastructure stacks, Operating
blockchain information compromised, while an Systems and various layers of complexity across
extensive network is costly to be disrupted. the OSI Model, have risks that are not only aligned
with Web2 centralized environment weaknesses,
Naoris Protocol argues that while these are but inherent to their nature, such as but not
important topics, just like for any other system limited to:
type, distributed or not, the overall integrity and
availability of the system has to be in working order • Account Hijacking risks at node, user and
under the CIA Triad and the RMIAS - Reference exchange levels,
Model of Information Assurance & Security • API tampering risks,
Model (an extended version of the encompassing • DOS/DDOS,

www.naoris.com Page 23
Technology Backdrop Naoris Protocol

• Consensus attacks, direct and side-channel

against miners/block-producers, sidechains
or shards,
• Data corruption or tampering of oracles,
• Wallet Vulnerabilities, tampering, code
injection attacks, others,
• Internal threats in exchanges, oracles,
protocols, bridges,
• Update poisoning,
• Code injection attacks, cryptojacking, namely
malware in miners or validators,
• Advanced Persistent Threat risks,
• Sniffing attacks, Keylogging attacks against
wallets and servers of any kind,
• Evil maid attack through hardware or firmware
tampering,
• Identity and Access Management
vulnerabilities on nodes, users, oracles,
bridges, servers,
• Malicious browser extensions.
• Service provider attacks on oracles, nodes,
users,
• Cascading events started by any of the above
that trigger serious risks such as but not
limited to survivability events or 51% attacks,
among others.
ANDROID TABLET COMPUTER iMAC SERVER

A representation of node structures and device types

Current insights are pretty much limited to blockchain submissions, i.e the time of block submission,
number of transactions within blocks, contracts responsible for the block creation and timestamps etc.

The Naoris approach aims to help support such environments without any impact to their operations,
using its own dPoSec consensus mechanism which is focused on leveraging a higher trust and security
level for these spaces which operate within their own private VergeClusters with their own rules and use
cases, while needing no further requirements for changes to their operations or consensus model and
leveraging their already existing infrastructure to their own defense.

The environments devices and services validate each other under consensual rules, ensuring mutual
trust between themselves and ensuring the security and integrity of their services increasing their value
and bottom line and the trust of processes and operations they have running.

www.naoris.com Page 24
White Paper Naoris Protocol

6.0. The Naoris Protocol’s CyberSecurity Mesh HyperStructure

Framework

6.1. Ecosystem Overview

In the context of the world’s ever growing inter-connected digital systems, our privacy, security and
safety depend heavily upon the accuracy and validity of critical information generated by processes
that traverse networks or rest within systems. Various innovations have been designed to eliminate the
need for loosely-secured entities that control the flow of critical data, cryptographic keys and other
logical assets, but each of these efforts has, in the best of cases, relied completely on a human-based
centralized management model. A model where all systems and their surrounding infrastructure - be
it, software or hardware based centralized governance structures, require human input and oversight
to operate. Considerable efforts have been made to strengthen the overall state of security and trust of
such centralized entities, all with the intention of making the internet a safer place, but after many years
and many innovations, the current cyber threat is rising at such a pace, that no centralized solution can
keep up with it. This has resulted in an exponential increase of risk to the globalized structures that
support the world we live in.
C
om
pa
ny
A

†+2 Server X†+2=L

y
ar

Critical
C

†+1 †+1
di
om

†+0 †+2
System
i

†+0
bs

†+1
pa

†+2
Su
Main Chain

†+0
ny

†+1
Transaction
B

†+0
D
ny
C
om

pa
om
pa
ny

Critical File
C

Subsidiary A

Application
End Point
Laptop

†+ timestamp, L= compromise, X= failed validation, =confirmed validation

dPoSec and Naoris CyberSecurity Mesh validation over time representation over a node and its processes

www.naoris.com Page 25
CyberSecurity Mesh HyperStructure Naoris Protocol

With years of experience in the field of critical The Naoris Protocol Design Principles are:
CyberSecurity and risk mitigation, the team at
Naoris Protocol have created a disruptive and 1. Enhancing scalability while ensuring security
contrarian design pattern that makes networks and decentralization
safer as they grow, not weaker. By turning 2. Protecting data in multiple layers instead of
any device, by its nature a centralized point of implementing single layer security
risk, into a trusted node and validator of trust, 3. To only rely and work with trusted nodes
operating within a Verge Cluster and governed 4. Keep close track and check upon
by a distributed assurance consensus, through vulnerabilities and act with ‘keep learning’
this approach, the Naoris Protocol is bringing and ‘keep patching’ gaps
decentralization into centralized environments. 5. In-built capabilities to provide first layer
Defense for all applications deployed on the
Inherent centralized risks are mitigated by network. For example, to auto check smart
leveraging the existing complexity, both in number contracts for vulnerability attacks
of devices and also across disparate traditional 6. Adaptability to preserve privacy
networks, which to their own advantage, all 7. Off-chain can remain unstoppable
operate under a distributed dPoSec consensus 8. Open standard to support various Dapps
while at the same time acting as a resilience and 9. Incentive-driven ecosystem
trust assurance shield for other peers across the
network. Naoris Protocol provides an extensive interactive
explorer that offers enhanced transparency to its
The aim to decentralize CyberSecurity through a users and Verge Cluster owners with access control
mesh HyperStructure enabling a generalization and management capabilities for onboarded
of trust at the baseline level is key in providing assets. This provides insights gleaned from the
value to governance structures, enterprise, and multiple rules that network specific security
the entire Web2/Web3 technology stack. policies are based upon. These insights help keep
a distributed validation track of compliance,
In this section we will provide an overview of cyber best practice, patch-levels, internationally
the Naoris Protocol - a pioneering innovation in accepted CyberSecurity standards like Health
distributed CyberSecurity. Insurance Portability and Accountability Act
of 1996 (HIPAA), Payment Card Industry Data
Naoris Protocol allows for pseudo-partitioning in Security Standard (PCI-DSS), National Institute of
a shard-like manner, such that the entire state Standards and Technology (NIST), ISO/IEC 27000
of the network is distributed and maintained in standards family among others, and even secure
partitions known as Verge Clusters. baselines that are under management to control
the specific participation of a Verge Cluster
Naoris Protocol supports both on-chain and off- domain, this is especially useful when third parties
chain sharding, where nesting Verge Clusters need to validate or audit SLA`s or compliance rules
are deployed to serve independent business of subordinate organizations, i.e., Banking Sector,
needs, embedded with case specific security and Critical Infrastructure sector and their third
compliance logic to deliver precise CyberSecurity parties or National Regulators/Central Banks, etc.
requirements. Off-chain networks can be
optimised to act like an on-chain solution, making Further Web3 related extensions include; reward
any organization or individual unstoppable even viewer, status viewer, scheduler, CLI and SDK,
in the absence of any appropriate consensus. ready-to-integrate templates, cross-chain barter
system, and cold and hot wallets.

