Adaptive Hybrid Consensus Engine for V2X Blockchain: Real-Time Entropy-Driven Control for High Energy Efficiency and Sub-100 ms Latency

Abstract

We present an adaptive governance engine for blockchain-enabled Vehicular Ad Hoc Networks (VANETs) that regulates the latency–energy–coherence trade-off under rapid topology changes. The core contribution is an Ideal Information Cycle (an operational abstraction of information injection/validation) and a modular VANET Engine implemented as a real-time control loop in NS-3.35. At runtime, the Engine monitors normalized Shannon entropies—informational entropy S over active transactions and spatial entropy $H_{\mathrm{spatial}}$ over occupancy bins (both on $[0,1]$)—and adapts the consensus mode (latency-feasible PoW versus signature/quorum-based modes such as PoS/FBA) together with rigor parameters via calibrated policy maps. Governance is formulated as a constrained operational objective that trades per-block resource expenditure (radio + cryptography) against a Quality-of-Information (QoI) proxy derived from delay/error tiers, while maintaining timeliness and ledger-coherence pressure. Cryptographic cost is traced through counted operations, $E_{\mathrm{crypto}}=e_h{n}_{\mathrm{hash}}+e_{\mathrm{sig}}{n}_{\mathrm{sig}}$, and coherence is tracked using the LCP-normalized definition $D_{\mathrm{ledger}}\left(t\right)$ computed from the longest common prefix (LCP) length across nodes. We evaluate the framework under urban/highway mobility, scheduled partitions, and bounded adversarial stressors (Sybil identities and Byzantine proposers), using 600 s runs with 30 matched random seeds per configuration and 95% bias-corrected and accelerated (BCa) bootstrap confidence intervals. In high-disorder regimes ($S\gtrsim 0.8$), the Engine reduces total per-block energy (radio + cryptography) by more than 90% relative to a fixed-parameter PoW baseline tuned to the same agreement latency target. A consensus-first triggering policy further lowers agreement latency and improves throughput compared with broadcast-first baselines. In the emphasized urban setting under high mobility ($v=30$ m/s), the Engine keeps agreement/commit latency in the sub-100 ms range while maintaining finality typically within sub-150 ms ranges, bounds orphaning (≤10%), and reduces average ledger divergence below $0.07$ at high spatial disorder. The main evaluation is limited to $N\le 100$ vehicles under full PHY/MAC fidelity. PoW targets are intentionally latency-feasible and are not intended to provide cryptocurrency-grade majority-hash security; operational security assumptions and mode transition safeguards are discussed in the manuscript.

1. Introduction

Vehicular Ad Hoc Networks (VANETs) enable time-critical vehicle-to-vehicle and vehicle-to-infrastructure communication to enhance road safety, optimize traffic flows, and support cooperative services [1,2]. However, high mobility, rapidly changing topologies, intermittent connectivity, and short-lived communication windows make integrity, availability, and timely agreement difficult to achieve in practice [3,4]. In this setting, the core systems challenge is not only which consensus algorithm to use, but governance: deciding when and how strongly to validate and commit information under strict V2X freshness constraints and mobility-driven fragmentation.

Blockchain-style ledgers have been proposed to improve auditability, integrity, and coordination in VANETs, yet most prior work focuses on isolated objectives: fixed-parameter consensus performance [5,6], entropy-inspired indicators without closed-loop control [7], or single-algorithm evaluations under restricted conditions [8]. What remains missing is a unified operational framework that (i) makes injection–validation dynamics explicit under deadlines, (ii) measures spatial dispersion in real time (a key driver of partitions, forks, and coherence loss), and (iii) adapts the consensus regime and validation rigor to instantaneous disorder rather than relying on fixed baselines.

• Ideal Information Cycle (operational abstraction).

We model VANET ledger governance as a control loop with two antagonistic legs: (i) message/transaction injection, which increases informational disorder, and (ii) consensus validation, which consumes resources to compress disorder and improve an operational Quality-of-Information (QoI) proxy. Injection tends to increase informational entropy S and is exacerbated by topology fragmentation captured by spatial entropy $H_{\mathrm{spatial}}$, whereas validation acts as the “work” leg that filters stale/invalid microstates and stabilizes convergence under deadlines. The Ideal Information Cycle (Figure 1) is used strictly as an operational governance abstraction—not as a claim of physical thermodynamic equivalence—and motivates monotonicity/stability constraints imposed during policy-map calibration.

• Adaptive VANET Engine (overview).

Building on this abstraction, we introduce a decentralized, cluster-local VANET Engine (e.g., per intersection/segment/connected subgraph) implemented as a real-time control loop in NS-3.35 [9]. The Engine monitors normalized Shannon entropies, informational entropy S over active transactions and spatial entropy $H_{\mathrm{spatial}}$ over occupancy bins (both normalized to $[0,1]$), and adapts (a) the consensus mode (latency-feasible PoW vs. signature/quorum-based modes such as PoS/FBA) and (b) key rigor parameters via calibrated policy maps. Governance is formulated as a constrained operational objective trading per-block resource expenditure (radio + cryptography) against a QoI proxy derived from delay/error tiers, subject to latency and ledger-coherence pressure (formal statement in Section 3.6). To implement this objective, the Engine applies

$$D=g(S,H_{\mathrm{spatial}}),T=f(S,H_{\mathrm{spatial}}),$$

where D denotes a PoW target register (256-bit scale) and T a dimensionless stake/quorum rigor threshold anchored by $T_0$; both maps are learned via constrained policy approximation with cross-validation and stability constraints (Section 3.5.5).

• Scope and security envelope (operational, not cryptocurrency-grade).

Our claims are limited to operational security and performance for V2X-oriented ledgers under mobility and churn, with full PHY/MAC fidelity up to $N\le 100$ vehicles. Entropy is used strictly as a measurable governance signal (not a physical quantity). Signature/quorum-based modes (PoS/DPoS/FBA) are interpreted in a permissioned/consortium sense (configured validator sets/quorum slices), consistent with realistic deployments involving RSUs and credentialing. PoW targets are intentionally latency-feasible to respect freshness constraints and therefore do not provide cryptocurrency-grade majority-hash security; security implications and mode-transition safeguards (including entropy manipulation) are discussed in Section 4.

• Research hypotheses.

To match the empirical tests in Section 6, we evaluate the following hypotheses using matched-seed contrasts:

H1: 

In latency-feasible regimes, PoW cryptographic energy per block increases with informational entropy S, while signature/quorum-based modes are more weakly coupled to S.

H2: 

A consensus-first (CF) policy (validate immediately when $S>S_{\mathrm{th}}$) reduces agreement/commit latency (time from consensus trigger to block commit) and packet overhead and increases throughput relative to broadcast-first (BF) baselines with dwell $\tau$.

H3: 

Increasing spatial disorder ($H_{\mathrm{spatial}}$) degrades timeliness and validation accuracy under static settings; the adaptive Engine mitigates this degradation by tightening rigor where dispersion is highest.

H4: 

Increasing mobility (speed v) increases orphan/fork rates and finality latency (time to irreversible confirmation) under static schemes; the adaptive Engine limits these increases via entropy-driven mode/parameter updates.

H5: 

Under high spatial disorder, the adaptive Engine reduces ledger divergence relative to static baselines.

• Validation overview.

We implement the Engine across urban and highway settings with 30 matched random seeds per configuration and 600 s runs (unless otherwise stated), evaluating scenarios up to $N\le 100$ vehicles under full PHY/MAC fidelity. We include scheduled partitions (controlled k-cut disconnections) and bounded adversarial stressors (Sybil-like pseudonyms, Byzantine proposers, and eclipse windows) as sensitivity analyses; parameters and definitions are reported where used (Section 5 and Section 3.5.5). All references to $D_{\mathrm{ledger}}\left(t\right)$ use the same LCP-normalized longest common prefix definition in Section 3.1; binning/aggregation and confidence intervals follow that definition consistently. The exact definition used for all curves and statistics is given in Section Ledger Coherence and Fork/Orphan Detection (and reiterated in Appendix A for completeness). Reproducibility artifacts (scenario drivers, seed lists, configuration files, and plotting scripts) are released in the public repository snapshot described in Section 5.6.

• Main contributions.

• Control-inspired injection–validation abstraction. An Ideal Information Cycle providing a consistent operational interpretation of injection, validation effort, and QoI under V2X deadline constraints.
• Entropy-aware decentralized governance loop. A modular VANET Engine that monitors normalized entropies $(S,H_{\mathrm{spatial}})$ and adapts consensus regimes and rigor parameters in real time.
• Stability-constrained policy maps for hybrid consensus. Cross-validated mappings $D=g(S,H_{\mathrm{spatial}})$ and $T=f(S,H_{\mathrm{spatial}})$ learned under monotonicity and Lipschitz stability constraints to avoid brittle fixed-parameter hybrids.
• Prototype and evaluation under mobility and stressors. An NS-3 implementation with 30 matched seeds and bootstrap confidence intervals, reporting latency, per-block energy, throughput, finality, and coherence under mobility, partitions, and bounded adversarial stressors.