www.naoris.com Page 26
CyberSecurity Mesh HyperStructure Naoris Protocol

6.2. The Topography of the Decentralized 4. The Application Layer

CyberSecurity Mesh It is the most commonly used user-facing
function. This layer can be divided into 2
6.2.1. Blockchain Topography Overview groups.

In general blockchain can be divided into 4 layers: a. Ecosystem

This first group contains applications that
1. The Network Layer provide common functions for the majority
The network layer provides network of the higher-level Blockchain applications.
services and representations of data. It comprises these categories.
Data representation is responsible for the
storage as well as encryption and security i. wallets.
of data. Services for network connectivity ii. exchanges
are accountable for identifying and iii. oracles
communications with protocol peers, as well iv. filesystems
as routing, addressing, and name services. v. Identity management
These are service providers, which includes vi. secure timestamping
those who control DNS names and IP
addresses. b. Applications of the Blockchain
Ecosystem:
2. The Consensus Layer The following group of types of applications
It is accountable for the rules to be followed is one that operates at a higher level and
by a sequence of transactions. It is classified focuses on specific features that are used
into different categories according to the by the user. This category comprises
protocol type: higher-level applications that inherit
security aspects from particular categories
1. Byzantine Fault Tolerant in the underlying ecosystem groups. This
2. Proof of Work, as well as category comprises areas like
3. Protocols for proof-of-stake
i. e-voting
3. The Replicated State Layer ii. notaries
It is the replicated state machine component, iii. identity management
which is concerned in the understanding iv. auctions
and updating of the blockchain’s status, v. escrows etc
is responsible for the task of processing
transactions. This layer classifies transactions Naoris Protocol is focused on filling in the gaps
into two categories. at various levels of the blockchain. It provides a
common system that is systematically implemented
a. The first is about the privacy of with a use case in mind and continuously improves its
transactions as well as the privacy of those understanding of its use case baseline and is therefore
who created them. a higher probability innovation bed because of its
distributed security use case, ahead of most recent
b. The second section is smart contracts. developments in the generic use of blockchains. It
It is concerned with safety and security is a model that can be used by companies or users
aspects of decentralized execution of code to tackle CyberSecurity risks; it is a system that
within an environment. enhances the muti-layer blockchain use ethos.

www.naoris.com Page 27
CyberSecurity Mesh HyperStructure Naoris Protocol

dApp dApp

dApp dApp

High Security
High Security Business
Full Node Switch Nodes
Nodes System
Business
Switch
Router System

Full Node
Router
Firewall

Light Node Firewall

Full Node Validator

Validator Bootstrap Node

Bootstrap Node

Firewall

Router
Validator
Validator Validator Node Types: Server
•Light Nodes
Switch Validator •Full Nodes
•Archive Nodes
Validator •Bootstrap Nodes
•Validators Nodes
•High Security Nodes

Overview of a sample network context under the Naoris Protocol

6.2.2. Risk Assessment Component Model on 2. Assets

Topography Assets can be found at the application layer
and can include:
Security models for risk assessment
a. Monetary value, in other words. crypto-
1. Owners tokens and other tokens
Blockchain users are the owners. They can b. The availability of service-layer applications
run any type of node and operate in both the and functionalities built on top of blockchains
applications or consensus layers. Owners such as for example notaries, escrows or data
of $NAORIS tokens are able to use and offer provenance, auctions, etc
applications and services that are based upon c. The authenticity proofs of/for users, privacy
blockchain technology to others. Owners can of users and privacy of information
also add consensus nodes that earn crypto-
tokens when they run, offering a resilience 3. Threat Agents
service to the consensus protocol. They may be available at all levels and involve
malicious users who are trying to take over

www.naoris.com Page 28
 Naoris Protocol

assets, disable functionalities or disrupt 6. Risks

services. Threat agents may also include The application layer is where risks are
entities that are inadvertent entities such as observed. These are generally brought about
smart contract developers who accidentally by threats and threat agents. It includes:
create bugs or designers of blockchain
applications that make mistakes or ignore a. Loss in monetary assets
problems. b. Privacy breaches
c. Loss of reputation
4. Threats d. Service failures
Threats can enable the attack of assets on all
levels. They’re caused by flaws on the internet,
the smart contract and applications that suffer
from consensus protocol deviations, and
breaches in consensus Protocol assumptions.

5. Measures
These measures guard owners from threats
by reducing the possibility of assets becoming
lost, subverted or compromised. These
solutions comprise:

a. security/privacy/safety solutions
b. incentive schemes,
c. reputation techniques, etc.

www.naoris.com Page 29
CyberSecurity Mesh HyperStructure Naoris Protocol

6.2.3 Threats vs Layers - Topography Risks

The following are the Naoris Protocol suggests

threats to this layer: the employment of:

- Hyperstructure based integrity model for

- False data feeds,
privacy preserving-constructs
- Censorship
- Distributed multi-factor authentication
enforcement
- Front running attacks,
- Distributed Integrity management with wallets
- Disruption of the availability of central
components
Application Layer - Redundancy /decentralization
- Privacy and confidentiality
- Distributed reputation systems, etc.
- TEE (Trusted Execution Environment)
manufacturer that is not behaving properly or is
abusing its access/permissions

- Faults in TEE

- Intentional/unintentional/semantic bugs in - Safe language verification

smart contracts
- Smart-contract vulnerability auto-verification
- Risky cryptography constructs such as for
example non-interactive zero knowledge proofs, - Analysis at static/dynamic levels
blinding signatures, ring signatures,
homomorphic encryption and many others that - Formal verification
allow for risks to be present such as
Replicated State Layer compromising the security of data of users and -Distributed Audits
of identities.
- Distributed Definition and enforcement of best
practices and design patterns

- Distributed Zero-knowledge proofs support,

etc.

- Malicious nodes could alter the outcomes of - Incentivized scheme

consensus protocols.
- Strong consistency across nodes, across Verge
- Malicious nodes may be able to take over the Clusters
execution
- Decentralized Mesh of nodes across shard-like
Consensus Layer structures known as Verge Clusters

- Fast finality

- Man-in-the-middle (MITM) attacks - Quality of Availability enforcement for nodes

- Network partitioning - Distributed naming validation using DIVA an

SPOE
- De-anonymization
- Protection of routing
- Constant availability
Network Layer - Protection of anonymity through ZK-Proofs

- Managed encryption standards for Data

protection

www.naoris.com Page 30
CyberSecurity Mesh HyperStructure Naoris Protocol

6.3. Understanding the dPoSec Consensus Mechanism

Blockchain P2P Network

2 The transaction is
transmitted to a P2P network
comprising of computers
4 Consensus Mechanism
known as nodes The participants verify

₿ A Block and validate it

3 The P2P nodes

$ broadcast transactions
and make a Block

1
Node A sends transactions to Node B
as devices initiate transactions to be validated

5
Transaction Identifier

Input Output 7 The consensus protocol

Source Receiver Address Amount
The chain blocks representing confirms the Block valid
Signature Source PubKey Script Receiver PubKey trust and integrity is saved across
Blockchain nodes

Transaction Format

6 The valid Block is sent to

the participants to
B permanently record in the
8 current chain of Blocks
Chain of Blocks
The B node can access the Confirmed Blocks
transaction using its private key

dPoSec Consensus Workflow Overview 8

Consensus Mechanism

Byzantine Fault Proof of Elapsed

Proof of Work (PoW) Proof of Stake (PoS) Proof of Authority Time (PoET)
Tolerance (BFT)

Delegated Proof of Practical Byzantine Proof of

Stake (DPoS) Proof of Bandwidth
Fault Tolerance (pBFT) Authentication (PoAh)

Leased Proof of Delegated Byzantine

Stake (LPoS) Fault Tolerance
(dBFT)

Inheritance dPoSec

8
https://www.sciencedirect.com/science/article/pii/S2096720921000014#fig2

www.naoris.com Page 31
CyberSecurity Mesh HyperStructure Naoris Protocol

The dPoSec Consensus utilizes an innovative traitors, trying to prevent the loyal generals
“rationality clause” mechanism to improve both from reaching an agreement.
security as well as decentralization efficiency
within its consensus design. dPoSec is proposed to 5. The generals must decide on when to attack
be an extension of the Byzantine Fault Tolerance the city, but they need a strong majority of
protocol (BFT) that operates in asynchronous their army to attack at the same time.
mode, where there is no upper bound on when
the response to the request will be received. Its
goal is to solve the many problems associated 6. The generals must have an algorithm to
with already available Byzantine Fault Tolerance guarantee that all loyal generals decide upon
solutions. This new enhanced algorithm being the same plan of action, and a small number
“one solution to many problems”, offers to solve of traitors cannot cause the loyal generals to
the security and efficiency problems that lie with adopt a bad plan.
partially synchronous networks.
7. The loyal generals will all do what the
6.3.1. What is Byzantine Fault Tolerance? algorithm says they should, but the traitors
may do anything they wish.
Byzantine Fault Tolerance (BFT) is the feature
of a distributed network to reach consensus 8. The algorithm must guarantee the condition
(agreement on the same value) even when some regardless of what the traitors do. The loyal
of the nodes in the network fail to respond or generals should not only reach an agreement,
respond with incorrect information. The objective but should agree upon a reasonable plan.
of a BFT mechanism is to safeguard against the
system failures by employing collective decision Byzantine fault tolerance can be achieved if
making (for both correct and faulty nodes) which correctly working nodes in the network reach an
aims to reduce the influence of the faulty nodes. agreement on their values. There can be a default
BFT is derived from the well known Byzantine vote value given to missing messages i.e. we can
Generals’ Problem. assume that the message from a particular node
is ‘faulty’ if the message is not received within
6.4. The Byzantine Generals’ Problem a certain time limit. Furthermore, we can also
assign a default response if the majority of nodes
The problem was explained aptly in a paper respond with a correct value.
by LESLIE LAMPORT, ROBERT SHOSTAK, and
MARSHALL PEASE at Microsoft Research in 1982: Leslie Lamport proved that if we have 3m+1
correctly working processors, a consensus
1. Imagine that several divisions of the Byzantine (agreement on same state) can be reached if at
army are camped outside an enemy city, each most m processors are faulty which means that
division commanded by its own general. strictly more than two-thirds of the total number
of processors should be honest.
2. The generals can communicate with one
another only by messenger. 6.5. Types of Byzantine Failures