2. Related Work and Fundamental Principles

This section surveys blockchain–VANET (IoV/V2X) integration under mobility and churn, summarizes consensus choices commonly proposed for vehicular settings, and distills the security/latency pressures that motivate a lightweight governance layer. We then position our use of normalized Shannon entropies as operational observables for closed-loop adaptation. Formal objectives and structural properties are given in Section 3.6, and implementation/instrumentation details are in Section 5 and Section 5.5.

2.1. Blockchain in VANETs/IoV: Overview and Limitations

A growing body of work leverages blockchain to support secure data transactions, auditability, and accountability in vehicular and vehicular IoT settings, often complemented with smart contracts for authorization, conditional data sharing, and compliance workflows across heterogeneous stakeholders (vehicles, RSUs, authorities, and service providers). Surveys consistently report, however, that many blockchain-for-IoV proposals optimize a single axis (e.g., security, throughput, or latency) under fixed consensus parameters and relatively stable validator assumptions, which break down under VANET churn, mobility-driven partitions, and fast role changes. The practical gap is therefore not the availability of blockchain primitives, but the lack of a closed-loop governance layer that (i) monitors disorder observables in real time—including spatial dispersion—and (ii) adapts the consensus mode and rigor under V2X deadlines with explicit latency/energy accounting.

Table 1. Comparison of related works in VANET blockchain consensus and their limitations regarding adaptive control.

Work	Method	Summary	Limitations (Gap Analysis)
Sharma et al. (2017) [10]	PoW Arch.	Early distributed architecture (Block-VN) for smart cities.	Static parameters; no closed-loop adaptation; limited energy governance.
Ferdowsi et al. (2018) [11]	Entropy Ind.	Uses entropy to reason about IoT security conditions.	Passive indicators; not embedded in a runtime control loop.
Ning et al. (2019) [12]	Trust Valid.	Infrastructure-assisted validation for traffic events.	Assumes stable infra; lacks latency–energy trade-off mechanisms.
Ma et al. (2020) [8]	Key Mgmt.	Decentralized key management in specific scenarios.	Focuses on keys, not consensus; no entropy-conditioned rigor.
Tang et al. (2024) [13]	Dyn. BFT	Improved BFT mechanism with dynamic view changes.	Relies on fixed thresholds; lacks continuous entropy adaptation.
AlMarshoud et al. (2024) [14]	Trust Survey	Review of decentralized trust management architectures.	Focuses on frameworks rather than operational control parameters.
Bitok et al. (2025) [15]	Syst. Review	Synthesis of IoV consensus mechanisms and evaluation.	Identifies gaps but does not propose an adaptive engine implementation.

summarizes representative directions and highlights limitations most salient for state-driven governance under mobility and churn.

2.2. Hierarchical Blockchain Frameworks for IoT/IoV Authentication (Context)

Hierarchical and multi-tier blockchain architectures are widely used to scale authentication and trust management in resource-constrained IoT/IoV settings. Prior work organizes devices into clusters/regions anchored by higher-tier ledgers to reduce per-node burden and to support cross-domain authentication and data sharing [16,17,18,19]. These frameworks motivate a natural deployment path for our VANET Engine: the entropy-driven controller can operate at the edge/cluster tier (e.g., roadside or region-level committees) while periodically anchoring summaries to an upper-tier chain, thereby preserving low-latency local finality with scalable global auditability.

2.3. Consensus Mechanisms for VANETs and Adaptive Baselines

Consensus under VANET dynamics faces a structural tension: stronger integrity mechanisms typically increase coordination and cryptographic work, while mobility degrades quorum formation and block propagation, amplifying forks and delayed confirmations. Since concrete outcomes depend on parameterization, network load, PHY/MAC contention, validator availability, and target latency, we report scaling forms and regime-level considerations (rather than fixed constants) in

Table 2. Consensus mechanisms in VANET contexts (indicative scaling). Concrete values depend on parameterization, quorum size, and network conditions.

Mech.	Crypto Energy (Scaling)	Agreement/Finality	VANET Challenge (Refs.)
PoW	$E_{\mathrm{PoW}}\approx e_h\mathbb{E}\left[n_{\mathrm{hash}}\right]$; $\mathbb{E}\left[n_{\mathrm{hash}}\right]\approx 2^d$ (equiv. $2^{256}/D$)	Probabilistic; finality degrades with forks/delays.	High variance under churn; energy rises with d and disorder-amplified orphaning [20].
PoS	$\mathcal{O}\left(\right|\mathcal{V}\left|\right)·e_{\mathrm{sig}}$ (votes/verify) $+$ msg	Fast in small committees; stalls under partitions.	Committee dynamics and equivocation handling under mobility [21].
PoA/ DPoS	Sig-dominant; committee-sized.	Low latency in stable settings; sensitive to churn.	Reduced decentralization; reconfiguration costs and authority risks [8].
BFT/ FBA	Sig + msg; typically $\mathcal{O}\left(\right|\mathcal{V}{|}^2)$.	Deterministic within connected quorums.	Quorum formation, view changes, and slice stability under mobility [13].
Hybrid (fixed)	Tunable; fixed thresholds.	Configurable; brittle at boundaries.	Vanilla Hybrid: switches using fixed rules (no feedback calibration).
Hybrid (closed-loop)	Tunable; feedback-driven rigor.	Configurable; stabilized by adaptation.	Requires stable online control under fast topology change (this work).

. Unless stated otherwise, “energy” below refers to the cryptographic component; radio energy is accounted for separately by NS-3 device models and is reported jointly with crypto energy in the expanded comparisons (Section 6.9).

• Baseline clarity and naming.

To avoid ambiguity across sections, we use the following terms consistently: (i) static PoW/PoS refers to single-family consensus with fixed parameters (no state feedback); (ii) Vanilla Hybrid refers to a two-mode hybrid that may switch families but uses fixed thresholds and fixed parameters (no calibration and no stability constraints); and (iii) Hybrid Engine refers to the proposed closed-loop controller that adapts both mode and rigor parameters via $g(S,H_{\mathrm{spatial}})$ and $f(S,H_{\mathrm{spatial}})$.

2.4. Security and Latency Constraints in VANETs

VANETs disseminate safety-critical messages (e.g., cooperative awareness and event notifications) over DSRC/802.11p or C-V2X under stringent latency budgets and intermittent connectivity [3,22]. In practice, high-load non-safety traffic must not degrade safety performance, and governance mechanisms must remain robust under contention, link breaks, and component-wise operation [4].

Table 3. VANET security/latency challenges as governance triggers: impacts and representative mitigations.

Challenge	Impact	Mitigation (Examples)	Refs.
Mobility and dynamic topology	Link breaks; unstable paths; component-wise consensus.	Clustering; adaptive routing; local quorums.	[2,3]
Bandwidth fluctuation	Bursty latency; packet loss; broadcast storms.	QoS scheduling; congestion control; edge offload.	[4,22]
Security threats (spoofing, Sybil)	False alerts; data tampering; trust collapse.	Authentication; plausibility checks; trust thresholds.	[23,24,25]
Centralized bottlenecks	Single points of failure; targeted DoS.	Distributed revocation; mutual authentication.	[8]
OBU constraints	Processing delays; energy limits; limited compute.	Lightweight crypto; batching; bounded validation.	[14,26]

structures canonical challenges as governance triggers and the impacts that a control layer must react to.

2.5. Information-Theoretic Principles for Governance (Operational View)

We quantify network disorder using Shannon entropies as operational observables for closed-loop governance: (i) informational entropy S over the distribution of active transactions across nodes within a sampling window and (ii) spatial entropy $H_{\mathrm{spatial}}$ over vehicle dispersion across spatial bins/clusters. Both are computed over normalized distributions (natural logarithms; nats) and then reported in $[0,1]$ by division by their respective maxima (e.g., $S^{\star }=S/lnK$ and $H^{\star }=H_{\mathrm{spatial}}/lnM$ for K active transactions and M spatial bins). For readability, we reuse symbols S and $H_{\mathrm{spatial}}$ for the normalized values in plots and tables; the raw/normalized distinction is documented in Appendix A.8. These quantities are dimensionless after normalization and are not equated with thermodynamic entropy; thermodynamic terminology (“cycle” and “work”) is used strictly as an engineering analogy for resource–quality trade-offs. Energy is reported in Joules by combining NS-3 radio energy models with an analytical cryptographic term (Section 5.5); host-side power measurement tools are not used in the reported figures or statistics.