3. After observing the enemy, they must decide As stated under the “Impossibility of Distributed
upon a common plan of action. Consensus with One Faulty Process“ - the problem
of reaching agreement among remote processes
4. However, some of the generals may be is one of the most fundamental problems in
distributed computing. A well-known form of the

www.naoris.com Page 32
CyberSecurity Mesh HyperStructure Naoris Protocol

problem is the “transaction commit problem,” 6.6. BFT As A Solution From 10000 Feet
which arises in distributed database systems. The
problem is for all the data manager processes that The applicability and efficiency of consensus
have participated in the processing of a particular protocols are governed by three key properties
transaction to agree on whether to install the (Baliga, 2017).
transaction’s results in the database or to discard
them. The latter action might be necessary, for • Security: A consensus protocol is said to be
example, if some data managers were, for any safe if all nodes produce the same output and
reason, unable to carry out the required transaction the output produced by the nodes is valid
processing. Whatever decision is made, all data according to the rules of the protocol.
managers must make the same decision in order
to preserve the consistency of the database. • Liveness: A consensus protocol is said to be
live if all non-faulty nodes participating in
Reaching the type of agreement needed for consensus eventually produce a value.
the “commit” problem is straightforward if the
participating processes and the network are • Fault tolerance: A consensus protocol is said
completely reliable. However, real systems are to be fault tolerant if it can recover from the
subject to a number of possible faults, such as failure of nodes participating in consensus.

• process crash In simpler terms, liveness guarantees ‘something

• network partitioning, and good eventually happens’ and safety guarantees
• lost, distorted, or duplicated messages ‘something bad does not happen’. Thus safety
and liveness are inseparable properties of fault-
One therefore wants an agreement protocol that tolerant protocols.
is as reliable as possible in the presence of such
faults. According to the protocol, consensus is According to Fischer et al. (1982), in a deterministic
reached on a certain task message and is executed asynchronous consensus system, it is only
consistently. There are many types of errors in possible to have at most two properties among
this process, but they can basically be divided into safety, liveness, and fault-tolerance. Distributed
following categories. consensus protocols compromise on one of the
properties to drive blockchain-based systems for
• Node crash, network failure, packet loss, etc achieving desired goals.
within Non-Malicious Nodes
Considering the errors, a system must always
• Node crash, network failure, packet loss, etc maintain:
due to Malicious Nodes. For example,
1. Security
• Failure to return a result - the validator can 1. Nodes must not produce incorrect results
delay or reject messages in the network, even in the case of errors, and must respond
as per the rules of the protocol.
• Respond with an incorrect result - the
proposer can propose invalid blocks, or 2. Liveness
• Respond with a deliberately misleading 1. All non-faulty nodes must continuously
result - the node can send different generate submissions to produce a value
messages to different peers.
In the worst case, malicious nodes may
cooperate with each other.

www.naoris.com Page 33
CyberSecurity Mesh HyperStructure Naoris Protocol

Pre Prepare Prepare Commit

[Di]

[Co] C01 C01Tx D Di Done

P10 P10Tx PC0 C0op C02 C02Tx [D₀]

P1op P12 P12Tx P0 P0Ip P0’ C03 C03Tx C0 C0Ip C0’ D0 D0i D0’

P13 P13Tx [C1] C10 C10Tx [D₁]

Start PP0op PP1 PP01TX PP1’ P20 P20Tx P1 P1Ip P1’ PC1 C1op C12 C12Tx C1 C1Ip C1’ D1 D1i D1’

PP2 PP02TX PP2’ P2op P21 P21Tx C13 C13Tx [D₂]

PP3 PP03TX PP3’ P23 P23Tx P2 P2Ip P2’ [C2] C01 C01Tx C2 C2Ip C2’ D2 D2i D2’

P30 P30Tx PC2 C2op C02 C02Tx [D₃]

P3op P31 P31Tx P3 P3Ip P3’ C03 C03Tx C3 C3Ip C3’ D3 D3i D3’

P32 P32Tx [C3] C30 C30Tx

u3

u4 PC3 C3op C31 C31Tx

u5 C32 C32Tx

u6

BFT based pBFT Phases Overview

Byzantine Fault Tolerance Protocol (BFT) is a protocol that guarantees the security of distributed systems
regardless if malicious nodes exist within the system. Leslie Lamport proved that when we have 3m+1
correctly working processors, a consensus (agreement on same state) can be reached if at most “m”
processors are faulty which means strictly more than two-thirds of the total number of processors must
always be honest. When you look at the network the acceptance to commit it is situated upon 2f+1 votes,
where “f” is the number of malicious processors and the total number of processors plus leader makes it
“3f+1” in the network.

Generation 3 Hyperstructure, Multi-Chain, Cybersecurity, Scalability, AI

Generation 2 Sidechain, Data Exchange, Bridges, Onchain and O cain Solutions

Generation 1 Consensus, Smart Contract, Trustless Network

Generation 0 Network, Transportation, Storage, Discoveries

6.6.1. Consensus for a HyperStructure of Cyber- as a CyberSecurity solution for other systems
trust and infrastructures. It can scale by delegating
Cyber-Risk related responsibilities and telemetry
dPoSec is a uniquely Cyber-Risk-Aware to itself, working with, and in parallel with
consensus mechanism that is used within the the operational processes available within its
Naoris HyperStructure, including an add-on list deployed Web2 or Web3 environments.
of advantages. To meet consensus as a Generation
3 solution, it focuses towards enhancing the This part of the paper presents why dPoSec
potential of the blockchain to be more efficient can be a Generation 3 implementation. dPoSec
and to operate under fully decentralised at its core focuses on its major use case, under
CyberSecurity rules, that can also be optimised the HyperStructure`s ethos. With the highest

www.naoris.com Page 34
CyberSecurity Mesh HyperStructure Naoris Protocol

resistance possible in mind, it is unstoppable

and will be in operation for as long as the • CyberSecurity based upon trusted nodes
underlying blockchain is in existence and there where one node validate other nodes for
are participants. There is a minimally extractive secured communication and processing
principle in order to maintain operations and
rewards with maximum benefits - the larger the • AI based insights based upon privacy-by-
number of participants and Verge Clusters the design architecture
higher its resilience and speed. There are also
built-in incentives for those who participate in • Enhanced and efficient data block submission
it as well. along with scalability and minimally extractive
cost or possibilities to run with a zero-fee
It is universally available and resistant to cost
censorship, in other words, no participant can
be blocked from creating or participating in a • Extended to authenticate bad smart contract
public VergeCluster. It is user-agnostic, platform design and vulnerabilities prior to switching
agnostic and use case agnostic, and finally, it live. Offering assistance to repair vulnerable
adds to a positive summation as it creates a smart contract by 95.5% with correction ratio
win-win environment for the participants in of about 93.32%
terms of the benefits they extract and provide,
and from the same distributed infrastructure of • Extended support of WASM for smart contract
infrastructures.

In the face of Byzantine adversaries, such an

approach is highly resilient, this concurrent nature
allows the attainment of speedy throughput and
is highly scalable while leadership-free. Internal
Verge Cluster rules and standards can be modified
through voting.

6.6.2. Consensus Overview

6.6.2.1 Distributed Proof of Security (dPoSec)

dPoSec is targeted to communicate within

‘secured mode’, to reduce the overall complexity
of the blockchain network during communication
and provide improved efficiency for block
production. Scaling itself towards a Phase-3
solution it additionally offers:

• Unstoppable network

• Permissionless network
Validator
• Valuable network
Overview of a sample network context under the Naoris Protocol

• Credibly neutral

www.naoris.com Page 35
CyberSecurity Mesh HyperStructure Naoris Protocol

Validators are nodes jointly selected by all blockchain. They are part of the Verge Cluster
$NAORIS holders to maintain and develop the deployment and perform periodic executions
dPoSec network. The majority of nodes with to verify the existence of invalid or fraudulent
the most votes will become alternative nodes, blocks on the basis of the block header
from which a core of validators will be randomly received from full-nodes. They are eligible to
selected to participate in the management of the receive additional distribution bonuses.
entire dPoSec network. The responsibilities of a
validator are: 6.6.2.3. dPoSec Protection Layer

1. Maintaining node and the network operations Denial of Service for a Leader
2. Produce and validate blocks
3. Proposal voting and decision-making dPoSec is a protocol that has been extended from
the baseline of BFT consensus. BFT protocols
Minimum staking of a set amount of $NAORIS don’t assume or detect the presence of any risky
tokens are required for a staking account, locked or malicious devices, whose aim is to derail the
or unlocked. If the actual stake is less than the protocol. This vulnerability, being exploited,
minimum staking amount due to penalties or any can result in a situation where a leader in the
other reason the node will disappear from the round could be affected because its leadership is
listing of possible node candidates. There are publicly known prior to the start of the round,
also checks that entail the enforcement of the causing a DoS on the Leader. dPoSec aims to
availability of recommended hardware levels, protect against attacks like this using Verifiable
software and infrastructure requirements for the Random Functions (VRF) and instantly publishes
node. a block candidate following the publishing of the
information.
6.6.2.2. Types of Validators
Selfish Mining
• Potential Validators
This validator group creates a pool of potential An adversary tries to create a secret chain that
candidates, i.e., the ones who will receive becomes visible to the public only when the
the most votes are potential validators. honest chain is “catching up with” the secret
They participate in the validator selection one. The longest-chain rule causes honest block
process and are eligible to receive additional producers to be included on the chain that is
distribution bonuses. associated with the attackers and invalidate
the genuine chain, thus reducing the power of
• Validator their consensus capability. dPoSec suggests an
The system randomly selects a number of automatic protection scheme against all these
validators from the potential validator groups attempts since the protocol’s core is based on
and allows them to participate in consensus a motivation based scheme. It follows the fork-
rounds. Prior to a block’s finalization, they choice rule that uses pseudo-random partial
must be approved by a group of chosen assistance for POS instead of POW.
validators.
Feather Forking and Bribery Attacks
• High Security Nodes
The node holds a very low capacity of With feather-forking, adversaries attempt to
blockchain data management, unlike full influence block producers’ behavior by inflicting
nodes, and is responsible only to verify the threats to harm their earning capability or by

www.naoris.com Page 36
CyberSecurity Mesh HyperStructure Naoris Protocol

executing bribery attacks in which adversaries Zero-Knowledge Proofs and Mitigation of

provide specific rewards to block producers “Front-Running” Related Issues
directly to allow attacks such as double-spending.
dPoSec does not support POW to avoid and prevent Zero-knowledge protocols enable the transfer
any such threats. In addition, dPoSec maintains a of information and proofs throughout the peer-
close eye on the network for attempted attacks, to-peer blockchain network in a manner that is
and provides the possibility of providing rewards completely private and reveals only what needs
to other participants who report any such to be revealed when it comes to proof without
behavior and, at the same time, punishing such providing any additional information about the
chains immediately while mitigating side channel sender or set context. For instance one party
attacks with stake slashing. - the prover - proves to some other party -
the verifier that they understand the value X,
Posterior Corruption without conveying any additional information
independent of the fact that they understand the
Posterior corruption, the attacker is required value.
to take/steal private keys from a majority of
possible “retired” consensus nodes and then In normal blockchain transactions when an asset
run the consensus protocol, writing a new is transferred from one party in the network to
timeline of blockchain. The dPoSec incentive another party, specifics of the transaction are
program, along with the evolving algorithm for known to all other parties within the network. In
cryptography, secure digital signatures with a transaction that is with zero-knowledge all the
forward-looking technology and the ability to other participants only have the knowledge that a
implement irreversible checkpoints after an valid transaction occurred and nothing else about
arbitrary amount of blocks, renders the network the sender or recipient assets, class of asset and
secure from an attack of this kind. other information. If proving a statement requires
that the prover possess some secret information,
dPosec is also able to protect against a variety then the verifier will not be able to prove the
of other blockchain attacks such as lie-in wait, statement to anyone else without possessing the
block withholding, specific pool attacks, etc. secret information. The statement being proved
must include the assertion that the prover has
Transaction Integrity Protection such knowledge, but not the knowledge itself.