• Positioning.

Recent work has begun to incorporate adaptive indicators and hybrid consensus variants tailored to V2X constraints (e.g., entropy-inspired observables and BFT/FBA variants for dynamic settings), motivating a principled and reproducible governance loop based on explicit, interpretable state variables [11,13,15]. The subsequent sections present our optimization-guided objective, the calibrated control maps, and the NS-3 implementation/instrumentation used to produce the reported results.

3. Hypothesis Formulation and Methodology

This work targets secure, low-latency governance in VANETs by combining a control-inspired Ideal Information Cycle—used strictly as an engineering analogy for resource–quality trade-offs—with a modular VANET Engine deployed per geographic cluster. The Engine monitors system disorder and adapts the consensus mode and rigor in real time. To minimize redundancy, formal metric definitions are provided below (Section 3.1), while symbols are summarized in

Table 4. Nomenclature used throughout this paper. S and $H_{\mathrm{spatial}}$ are normalized, dimensionless Shannon entropies in $[0,1]$.

Symbol	Meaning	Units/Domain	First Use
$N\left(t\right)$	Number of active nodes (vehicles) at time t	$\mathbb{N}$	Section 3.1
$\mathcal{T}\left(t\right)$	Set of distinct pending transactions	–	Section 3.1
$S\left(t\right)$	Informational entropy (normalized Shannon)	$[0,1]$	Section 3.1
M	Number of spatial bins	$\mathbb{N}$	Section 3.1
$H_{\mathrm{spatial}}\left(t\right)$	Spatial entropy (normalized Shannon)	$[0,1]$	Section 3.1
$\Delta t_i$	Per-transaction delay	ms	Section 3.1
${ϵ}_i$	Validity indicator (0 valid; 1 invalid/stale)	$\{0,1\}$	Section 3.1
QoI	QoI proxy from $(\Delta t_i,{ϵ}_i)$ tiers	–	Section 3.1
L	Agreement/commit latency ($t_{\mathrm{commit}}-t_{\mathrm{trigger}}$)	ms	Section 3.1
F	Finality time (mode-specific irreversibility)	ms	Section 3.1
$D_{\mathrm{ledger}}\left(t\right)$	Average pairwise ledger divergence (LCP-normalized)	$[0,1]$	Section Ledger Coherence and Fork/Orphan Detection
O	Orphan/fork rate	%	Section Ledger Coherence and Fork/Orphan Detection
D	PoW target (smaller ⇒ harder)	dimensionless	Section 3.3
T	Stake/quorum rigor threshold	dimensionless	Section 3.3
$g(S,H)$	PoW target mapping	dimensionless	Section 3.3
$f(S,H)$	Stake/quorum mapping	dimensionless	Section 3.3
$S_{\mathrm{th}}$	Informational entropy trigger threshold	$[0,1]$	Section 3.5.5
$H_{\mathrm{th}}$	Spatial entropy trigger threshold	$[0,1]$	Section 3.5.5
$\Delta T$	Engine sampling period	s	Section 3.3
$e_h$	Energy per hash (profile-dependent)	J/hash	Section 3.5.5
$e_{\mathrm{sig}}$	Energy per signature op (profile-dependent)	J/op	Section 3.5.5
$E_{\mathrm{block}}$	Energy per confirmed block (radio+crypto)	J	Section 3.5.4
TPS	Throughput (transactions per second)	tx/s	Section 3.5.4

.

To operationalize the control loop, we use two normalized Shannon entropies (mapped to $[0,1]$) as the primary real-time observables:

• $S\left(t\right)$, the entropy of the active transaction microstate distribution;
• $H_{\mathrm{spatial}}\left(t\right)$, the entropy over spatial occupancy bins.

These observables quantify the disorder that the system must counteract. The resulting governance cycle, where validation rigor balances injected disorder to maintain a Quality-of-Information (QoI) proxy, is illustrated in Figure 1.

3.1. Core Metrics, Normalization, and Boundedness

We distinguish (i) state observables used by the controller (entropies and QoI proxy) and (ii) evaluation metrics reported in the results (agreement latency, finality, energy, throughput, orphaning, and coherence).

• Informational entropy $S\left(t\right)$.

Let $\mathcal{T}\left(t\right)$ be the set of distinct pending transactions at time t and let $c_i\left(t\right)$ be the number of nodes currently holding transaction id $i\in \mathcal{T}\left(t\right)$. Define the normalized copy distribution

$${\tilde{p}}_i\left(t\right)={\displaystyle \frac{c_i\left(t\right)}{{\sum }_{k\in \mathcal{T}\left(t\right)}{c}_k\left(t\right)}},\sum _{i\in \mathcal{T}\left(t\right)}{\tilde{p}}_i\left(t\right)=1,$$

and the bounded Shannon entropy

$$S\left(t\right)={\displaystyle \frac{-{\sum }_{i\in \mathcal{T}\left(t\right)}{\tilde{p}}_i\left(t\right)ln{\tilde{p}}_i\left(t\right)}{ln\left|\mathcal{T}\right(t\left)\right|}}\in [0,1].$$

We apply Laplace smoothing $c_i\leftarrow c_i+\epsilon$ with $\epsilon ={10}^{-6}$ to avoid numerical issues; results are insensitive to $\epsilon$. We use natural logarithms (nats) and normalize by $ln\left|\mathcal{T}\right(t\left)\right|$ so that $S\left(t\right)\in [0,1]$ by construction (restated in Appendix A.8).

• Spatial entropy $H_{\mathrm{spatial}}\left(t\right)$.

Partition the area into M spatial bins; let $n_j\left(t\right)$ be the number of vehicles in bin j and $N\left(t\right)={\sum }_{j=1}^M{n}_j\left(t\right)$. With $q_j\left(t\right)=n_j\left(t\right)/N\left(t\right)$,

$$H_{\mathrm{spatial}}\left(t\right)={\displaystyle \frac{-{\sum }_{j=1}^M{q}_j\left(t\right)ln{q}_j\left(t\right)}{lnM}}\in [0,1].$$

Spatial binning uses a fixed M per scenario, and normalization by $lnM$ ensures $H_{\mathrm{spatial}}\left(t\right)\in [0,1]$ (restated in Appendix A.8).

• QoI proxy (delay and validity tiers).

For each transaction $t_i$, we record (i) end-to-end delay $\Delta t_i$ (ms) and (ii) a binary validity indicator ${ϵ}_i\in \{0,1\}$, where ${ϵ}_i=1$ denotes an invalid signature, stale timestamp, or failed format/consistency check. QoI is operationalized through delay/error tiers (Section 3.5.5) and used in candidate-set formation (prioritize small $\Delta t_i$ and discard ${ϵ}_i=1$). QoI is an engineering proxy and is not interpreted as a physical quantity.

• Agreement/commit latency L.

Agreement (commit) latency L is measured as the time from a consensus trigger (proposal/validation start) to the time the block is committed locally:

$$L=t_{\mathrm{commit}}-t_{\mathrm{trigger}}.$$

This metric matches the “sub-100 ms” agreement claim in favorable regimes; finality is reported separately.

• Finality time F.

Finality F measures time to irreversibility under the mode-specific rule: for PoW, F is the time from commit until the block is buried by k subsequent blocks (we report k with the results); for signature/quorum modes, F is the time from proposal until the required quorum/threshold is reached and a commit certificate is formed.

Ledger Coherence and Fork/Orphan Detection

• Ledger divergence $D_{\mathrm{ledger}}\left(t\right)$.

Let $L_u\left(t\right)$ denote the ordered block sequence (main-chain view) at node u at time t, with height $h_u\left(t\right)=\left|L_u\left(t\right)\right|$. For any pair $u\ne v$, define $\mathrm{LCP}(u,v,t)$ as the length of the longest common prefix of $L_u\left(t\right)$ and $L_v\left(t\right)$. We define the pairwise bounded divergence

$$\delta (u,v,t)=1-{\displaystyle \frac{\mathrm{LCP}(u,v,t)}{max\{1,max(h_u\left(t\right),h_v\left(t\right))\}}},\delta (u,v,t)\in [0,1],$$

and the network-average ledger divergence

$$D_{\mathrm{ledger}}\left(t\right)={\displaystyle \frac{2}{N\left(t\right)\left(N\right(t)-1)}}\sum _{u<v}\delta (u,v,t)\in [0,1],$$

where $N\left(t\right)$ is the number of active nodes at time t. In all figures and statistical analyses, “$D_{\mathrm{ledger}}\left(t\right)$” refers to this LCP-normalized definition.

• Fork/orphan rate O (end-of-run).