In most of the blockchain stack available, dPoSec uses decentralized privacy-preserving

transactions containing plain-text data are techniques based upon layered encryption along-
digitally signed by private keys of users, enabling with signature verification and zero-knowledge
anybody to verify the validity of transactions with proofs. The Protocol is extended with trusted
the corresponding public keys. However, such an secure multiparty computations to preserve
approach provides only pseudonymous identities privacy and confidentiality.
that can be traced to real IP addresses (and some-
times to identities) by a network-eavesdropping
adversary, that can after some degree of effort
have a really high probability of guessing the
identity of the participant successfully, and
moreover, it does not ensure the confidentiality
of data.

www.naoris.com Page 37
CyberSecurity Mesh HyperStructure Naoris Protocol

6.6.2.4. dPoSec and Verge Clusters

First, a block that is derived from a Verge Clusters’ potential validator, has been proven to be distributed
to at least 51% of potential validators within the VergeCluster.

From these potential validators within the Verge Cluster, an undetermined set of potential validators are
selected as chosen validators. The chosen validators then have the option of responding to the core block
by raising a “rationality clause” or continue to operate as normal.

NODES NODES

Every Device Protects

Each Other

Every Device Protects

Each Other

dPoSec dPoSec

Verge Cluster Nodes Verge Cluster Nodes

Distributed Consensus Overview within a Verge Cluster

If there are no rationality clauses raised by In an extreme case, if a chosen validator appears
any chosen validator, then the block is deemed faulty or tries to participate along with other
to be completed and the hash is stored in the nodes to influence the whole network, the
blockchain. submission will not be attended to.
There is a distinct set of potential validators that
The submitted block is later re-verified by are not part of the Verge Cluster, that are required
High Secured Nodes and an extra validity check to attain a complete Byzantine fault-tolerant
associated with the submission is performed, consensus, that is 51% in order to complete the
alongside the assurance that it was submitted block.
from trusted validators only.
This significantly improves security since the
In an extreme case, if only one chosen validator single chosen validator who is honest, or deemed
is able to raise a threat risk then other validators to not be subverted or otherwise tampered with,
in Verge Clusters initiate an entire consensus is able to block an attack by any of the fraudulent
process that involves all potential validators for potential validators.
this Verge Cluster.

www.naoris.com Page 38
CyberSecurity Mesh HyperStructure Naoris Protocol

As an added assurance layer in the context of

risk mitigation, this can also be defined as a 1
hyper-resilient layer of security, because all
chosen validators are randomly selected, a
potential threat actor would have to successfully
Proof of
compromise all nodes, as the chosen validator Availability
pool is not known before each consensus
cycle, therefore complexity and obfuscation of 5 Distributed 2
Assurance of
potential validators is crucial and used as a de- Integrity
facto resilience and defense mechanism. The fact Proof of
Stake
is that only those who validate at every core cycle
are aware of who the chosen validators are for
that cycle, and will change again in the next cycle. Distributed
Assurance of
Evidence
Proof of
Equality
It’s virtually impossible for malicious nodes to
coordinate attacks between chosen validators
4 3
and potential validators. In order for an attack
to be successful with full assurance of outcome,
dPoSec Distributed Consensus Overview of its various parts
all potential validators would be required to be
malicious, since chosen validators are randomly
chosen at each consensus cycle from a collection
The Various Parts of dPoSec are as Follows:
of subsets of potential validators.

• dPoSec includes “Proof of Availability” that

This fault tolerance is high enough to allow blocks
helps to establish trust based upon the number
to complete quickly, since there isn’t any rational
of milliseconds/seconds/hours/days that the
strategy to deliberately issue a wrong block.
device is available to submit blocks and the
quality of its connection and system stability.
The traditional PoS as well as PoW consensus
mechanisms require that you employ long chain
• dPoSec includes “Distributed Assurance
rules in order to get to the point of finality.
of Integrity” to ensure under consensus
that integrity and trust in key processes
This is because there is a chance that a block
are maintained, this also ensures that
issued is fraudulent or in error. However, this
communications are happening from devices
is not the case with Naoris Protocol because of
that are safe and secure. The devices remain
its incredibly high level of fault tolerance and
under contentious monitoring and act as passive-
baseline resistance to subversion or tampering.
active/server-client watchdogs to meet the
defined standards of a specific VergeCluster.
This means that blocks are generated rapidly by
every core of Verge Clusters simultaneously, while
• dPoSec includes “Distributed Assurance of
being checked by randomly selected validators
Evidence” that proves trust during participation
from each potential validator pool of the Verge
by exchanging additional information (known as
Cluster sphere. This produces an impressive
detective evidence) during communication or
speed
validations.

www.naoris.com Page 39
CyberSecurity Mesh HyperStructure Naoris Protocol

• dPoSec also inherits features from “Proof of potential validators, Naoris has developed its
Stake” to manage rewards. own system for the aggregation of stakes in
To avoid such trust-related-threats, community pools.
possibilities such as an uneven majority of
the tokens being in the hands of only a few This combination of features is known as DRAPF.
participants/validators, and the possible Naoris Protocol is the very first environment
creation of an alternate blockchain history to introduce a system of community-based
controlled by only a small number of private potential validators for a critical use case such as
keys. CyberSecurity.

• dPoSec includes “Proof of Equality’’, to They allow different entities to pool their efforts
distribute equal participation rights to earn and $NAORIS tokens for the purpose of becoming
rewards and spread the range of acquisition of potential validators on their own for their own
potential validators across the Verge Cluster VergeCluster.
tree through Distributed Resilient Potential
Validator Class (DRAPF). This method of simplifying Verge Cluster creation
and distributing an ever-changing potential
6.7. Distributed Resilient Potential Validator validator class, spread around various use cases
Class (DRPVC) like security validation level complexity, use case
or geography for example, allows an even greater
Naoris implements what we call the Distributed number of people to be potential validators which
Resilient Potential Validator Class, they are will undoubtedly result in a greater Distributed
validator groups that exist in a continuous Resilience from a set of potential validators.
validation stream or groups of validation streams,
without epochs. This increases decentralization which means
there’s no dependence on a tiny group of potential
This means that potential validators are able to validators - it also increases security, as potential
move into and out of the validation stream or validators have different rules/use-cases and
class at any point without epochs and with no can’t easily collaborate or be forced into collusion
resulting security risk. by a threat actor.