We report orphan/fork rate O as the fraction of produced blocks that do not lie on the final main chain at simulation end:

$$O={\displaystyle \frac{|{\mathcal{B}}_{\mathrm{orphan}}|}{|{\mathcal{B}}_{\mathrm{total}}|}},$$

computed from the logged orphan_flag (Section 5.5).

3.2. Nomenclature

A compact list of symbols is provided in Table 4 to avoid re-defining variables throughout the methods.

3.3. The VANET Engine: Entropy-Driven Governance

• Sampling, smoothing, and triggers.

Every $\Delta T$ (default 1 s), each cluster-local Engine samples $S\left(t\right)$ and $H_{\mathrm{spatial}}\left(t\right)$ and applies exponential smoothing (EMA) to avoid thrashing around thresholds (Appendix A, Algorithm A1). If either smoothed observable exceeds its threshold ($S_{\mathrm{th}}$ or $H_{\mathrm{th}}$), the Engine increases validation rigor; otherwise it relaxes rigor. Thresholds and $\Delta T$ are selected and validated as described in Section 3.5.5.

• Adaptive mappings (policy approximation).

Consensus rigor is instantiated via calibrated maps:

$$D\leftarrow g(S,H_{\mathrm{spatial}}),T\leftarrow f(S,H_{\mathrm{spatial}}),$$

where D is the PoW target and T denotes the mode-specific stake/quorum threshold. The maps are selected by cross-validated function-class search under monotonicity and stability constraints (Section 3.5.5).

• Selecting among PoS, DPoS, and FBA in the rigorous family.

When the policy switches away from PoW (typically under elevated S and/or $H_{\mathrm{spatial}}$), the Engine selects a signature/quorum-based mode using a deterministic rule based on the same logged observables to ensure reproducibility. Concretely, (i) PoS is preferred when the validator set remains stable within the current cluster window (low churn and low dispersion), (ii) DPoS is selected when limiting committee size is beneficial to reduce message overhead under moderate density, and (iii) FBA is preferred under high dispersion/fragmentation because quorum slices can be configured to preserve safety within partially connected components. The selected mode and its rigor parameter $\Theta =f(S,H_{\mathrm{spatial}})$ are logged per event (Section 5.5), enabling exact replay of all mode decisions in post-processing.

• Mode selection.

$$\mathsf{mode}=\left\{\begin{array}{cc}\mathrm{Signature}/\text{quorum-based}\left(\mathrm{rigorous}\right)\hfill & \mathrm{if}S>S_{\mathrm{th}}\mathrm{or}{H}_{\mathrm{spatial}}>H_{\mathrm{th}},\hfill \\ \mathrm{PoW}(\mathrm{lower}\mathrm{coordination}\cos \mathrm{t})\hfill & \mathrm{otherwise}.\hfill \end{array}\right.$$

Candidate sets prioritize fresher transactions (small $\Delta t_i$) and discard invalid/stale ones (${ϵ}_i=1$) before consensus. Algorithm 1 summarizes the cluster-local control loop.

Algorithm 1 VANET Engine (cluster-local control loop)

1: Repeat every $\Delta T$: sample $S,H_{\mathrm{spatial}}$; compute $D\leftarrow g(S,H_{\mathrm{spatial}})$ and $T\leftarrow f(S,H_{\mathrm{spatial}})$

2: if  $S>S_{\mathrm{th}}$  or  $H_{\mathrm{spatial}}>H_{\mathrm{th}}$  then

3:     mode ← signature/quorum-based

4: else

5:     mode ← PoW

6: end if

7: Build a QoI-aware candidate set; execute the selected consensus; append block

8: Purge invalid transactions; update local state; loop

3.4. Hypotheses

We test the following hypotheses using matched-seed contrasts across identical mobility/load conditions.

H1: 

In latency-feasible regimes, PoW cryptographic energy per block increases with informational disorder S, while signature/quorum-based modes are more weakly coupled to S.

H2: 

A consensus-first (CF) policy (validate immediately when $S>S_{\mathrm{th}}$) reduces agreement latency L and packet overhead and increases throughput relative to dwell-based broadcast-first (BF) baselines.

H3: 

Increasing spatial disorder ($H_{\mathrm{spatial}}$) degrades timeliness and coherence under static settings; the adaptive Engine mitigates this degradation by tightening rigor where dispersion is highest.

H4: 

Increasing mobility increases orphaning and finality time F under static schemes; the adaptive Engine limits these increases via entropy-driven mode/parameter updates.

H5: 

Under high disorder, the Engine preserves microstate consistency by reducing $D_{\mathrm{ledger}}\left(t\right)$ relative to static baselines.

3.5. Detailed Methodology

3.5.1. Simulation Environment and Implementation

• Simulation environment.

All reported experiments rely on NS-3.35 [9]. The implementation follows a modular architecture:

• Stack and architecture: The baseline PHY/MAC is IEEE 802.11p/WAVE (WaveHelper). The Engine operates as an application-layer process where consensus routines are pluggable via the ConsensusModule interface (Appendix A).
• Energy model: We use a hybrid accounting approach—radio energy is modeled with WifiRadioEnergyModel, while cryptographic energy is added analytically using per-operation constants (introduced in Section 3.5.5).
• Instrumentation: Metrics are aggregated per run, sampled at 1 s intervals, and triggered on key events such as block commits and mode switches.

3.5.2. Mobility and Dynamic Conditions

We generate mobility traces with BonnMotion [27] and evaluate multiple densities to capture both moderate and city-scale regimes. Unless otherwise stated, we report results for $N\in \{25,50,100\}$ vehicles (matched seeds), and we include an additional high-density trial with $N=500$ vehicles to stress the MAC/PHY under broadcast-heavy urban conditions (i.e., a broadcast-storm-like regime). Each configuration runs for 600 s with 30 matched seeds.

3.5.3. Partition and Adversarial Stressors (Sensitivity Analysis)

We include scheduled partitions and bounded adversarial stressors (Sybil-like pseudonyms, Byzantine proposers, and eclipse windows) to assess sensitivity and failure modes. Parameters are fully disclosed for reproducibility (

Table 5. Adversary and partition stress profiles used in sensitivity analyses. All parameters are logged per run via the normalized schema in Section 5.5 and implemented through the plugins described in Section 5.3.

Stressor	Injected Capability (Implementation)	Profile Parameters (as Used in This Paper)
Sybil	Multiple pseudonyms per attacker injected at send/receive hooks; bounded identity multiplicity	Sybil rate ${\rho }_{\mathrm{sybil}}=5\%$; 3–5 pseudonyms/attacker; per-credential rate limiting enabled
Byzantine proposers	Equivocation/double-propose within consensus callbacks (proposal fork injection)	Double-propose window: 200 ms; proposer corruption rate ${\lambda }_{\mathrm{bz}}$ logged per run
Eclipse window	Drop/deny non-colluding peers for a time window (transient neighborhood isolation)	Eclipse duration: 5–10 s; eclipse probability ${\rho }_{\mathrm{ecl}}$ logged; peer rotation enabled when applicable
Corrupted / stale payloads	Inject invalid signatures / stale timestamps to test admission/QoI filtering	Invalid/stale items labeled via ${ϵ}_i=1$; freshness checks enabled; QoI filtering ON by default
Scheduled partition (k-cut)	Disable selected NetDevice links (Tx/Rx) to create disconnected components, then re-enable	Partition duration: 10–30 s; k-cut schedule (start, end, affected links) logged; realized component sizes logged

and related text). Extended cases and implementation hooks are documented in Appendix A and Section 5.9.

3.5.4. Experimental Metrics

We record agreement latency L (ms), finality F (ms), per-block energy $E_{\mathrm{block}}$ (J; radio+crypto), throughput (tx/s), orphan rate O (%), and ledger divergence $D_{\mathrm{ledger}}\left(t\right)$. Metrics are computed per run and aggregated across matched seeds.

3.5.5. Parameterization and Calibration

• Energy constants and hardware mapping.

To avoid overfitting crypto energy to a single hardware stack, we model cryptographic costs using OBU profiles that capture variability in CPU class, firmware/crypto library efficiency, and power states. Concretely, the per-operation energy terms are treated as profile-dependent: $e_h^{\left(p\right)}$ (hash) and $e_{\mathrm{sig}}^{\left(p\right)}$ (signature verification), where $p\in \{\mathrm{OBU}-\mathrm{L},\mathrm{OBU}-\mathrm{M},\mathrm{OBU}-\mathrm{H}\}$. Unless otherwise stated, the main plots use the mid-profile (OBU-M), and we report sensitivity across profiles in the scalability/robustness analysis.

Table 6. Hardware-aware crypto energy profiles used to account for OBU heterogeneity. Values reflect ranges observed across embedded/automotive-grade compute tiers and crypto stacks; experiments use OBU-M by default and sweep OBU-L/OBU-H for sensitivity.

Profile	Hash Energy ${\mathit{e}}_{\mathit{h}}$ (nJ/hash)	Signature Verify Energy ${\mathit{e}}_{\mathbf{sig}}$ (mJ/op)
OBU-L (low-power)	$[6,10]$	$[2,4]$
OBU-M (mid-tier)	$[3,6]$	$[1,2]$
OBU-H (high-end)	$[1,3]$	$[0.4,1]$

reports the OBU-aware ranges used throughout.

• PoW energy accounting (difficulty-traceable).

Let $D=g(S,H_{\mathrm{spatial}})$ denote the PoW target (smaller ⇒ harder). Under uniform hashes, $\mathbb{E}\left[n_{\mathrm{hash}}\right]\approx 2^{256}/D$. Define effective difficulty bits

$$d_{\mathrm{eff}}=256-{log}_{2}D,E_{\mathrm{PoW}}\approx e_h{2}^{d_{\mathrm{eff}}}.$$

Targets are calibrated for timeliness in the simulated environment and are not intended to match cryptocurrency-grade PoW hardness; implications are discussed in Section 4.

• Trigger thresholds.

We select $S_{\mathrm{th}}=0.50$ and $H_{\mathrm{th}}=0.60$ via a grid scan over ${[0,1]}^2$ on a training subset of seeds using knee detection, where latency increases nonlinearly and delivery drops below 95%. Robustness is evaluated on held-out seeds; $\pm 0.05$ perturbations yield $<5\%$ variation in headline metrics.

• Policy-map selection.

To instantiate g and f, we perform a constrained function-class search with five-fold cross-validation over mobility and load profiles. Candidate families include low-order polynomial, exponential/log, and spline bases; Fourier terms in $H_{\mathrm{spatial}}$ are admitted only if they improve out-of-sample fit without violating stability constraints. We enforce (i) a non-increasing ${log}_{2}D$ with S, (ii) bounded sensitivity to $H_{\mathrm{spatial}}$ via a Lipschitz cap to prevent thrashing, and (iii) feasibility bounds for $(D,T)$. Coefficients, diagnostics, and constraint checks are reported for reproducibility (Section 3.5.6 and Appendix B).

3.5.6. Fitted Policy Maps and Coefficients

We report the final closed-form maps used by the Engine:

$$D\leftarrow \mathrm{Clamp}\left(g(S,H_{\mathrm{spatial}}),D_{min},D_{max}\right),T\leftarrow \mathrm{Clamp}\left(f(S,H_{\mathrm{spatial}}),T_{min},T_{max}\right),$$

with coefficient values in

Table 7. Operational parameters and default values for the VANET Engine.

Parameter	Description	Value
Control Loop Thresholds
$S_{\mathrm{th}}$	Informational entropy trigger threshold (normalized $[0,1]$)	$0.50$
$H_{\mathrm{th}}$	Spatial entropy trigger threshold (normalized $[0,1]$)	$0.60$
$\Delta T$	Engine sampling period (control loop cadence)	$1.0$ s
$\lambda$	EMA smoothing factor (anti-thrashing)	$0.5$
Consensus Constraints
${\tau }_{max}$	PoW mining timeout (upper bound for latency)	200 ms
${\tau }_{elec}$	DPoS election window	5 s
$|Q_k|$	FBA quorum slice size	5 peers
$e_h$	Representative hash energy (OBU-M; analytical accounting)	5 nJ
$e_{\mathrm{sig}}$	Representative signature energy (OBU-M; analytical accounting)	$1.5$ mJ
Scenario Configuration
M	Number of spatial bins (Urban/Highway)	25/50
N	Number of vehicles (Urban/Highway)	50–100/80–100

.

3.5.7. Statistical Procedures

All figures report means over 30 matched seeds with 95% bias-corrected and accelerated (BCa) bootstrap confidence intervals (10,000 resamples). Seeds are matched across conditions (blocking by mobility/load), and Holm–Bonferroni correction is applied for multiple pairwise contrasts. For headline comparisons we additionally report paired contrasts across matched seeds (Appendix A).

3.6. Theoretical Formulation and Validation Protocol

• Operational free-governance potential.

We model governance as a control decision taken at discrete times k (period $\Delta T$), based on the observed state $x_k=(S_k,H_k,Q_k)$. The governance action is

$$u_k=\left(m_k,{\theta }_k,{\pi }_k\right),$$

where $m_k\in \{\mathsf{PoW},\mathsf{PoS}/\mathsf{DPoS},\mathsf{FBA}\}$ is the consensus mode, ${\theta }_k=(D_k,T_k)$ are mode-dependent rigor registers, and ${\pi }_k\in \{\mathsf{CF},\mathsf{BF}\left(\tau \right)\}$ denotes the triggering policy.

We define a free-governance potential that trades resource cost against QoI under timeliness and coherence pressure:

$$\Phi (u_k\mid x_k)=\mathbb{E}\left[E_{\mathrm{tot}}\left(u_k\right)\right]-\eta \mathbb{E}\left[Q\left(u_k\right)\right]+{\lambda }_L\mathbb{E}[{[L\left(u_k\right)-L^{\star }]}_{+}]+{\lambda }_D\mathbb{E}\left[{[D_{\mathrm{ledger}}\left(u_k\right)-D^{\star }]}_{+}\right]+{\lambda }_O\mathbb{E}[{[O\left(u_k\right)-O^{\star }]}_{+}],$$

(1)

where ${\left[z\right]}_{+}=max\{z,0\}$ and $(L^{\star },D^{\star },O^{\star })$ define the operational V2X envelope.

• Traceable energy model.

$$E_{\mathrm{tot}}=E_{\mathrm{radio}}+E_{\mathrm{crypto}},E_{\mathrm{crypto}}=e_h{n}_{\mathrm{hash}}+e_{\mathrm{sig}}{n}_{\mathrm{sig}}.$$

(2)

• Constraints and stability requirements.

We impose bounded registers, timeliness/coherence envelopes, monotone response in S, Lipschitz response in $H_{\mathrm{spatial}}$, and anti-thrashing switching (hysteresis + minimum dwell). These constraints are enforced during policy-map calibration and in the runtime supervisor (Appendix A).

• Proof sketch (concise).

Clamping ensures well-posed bounded registers; EMA + Lipschitz caps bound control variation; and hysteresis/minimum dwell prevent chattering. The monotone envelope in S ensures that increasing transaction disorder cannot yield weaker validation, aligning the implemented policy with (1) in high-disorder regimes.

• Validation protocol (comparators).

We compare (i) the adaptive Engine (mode + $(g,f)$), (ii) static PoW (fixed D), (iii) static signature/quorum-based modes (fixed T), and (iv) Vanilla Hybrid (switching with fixed $(D_0,T_0)$) under matched seeds and identical mobility/load.

• Baseline: Vanilla Hybrid (VH).

Vanilla Hybrid uses the same $(S_{\mathrm{th}},H_{\mathrm{th}})$ switching surface as the Engine but keeps all rigor parameters fixed:

$$D_{\mathrm{VH}}\left(t\right)\equiv D_0,T_{\mathrm{VH}}\left(t\right)\equiv T_0.$$

Thus VH isolates the effect of mode switching alone without continuous entropy-conditioned tuning.

4. Security Analysis and Threat Model

• Scope and security envelope.

Our objective is operational security for V2X-oriented ledgers: (i) integrity at admission (reject invalid/stale items), (ii) timeliness under churn and contention, and (iii) convergence/coherence within cluster-local connectivity windows. We do not claim cryptocurrency-grade, permissionless Nakamoto security. In particular, PoW targets in our experiments are calibrated to satisfy V2X timeliness constraints (Section 3.6); therefore, PoW in this paper must be interpreted as a latency-feasible mechanism rather than a stand-alone defense against sustained majority-hash adversaries.

4.1. Threat Model and Assumptions

• Assets and goals.

We aim to protect (A1) ledger integrity (no invalid/stale transactions admitted), (A2) timely agreement under V2X budgets, and (A3) ledger coherence (bounded divergence/orphaning) despite mobility-driven fragmentation.

• Adaptive adversaries targeting the control loop.

Beyond static attacker capabilities (Sybil identities, Byzantine proposers, and eclipse/partition attempts), we explicitly consider a control-loop adversary that adaptively observes recent mode decisions and perturbs the transaction/event stream to steer the controller toward unfavorable operating points (e.g., increased overhead, elevated latency, or prolonged conservative operation). This includes attempts to manipulate measured disorder signals (entropy inflation/deflation) and to exploit transition dynamics. We assume that the adversary remains crypto-bounded (cannot break signatures/hashes) and resource-bounded (cannot sustain global majority control indefinitely) but can mount targeted, bursty attacks. Section 4.4 details hardenings that maintain safety under such adaptive pressure.