Alongside the continuously changing sets of

www.naoris.com Page 40
CyberSecurity Mesh HyperStructure Naoris Protocol

Verge Clusters

Naoris networking view with a plethora of connected verge clusters and their separate meshes

A class or group that has potential validator points

is known as a potential validator class.
NORMAL
$NAORIS $NAORIS SYSTEM
VALIDATION
Potential validator classes are made up of various OVER TIME

nodes from different validation streams and

Verge Clusters. This stops untrue or fraudulent
behaviour from becoming a pattern along with
ensuring the baseline trust at the user level,
OS-level and service level that would otherwise REWARD IN THE WALLET
create a plethora of risks for the overarching = $NAORIS TOKEN

trust network.

A distributed potential validator set (DRPVC) is

the method by which Naoris can provide safer
$NAORIS $NAORIS
and speedier verification of transactions within BREACH
DETECTED
its blockchain, at the highest criticality levels and
most highly regulated and critical use cases.

MULTIPLE $NAORIS
IN THE WALLET

$NAORIS Network rewards overview upon dPoSec consensus

www.naoris.com Page 41
CyberSecurity Mesh HyperStructure Naoris Protocol

6.7.1. Powering a Tokenized Machine Economy Users of the Naoris platform can include companies,
for Distributed CyberSecurity with the $NAORIS networks, and individuals that endeavour to create
Token and maintain their own Verge Cluster for their own
use case and cyber-criticality level.
With dPoSec we are working to create an alternative,
which is more secure, efficient, transparent, inclusive, Nodes:
scalable and equitable for everyone.
1. Full Node
dPoSec is based upon Validators and Potential
Validators with extended pBFT + POS consensus 2. Potential Validators
that can support near-zero fees. dPoSec is EVM- Naoris token holders who want to participate
compatible. in the production of the block, must commit
to lock a certain number of tokens into
6.7.2. The Ecosystem the staking contract and become potential
validators. Networks can have unlimited
There are two key roles in the Naoris ecosystem: potential validators and are liable to gain
additional bonus scheme benefits, must qualify
• Users who subscribe to the platform’s to be among the most stable systems on the
CyberSecurity services, and Validating nodes network to qualify. Ranking will be managed
who validate work on the system. via an inbuilt trifecta Trust VS Availability VS
Standardization ranking engine.
The platform’s advanced encryption techniques at
its core-tier ensure the safe and secure processing 3. Validator
and storage of critical, or sensitive metadata. The Among the qualified nodes, the system
mechanics of the platform work the same way in each randomly selects a subset as consensus
tier, but with additional security precautions. round validators, their count is dependent
on the overall network of network size and
The Naoris approach is very scalable, and capable of is dynamic, it is supported by an algorithmic
serving highly complex systems. That makes it a great
random function. Validators on the network
fit for CyberSecurity-sensitive clients like enterprise,
receive block rewards for the work they do
highly regulated or critical systems, governance
to secure the network, which bootstraps
structures, defense infrastructure or hybrid hosting
engagement by giving them an intrinsically
services, on premise or cloud.
valuable stake in the platform and a vested
interest in keeping it secure.
Highest
Security
4. High Security Nodes
High Security nodes check validity of blocks,
and will generally share a portion of the
reward for their work.
Basic
Security 5. Light Nodes
They are light nodes used to identify/validate
block submission.

Levels of validation standards across the protocol

www.naoris.com Page 42
CyberSecurity Mesh HyperStructure Naoris Protocol

Staking Across the world in various ecosystems we can observe

that these organisms work together as a collective to
To become a qualified potential validator, high security solve problems and make decisions that surpass and
node or validator you need to stake a predefined are more efficient than individual organisms. The
amount of $NAORIS. name given to this in science is Swarm Intelligence.

6.7.3. Consensus Rewards On the other hand, we humans don’t have the natural
connections that other organisms have to ensure
After the successful commitment of a block, a close and fast feedback-loops between them. These
protocol-defined amount of new tokens are going organisms have natural abilities to detect anomalies
to be rewarded to all or any validators who signed in their environment such as high speed vibrations
the block in proportion for their voting shares. The (bees) or tremors in the water around them (fish). We
transaction fees are rewarded to validators similarly humans can now utilize modern real-time and high
as well. speed networking technology to ensure close and
fast feedback-loops between us and not only locally,
6.7.4. Stake Slashing we can do it globally too.

For any misbehavior that is detected by the network, We at Naoris are working to develop Swarm AI
a specific quantity of tokens staked will be slashed. technology that will allow the AI on each device
For instance, if an individual fails to finish his/her to communicate in real-time with each other in
consensus procedure and initiates the leader change whatever environment they are and wherever they
process the staked tokens will be reduced. are to assess new and existing threats. The integrated
solution self-learns and trains itself for precise and
If validated users are found to have signed a effective decision making.
fraudulent block, then each vote of their stakes under
that specific Verge Cluster is slashed. This is a severe Swarm Advantages
penalty put in place to discourage any fraudulent
1. Millions of AIs, one single emergent intelligence
conduct and ensure that the network is as secure as
2. Large quantity of AIs is essential
possible.
3. AIs interacting with each other locally
4. AIs follow simple rules
Proof of misconduct could be two blocks signed by
5. Decentralized approach
the same validator which conflict. Anyone can submit
6. Extremely adaptive
a transaction in order to prove that another validator
7. Emergence of intelligent, collective, self-organized,
has been misbehaving and if the proof is confirmed
global behavior
the slashed token will be awarded to provers.
8. Randomness enables the continuous exploration of
the alternatives
6.7.5. Naoris Distributed AI Enabled Intelligence
9. Efficient and fast resolution
10. Help with continuous monitoring and learning
“Swarm intelligence is the collective behavior of
from “critical mass” to hold control over the risk.
decentralized, self-organized systems, natural or
11. Robust - Tasks are completed even if some AIs fail
artificial”.
12. Scalable - From a few to millions
13. Decentralized - There is no central control
It all goes back to nature and biology where
14. Parallelism - AIs operations are innately parallel
organisms like ants, bees, birds, fish and many others
15. Adaptation - The system continuously adjusts to
form swarms, colonies, flocks, etc… to amplify their
stimuli (new or not)
collective intelligence.