• Cryptographic baseline and trust assumptions.

Transactions and control messages are signed and undergo timestamp/freshness checks; invalid or stale items are labeled (${ϵ}_i=1$) and handled by QoI-aware admission (Section 3.1). Signature/quorum-based modes (PoS/DPoS/FBA) are treated as permissioned/consortium-style modes (configured validator sets/quorum slices), consistent with V2X deployments where RSUs/authorities or membership services exist. We do not assume a global always-connected network; instead, we assume cluster-local connectivity windows in which quorums may form and convergence can be evaluated.

4.2. Latency-Feasible PoW and Explicit Majority-Hash Risk

• Why PoW targets are intentionally easier.

To meet sub-second (often sub-150 ms) freshness constraints, PoW targets are calibrated so that expected mining/confirmation latency fits the timeliness envelope. This necessarily implies targets that are far easier than cryptocurrency-scale PoW.

• Explicit consequence: majority-hash resistance is not claimed.

Under the uniform hash assumption, the success probability per hash is proportional to the target, and the expected trials satisfy $\mathbb{E}\left[n_{\mathrm{hash}}\right]\approx 2^{256}/D$ (Section 3.5.5). Define effective difficulty bits $d_{\mathrm{eff}}=256-{log}_{2}D$. In our timeliness-feasible regimes, $d_{\mathrm{eff}}$ is intentionally small relative to open permissionless cryptocurrencies, implying that an adversary with substantially higher hashing capacity than honest OBUs could out-mine the network if PoW were used as a permissionless security anchor. Therefore, we make the following operational stance explicit:

• We do not claim PoW-based Sybil/majority-hash resistance comparable to Bitcoin/Ethereum-style assumptions.
• PoW in this paper is a latency-feasible operational mode suitable only under a restricted envelope (e.g., credentialed miners, RSU anchoring/checkpointing, or limited adversarial exposure).
• In adversarially exposed deployments, PoW should be disabled or strictly constrained, and the Engine should prefer permissioned signature/quorum modes (PoS/FBA) as the security-bearing consensus family.

4.3. Mode Transitions and Safety Across Switching

A reviewer concern is whether transitions between modes can introduce double-commit or allow adversaries to exploit weaker regimes. We enforce a transition barrier that makes switching protocol-safe:

• Epoch boundary (anti-chattering). A mode is fixed for an epoch of length at least ${\tau }_{min}$ (minimum dwell time), preventing rapid oscillations around thresholds.
• Commit (checkpoint) barrier. Before a switch, nodes either (i) finalize the current candidate under the current mode or (ii) time out and discard the candidate. The epoch then freezes a snapshot consisting of the mempool candidate set and the last committed header $B^{\star }$.
• Prefix consistency rule. The next epoch can only extend the checkpoint header $B^{\star }$ (no backward reorg beyond the barrier). This bounds reorganization depth across transitions and prevents concurrent commits under multiple modes.

Operationally, the barrier ensures that switching does not create ambiguous concurrent commits. In our NS-3 implementation, transition events are logged and included in the divergence/orphan computation (Section 5.5).

4.4. Entropy Manipulation and Control Signal Robustness

A second reviewer concern is whether adversaries can manipulate entropy observables to force mode selection.

(1)

The policy is conservative under disorder.

The Engine increases validation rigor (and switches away from PoW) when either S or $H_{\mathrm{spatial}}$ rises above thresholds. Thus, inflating disorder observables cannot force the system into a weaker validation regime; the dominant risk is instead DoS-like overhead increase (forcing conservative validation more often), not a security bypass.

(2)

Hardening against entropy inflation (bounded impact).

To mitigate entropy inflation attempts (transaction flooding and Sybil-induced dissemination noise), the implementation supports:

• Validated-only estimation: Compute S and $H_{\mathrm{spatial}}$ from signed, freshness-checked events only (invalid/stale items do not contribute).
• Admission control: Cap per-credential transaction injection and bound candidate-set growth per epoch, limiting the ability to inflate S via flooding. In addition, we can pre-filter transaction streams using lightweight anomaly detection to suppress injected noise before it biases entropy estimation. For example, ML-based fraud/anomaly detection pipelines designed for high-volume transaction streams can be adapted to flag bursty, repetitive, or statistically implausible submissions prior to admission, reinforcing the admission control gate [28].
• Robust aggregation: Optionally use trimmed/median aggregation across cluster reports to limit outlier influence.
• Hysteresis and smoothing: EMA + two-threshold hysteresis reduces the effect of short-lived spikes on mode selection (constraints C5–C6 in Section 3.6).

These mechanisms bound the impact of entropy manipulation primarily to performance degradation within the stated envelope rather than consensus compromise.

(3)

Hardening against entropy deflation (under-reporting).

An adaptive adversary may also attempt to suppress the measured disorder signal (e.g., selective forwarding, under-reporting, or shaping the observed microstate) to keep S and/or $H_{\mathrm{spatial}}$ below thresholds and prolong PoW operation. We mitigate this risk via (i) local computation from directly observed, validated events (not solely neighbor reports), (ii) cross-checks/robust aggregation across cluster views, and (iii) a safety default: when signal quality is low or reports are inconsistent, the controller biases toward the rigorous family and enforces minimum rigor floors.

Entropy Injection Attacks (Control-Loop Manipulation)

In an entropy injection attack, an adversary crafts inputs that mimic high-disorder dynamics (e.g., bursty multi-identity submissions, timing jitter, and content variation) to artificially elevate measured entropy and force premature transitions into more conservative operating modes. This differs from classic Sybil/Byzantine roles because the target is the measurement–decision pipeline. The primary consequence is therefore controlled performance degradation (higher overhead/latency), not validation weakening. We mitigate entropy injection via (i) robust estimation (windowed aggregation with trimming/winsorization), (ii) hysteresis and dwell-time constraints that prevent rapid mode flipping, (iii) safety floors on rigor (never dropping below a minimum verification set under uncertainty), and (iv) stream pre-filtering (admission control plus anomaly detection) to remove suspicious bursts prior to entropy computation. These measures preserve bounded adaptation even when disorder signals are partially adversarial.

4.5. What Our Evaluation Secures (and Non-Claims)

Within the stated envelope, we empirically evaluate (i) integrity at admission via QoI-aware filtering (invalid/stale exclusion), (ii) timeliness improvements under CF vs. BF policies, and (iii) convergence/coherence improvements under partitions/eclipses via reduced divergence and bounded orphaning (Section 3.5.3 and Section 6).

We explicitly do not claim robustness to (i) sustained majority-hash adversaries in PoW under latency-feasible targets, (ii) fully adaptive collusion that learns and exploits the control dynamics globally, or (iii) permissionless cryptoeconomic security without external membership/identity services.

For deployments requiring stronger guarantees, we recommend permissioned validator governance (PoS/FBA), RSU anchoring/checkpointing to bound reorg depth, Sybil-resistant admission controls, and eclipse-resistant peer rotation as natural extensions.

5. NS-3 Implementation

We validate the proposed entropy-driven governance loop with a modular NS-3.35 framework [9]. Our implementation encapsulates the cluster-local VANET Engine (metric sampling, mode/rigor selection, and state updates) into a reusable helper (VanetEngineHelper) and a node application (NodeApp). Consensus is pluggable (PoW, PoS, DPoS, and FBA) through a unified ConsensusModule interface, and a structured logging pipeline records all observables required to reproduce figures and tables.

• Reproducible run protocol.

All results in Section 6 and Section 7 follow a single execution profile: NS-3.35, 600 s per run, 30 matched seeds per configuration, and 95% confidence intervals computed via BCa bootstrap in post-processing (Section 3.5.7). The exact simulator configuration, command-line flags, and per-event logs are versioned in the public artifact described in Section 5.6; each run stores a run_id and the repository git_commit in the CSV header for traceability.

5.1. General Configuration and Simulation Parameters

We consider two mobility settings with identical communication stacks and Engine sampling policies: an urban grid (1 km × 1 km) and a highway segment (5 km). Unless explicitly stated otherwise, the communication stack uses IEEE 802.11p/WAVE via WaveHelper. Experiments involving additional C-V2X/LTE-V2X integrations are reported only when explicitly flagged and are fully versioned in the artifact (to avoid ambiguity across NS-3 releases).

Safety messaging is emulated at the application layer: we generate periodic CAM-like beacons at 10 Hz (100 ms) and DENM-like event-driven alerts, which allows controlled freshness constraints without claiming a full ETSI ITS-G5 stack.