www.naoris.com Page 43
White Paper Naoris Protocol

7.0. Acknowledgements A special word of gratitude is due to Scott MacAndrew

from Holt / Cypher and Brendan Holt Dunn from the
Holdun Family Office, for showing confidence in our
This White Paper is based on concurrent and
work at key junctures and for their steadfast support
recursive research in the areas of CyberSecurity and
from the outset. To Brian MacMahon from the Expert
blockchain around the capability and promise for a
Dojo Accelerator for his advice and support, to Oliver
completely novel Web3-based technique, employing
Schwabe we would like to extend our thanks for our
HyperStructure principles to solve key hard problems
partnership on European projects and Smart Cities
within our global digital systems.
Initiatives in the area of Decentralized CyberSecurity
Meshes and Protocols. We thank you all for working
Taking place over the last seven years, with
with us through the long process of evolving the
conclusions and methods put into practice over the
protocol concept, and for your friendship and help.
last two years, we are immensely grateful to our
friends and colleagues for encouraging us to start,
A special thanks to the dozens of mentors from key
persevere, and finally publish this work.
industry spaces across the world-class accelerators
we were finalists in, from the US, Canada, Chile,
From the UK, we thank Guy Davies from the Brixton
Austria, Portugal, and South Korea.
Pound for his input with this whitepaper, Jane
Frankland from ‘IN Security Movement’, Richard
From Norway our thanks go to Svein Erik for
Baylie and Ali Jooyand from OCS Group leadership
accompanying and supporting the project since
and security teams, Ninva Ponsonby for her help and
the very beginning as a colleague and friend, Knut
support, and many others for the enterprise level
Grandhagen from the Norwegian Armed Forces Cyber
backing, academic level thought leadership support
Defense for his long standing support and belief in
and ongoing honest friendships.
our project, and Firoz Shroff for his unique insights,
lateral thinking and mentorship in business.
From India, we are grateful to our friends and team
members who never stopped challenging us to do
We would like to dedicate the successful culmination
more, aim higher and when faced with tough tasks,
of the first milestone of this momentous effort to the
showed courage and the amazing capability to think
memory of our friend and mentor, Kjell Grandhagen,
laterally, solving the most complicated issues and use
the former Chairman of NATO/OTAN Intelligence
cases that an unusual innovation project like ours
Committee. Kjell’s approachability, inspiration,
presents. We would like to extend our best regards
foresight and vision around the fundamental need
and respect to their work and dedication in helping
for the decentralization of CyberSecurity principles
us develop our ideas further.
within the highest areas of criticality in society
and beyond, helped inspire the whole project. His
In the US and Brazil, we thank colleagues Jim Tousif
unwavering stance on key principles for society and
for his unyielding perseverance and friendship, Elena
geopolitical initiatives gave us the confidence to
Gaudette from Cisco Cloud Security for her visionary
shape the path forward since the very first test phase,
support since the very beginning, Bruno Ahualli for
aligning his support in both the media and other key
the deep strategic input and Michel Turtchin for
opinion pieces.
adding his artistic skills to the project.

Finally, we would like to acknowledge with gratitude,

From Portugal we would like to extend our gratitude
the support and love of our
to Monika Oravcova who has been a fundamental
Families - they have all kept us going, and this project
pillar to the project since its idea phase, leading
would not have been possible without them.
our path through the world`s best accelerators and
events; Nuno Almeida from the Instituto Superior
Técnico University for his partnership and principle-
centered guiding force, and to João Ferreira Santos
for his energetic legal and compliance guidance.

www.naoris.com Page 44
White Paper Naoris Protocol

8.0. Disclaimer

THIS PAPER HAS BEEN DRAFTED AS A NON-BINDING THOUGHT PIECE REGARDING A POTENTIAL
FUTURE PROJECT INVOLVING $NAORIS TOKENS. PLEASE NOTE THAT $NAORIS TOKENS HAVE YET TO
BE DEVELOPED, AND THEIR FUNCTIONALITY MAY DIFFER, AND BE COMPLETELY DIFFERENT FROM,
THAT SET OUT IN THIS PAPER. ANY POTENTIAL ACQUISITION OF $NAORIS TOKENS WILL BE ON THE
TERMS OF A SEPARATE AGREEMENT, AND THEY ARE PROVIDED SOLELY ON THE TERMS OF THAT
AGREEMENT. NOTHING IN THIS WHITEPAPER SHOULD BE READ AS CREATING ANY OBLIGATION OR
EXPECTATION, EXPRESS OR IMPLIED, AS REGARDING HOW $NAORIS TOKENS SHOULD OPERATE OR
FUNCTION. PLEASE NOTE THAT CAPITAL IS AT RISK IF YOU MAKE ANY ACQUISITION OF $NAORIS
TOKENS. IF ANY PERSON IN RECEIPT OF THIS PAPER IS IN ANY DOUBT ABOUT WHETHER OR NOT AN
ACQUISITION OF $NAORIS TOKENS IS COMPATIBLE WITH THEIR INDIVIDUAL CIRCUMSTANCES OR
NEEDS THEY SHOULD SEEK PROFESSIONAL ADVICE PRIOR TO MAKING AN ACQUISITION

www.naoris.com Page 45
White Paper Naoris Protocol

Cybersecurity Mesh Hyperstructure

for the Digital World

Version: 1.02.04

www.naoris.com Page 46