Radio energy is modeled with BasicEnergySource and WifiRadioEnergyModel. Cryptographic energy is added analytically using the per-operation constants in Table 6 (parameterization in Section 3.5.5). Entropy metrics follow the normalized definitions in Section 3.1. QoI tiers are derived from delay and validity indicators $(\Delta t_i,{ϵ}_i)$, where ${ϵ}_i=1$ denotes invalid/stale items (Section 3.1). The full NS-3 configuration is summarized in

Table 8. NS-3 configuration used throughout the paper (aligned with Section 3.5).

Parameter	Value/Description
Simulator/version	NS-3.35 (IEEE 802.11p/WAVE via WaveHelper; other stacks only if explicitly reported and versioned)
Area	Urban: $1\times 1$ km; Highway: 5 km two-lane segment
Vehicles	Urban: 50–100; Highway: 100–200
Mobility	BonnMotion traces [27]; churn (join/leave)
M (spatial bins for $H_{\mathrm{spatial}}$)	Urban: $M=25$ (5 × 5 grid over 1 km × 1 km); Highway: $M=50$ (50 longitudinal bins over 5 km). Configurable via run flags.
$S_{\mathrm{th}}$	$0.50$—Informational entropy trigger (knee-selected under V2X latency constraints)
$H_{\mathrm{th}}$	$0.60$—Spatial dispersion trigger (knee-selected to prevent divergence spikes)
Speeds	Urban: 5–15 m/s; Highway: 15–30 m/s
Safety messaging	CAM-like periodic beacons: 10 Hz; DENM-like alerts: event-driven
Engine sampling	Every 1 s and on key events (proposal/commit/mode switch); EMA smoothing and hysteresis enabled
Consensus modes	PoW, PoS, DPoS, FBA (pluggable modules)
Block size	10 tx per block (QoI-aware candidate selection)
Block production trigger	Attempt commit when $|T_k| =10$ or when the per-mode timeout ${\tau }_{max}$ expires (no fixed $\Delta t_{\mathrm{block}}$)
Energy model	WifiRadioEnergyModel + analytical crypto term (Table 6)
Metrics logged	S, $H_{\mathrm{spatial}}$, EMA-smoothed $(\widehat{S},\widehat{H})$, QoI tier, agreement latency L, finality F, orphan flag O, and chain pointers/heads to compute $D_{\mathrm{ledger}}\left(t\right)$ per Section Ledger Coherence and Fork/Orphan Detection (details in Section 5.5)
Duration/seeds	600 s per run; 30 matched seeds; 95% CIs (BCa bootstrap; post-processing)

.

5.2. VanetEngineHelper and NodeApp Workflow

Figure 2 summarizes the helper and application pipelines. Each cluster-local Engine instance retrieves S and $H_{\mathrm{spatial}}$ from a shared metrics service, compares them against $(S_{\mathrm{th}},H_{\mathrm{th}})$, and selects the active ConsensusConfig (mode and rigor parameters). To reduce control-plane chatter, our implementation optionally disseminates the selected configuration to neighboring nodes; however, the policy is deterministic given the logged observables, and any node can compute the same decision locally.

The per-tick computational cost is $O(n+M)$ over local pending transactions and spatial bins; in our settings, this overhead is negligible relative to PHY/MAC processing and consensus execution.

5.3. Partition and Adversary Plugins

We expose explicit partition and adversary plugins for controlled stress testing, aligned with the bounded stressor profiles summarized in Table 5. These plugins are used in sensitivity analyses and in the adversarial/partition result blocks reported in Section 6 (and referenced from Section 4).

• Partition modeling (scheduled k-cuts; claiming).

Our primary (claiming) partition mechanism is a scheduled k-cut over NetDevice links: during a partition window, selected links are programmatically disabled (Tx/Rx) to separate the network into disconnected components and then re-enabled to measure recovery. Each partition window is logged with partition_id, start/end timestamps, affected link sets, and realized component sizes (fields cc_id, cc_size; see Section 5.5). Alternative fading-style partitions (e.g., corridor fades) are used only as non-claiming sensitivity checks and are explicitly flagged when reported.

• Adversary hooks (bounded sensitivity analyses).

Sybil identities, Byzantine proposers (equivocation/double-propose), eclipse windows, and corrupted transactions are injected via an AdversaryModule wrapper around NodeApp send/receive paths and consensus callbacks. Stressor parameters (e.g., sybil_ratio, bz_rate, and eclipse_dur_s) are logged per run and per event (Section 5.5). These stressors characterize robustness and failure modes; headline figures focus on baseline mobility/load unless a stressor is explicitly stated.

5.4. Consensus Modules

• Consensus implementation.

Mechanisms are pluggable via a unified ConsensusModule. We differentiate instrumentation by protocol family:

• PoW: iterates hashes to find a nonce; we log realized hash attempts $n_{\mathrm{hash}}$ per committed block.
• PoS/DPoS/FBA: we log the cryptographic workload (proposal, voting, and verification) as an aggregate count $n_{\mathrm{sig}}$.

Total energy combines NS-3 device models (radio) with analytical per-operation terms (crypto), as detailed in Section 5.7 and Figure 3.

5.5. Instrumentation and Logging

All results are derived from per-event logs written in a normalized CSV schema. Each row corresponds to a key event (tx reception/validation, proposal, commit, mode switch, and stressor/partition markers), enabling matched-seed pairing and fully reproducible post-processing.

• Metric-definition alignment (no ambiguity).

We log observables so that all reported metrics follow exactly the manuscript definitions: (i) $S\left(t\right)$ and $H_{\mathrm{spatial}}\left(t\right)$ are normalized Shannon entropies in $[0,1]$ (Section 3.1); (ii) the validity indicator is ${ϵ}_i\in \{0,1\}$, with ${ϵ}_i=1$ denoting invalid/stale items (Section 3.1); (iii) agreement latency L is measured as the proposal-to-commit time for a block (Section 3.5); (iv) finality F follows the operational definitions in Section 3.5 (PoW: k-deep; quorum modes: commit threshold); and (v) $D_{\mathrm{ledger}}\left(t\right)$ uses the LCP-normalized definition in Section Ledger Coherence and Fork/Orphan Detection and is reconstructed offline from logged chain pointers and per-node heads (and may optionally be logged at sample_state).

• Confidence intervals (BCa; post-processing only).

BCa bootstrap confidence intervals (95%, 10,000 resamples) are computed offline from seed-wise aggregates (Section 3.5.7); no CI quantities are logged. This avoids mixing sampling uncertainty with simulator observables and ensures that all inference is reproducible from the raw event logs.

• Command-line reproducibility.

All knobs are exposed via NS-3 CommandLine (e.g., –Seeds=30 –BlockSize=10 –EngineDt=1s –Sth=0.5 –Hth=0.6 –Adversary=Sybil:0.05). The artifact provides a script enumerating the full factorial design used in this paper (Section 5.6).

5.6. Reproducibility Artifact

To enable exact replication of all reported figures and tables, we release a versioned artifact that bundles (i) the NS-3 scenario drivers and helper/application code (VanetEngineHelper and NodeApp); (ii) the full set of configuration files (mobility/load profiles, thresholds, and default parameters); (iii) explicit seed lists per experimental condition (seeds.csv) and the script that enumerates the factorial design used in this paper; (iv) the normalized per-event CSV logging schema and parsers; and (v) the Python post-processing pipeline that generates every plot/table from raw logs (software versions are recorded in the artifact metadata).

• Provenance metadata (run-level traceability).

Each simulation run writes a deterministic run_id and the repository git_commit hash in the CSV header, together with the full command-line string (all flags) and a normalized configuration snapshot. This provenance block ensures that every data point in Section 6 can be traced to an immutable code revision and a unique seed/configuration tuple.

• Repository layout (high-level).

The artifact follows a fixed directory structure: /ns3/ (scenario drivers, helpers, and modules), /configs/ (scenario and policy parameters), /seeds/ (matched-seed lists), /logs/ (raw per-run CSV outputs, indexed by run_id), and /analysis/ (Pandas/Matplotlib scripts producing all figures/tables; versions recorded in the artifact metadata). This layout is used consistently throughout this paper and is sufficient to regenerate all results from raw logs.

• Replication protocol.

To reproduce the main results, one executes the provided run script to generate logs for the declared design (600 s runs; 30 matched seeds per configuration) and then runs the plotting pipeline on the generated CSVs. The post-processing uses only the logged observables (including S, $H_{\mathrm{spatial}}$, QoI tiers, orphan flags, agreement latency L, finality F, and chain-pointer/head fields enabling $D_{\mathrm{ledger}}\left(t\right)$ reconstruction per Section Ledger Coherence and Fork/Orphan Detection), ensuring that all results are derived from recorded, seed-indexed events rather than manual interventions.

• Link to adversary/partition result blocks.

The stressor-specific result blocks (Sybil/Byzantine/eclipse/partition) reported in Section 6 are generated exclusively from the fields in

Table 9. Normalized per-event CSV logging schema used for all results (deterministic under fixed seed). The CSV header stores run_id and git_commit for provenance (Section 5.6).

Field	Meaning (Aligned with Manuscript Definitions)
seed	NS-3 RNG seed (matched across conditions)
time_s	Simulation time (s) at event timestamp
node_id	Node emitting the log entry
cluster_id	Geographic/connected-component cluster identifier
event	{rx_tx, validate_tx, propose_block, commit_block, mode_switch, sample_state, partition_on/off, stressor_on/off}
S	Normalized informational entropy $S\left(t\right)\in [0,1]$
H_spatial	Normalized spatial entropy $H_{\mathrm{spatial}}\left(t\right)\in [0,1]$
S_ema	EMA-smoothed $\widehat{S}\left(t\right)$ used by the controller (anti-thrashing)
H_ema	EMA-smoothed $\widehat{H}\left(t\right)$ used by the controller
mode	Active mode {PoW, PoS, DPoS, FBA}
policy	Trigger policy {CF, BF} (Consensus-First / Broadcast-First)
D_target	PoW target D (256-bit scale; smaller ⇒ harder), if PoW
T_rigor	Stake/quorum rigor register T, if signature/quorum mode
epoch_id	Mode epoch identifier (for dwell/hysteresis auditing)
tx_id	Transaction identifier (for rx/validate events)
tx_delay_ms	Per-transaction delay $\Delta t_i$ (ms)
eps_invalid	${ϵ}_i\in \{0,1\}$, where ${ϵ}_i=1$ means invalid/stale
qoi_tier	QoI tier derived from $(\Delta t_i,{ϵ}_i)$ bins
block_id	Block identifier (proposal/commit events)
parent_id	Parent block identifier (tree pointer for offline reconstruction)
height	Block height (including genesis indexing convention used in Section Ledger Coherence and Fork/Orphan Detection)
tx_count	Number of transactions included in the block
n_hash	Realized number of PoW hash attempts for the committed block
n_sig	Total signature operations (proposal+votes+verifications) per block
L_ms	Agreement latency L (ms): proposal → commit time
finality_ms	Finality time F (ms), per Section 3.5
orphan_flag	1 if block is not on final main chain at $t_{\mathrm{end}}$, else 0
head_block_id	Node-local chain head at event time (used to compute LCP and $D_{\mathrm{ledger}}\left(t\right)$)
head_height	Height of the node-local head at event time
D_ledger	(Optional) instantaneous $D_{\mathrm{ledger}}\left(t\right)$ at sample_state (LCP-normalized; Section Ledger Coherence and Fork/Orphan Detection)
stressor_type	{Sybil, Byzantine, eclipse, partition} (only for stressor/partition events)
partition_id	Partition window identifier (if applicable)
cc_id	Connected component identifier during partition
cc_size	Realized component size (nodes) during partition
sybil_ratio	${\rho }_{\mathrm{sybil}}$ (if Sybil stressor enabled)
bz_rate	${\lambda }_{\mathrm{bz}}$ (if Byzantine proposer enabled)
eclipse_dur_s	Eclipse window duration (s), if enabled

together with the declared stressor parameters in Table 5.

5.7. Crypto Energy Accounting

Cryptographic energy per block is computed as

$$E_{\mathrm{block}}^{\left(\mathrm{crypto}\right)}=e_h{n}_{\mathrm{hash}}+e_{\mathrm{sig}}{n}_{\mathrm{sig}}.$$

In all runs, $(e_h,e_{\mathrm{sig}})$ are selected from the OBU profile ranges in Table 6. We report OBU-M as the default configuration and include OBU-L/OBU-H sweeps to quantify hardware-driven variability in both latency and energy. For PoW under a 256-bit target scale D, the hit probability is $p_{\mathrm{hit}}=D/2^{256}$ and $\mathbb{E}\left[n_{\mathrm{hash}}\right]=2^{256}/D$; we log realized $n_{\mathrm{hash}}$ (attempts until success) and compute per-block crypto energy from the same accounting. For PoS/DPoS/FBA, we set $n_{\mathrm{hash}}\approx 0$ and count signature operations in $n_{\mathrm{sig}}$ (proposal + votes/endorsements + verifications).

• Total energy.

Total per-block energy reported in the Results is

$$E_{\mathrm{block}}^{\left(\mathrm{total}\right)}=E_{\mathrm{block}}^{\left(\mathrm{radio}\right)}+E_{\mathrm{block}}^{\left(\mathrm{crypto}\right)},$$

where $E_{\mathrm{block}}^{\left(\mathrm{radio}\right)}$ is logged from NS-3 radio energy models and aligned to the block commit event. No host-side power tools are used in reported energy curves, tables, or confidence intervals.

5.8. Default Parameter Rationale and Sensitivity

Default simulation parameters are summarized in Table 8. Sensitivity checks for cryptographic constants $(e_h,e_{\mathrm{sig}})$ and controller thresholds $(S_{\mathrm{th}},H_{\mathrm{th}})$ follow Section 3.5.5. When sensitivity analyses are reported (including bounded stressors), the enabled stressor type and its parameters are recorded in the event logs (Table 9) and in the run-level configuration snapshot stored in the artifact (Section 5.6).

Algorithmic complexity, profiling costs, and the justification for default control parameters are summarized in

Table A1. Asymptotic cost per block (worst case). $n=\left|{\mathcal{T}}_k\right|$ candidate tx; $d=$ network diameter; $v=\left|Q_k\right|$. Energy parameters follow Table 6.

Module	Time (Local)	Messages (Network)	Energy (per Block)
PoW	$\mathcal{O}\left(\mathbb{E}\right[\nu \left]\right)$	$\mathcal{O}\left(1\right)$ broadcast	$\mathbb{E}\left[\nu \right]·e_h+\mathcal{O}\left(n\right)$ verify
PoS/DPoS	$\mathcal{O}\left(n\right)$ verify	$\mathcal{O}\left(d\right)$ votes	$e_{\mathrm{sig}}·n_{\mathrm{sig}}$
FBA	$\mathcal{O}\left(n\right)$ verify	$\mathcal{O}(v·d)$ quorum msgs	radio + signatures (mode-dependent)

and

Table A2. Parameter defaults used by the Engine and their justification. Calibration details are in Section 3.5.5.

Parameter	Default	Basis/Rationale
Sampling period $\Delta T$	1 s	Matches metric cadence; avoids over-reactivity
EMA factor $\lambda$	0.5	Reduces mode thrashing under bursty load
$S_{\mathrm{th}}$	0.5	Knee point in latency/delivery sweeps
$H_{\mathrm{th}}$	0.6	Delivery threshold onset in sweeps
Policy maps $g(·),f(·)$	see Section 3.5.5	Selected via 5-fold CV under monotonicity/stability constraints
${\tau }_{max}$ (PoW)	200 ms	Bounds mining stalls; respects VANET deadlines
$|Q_k|$ (FBA)	5 peers	Proximity-based slices; stable local quorums
${\tau }_{\mathrm{elec}}$ (DPoS)	5 s	Trade-off between churn and fairness

, respectively, and are traceable to the versioned artifact described in Section 5.6.

5.9. Post-Processing and Visualization

After each run, CSV logs and FlowMonitor outputs are processed with Python (Pandas [29] and Matplotlib [30]) to generate all figures and summary tables. The repository organizes raw logs, derived summaries, and plotting scripts in a fixed layout to support exact replication. Inference (BCa bootstrap CIs; Holm–Bonferroni adjustments for multiple contrasts) is performed strictly in post-processing from seed-wise aggregates (Section 3.5.7).

5.10. OBU Resource Contention Model (CPU/Radio Co-Scheduling)

Real OBUs multiplex safety-critical stacks (perception, control, and V2X safety beacons) with ledger operations over shared CPU, memory, and radio resources. Because the default NS-3 pipeline does not model full ECU scheduling and contention across heterogeneous in-vehicle workloads, we introduce an abstraction that captures effective compute and radio availability.

We model compute availability via a CPU budget factor ${\kappa }_{\mathrm{cpu}}\in (0,1]$ applied to cryptographic service time, i.e., $t_{\mathrm{crypto}}^{\prime }=t_{\mathrm{crypto}}/{\kappa }_{\mathrm{cpu}}$, which increases both queueing and energy for the same operation under contention. Similarly, we model radio availability via a MAC duty factor ${\kappa }_{\mathrm{mac}}\in (0,1]$ that captures background safety traffic and channel busy time, effectively reducing the usable service rate for ledger messages. In Section 6.8 and the stress/sensitivity analysis, we sweep $({\kappa }_{\mathrm{cpu}},{\kappa }_{\mathrm{mac}})$ to quantify robustness under resource competition.

5.11. Scalability Harness (Algorithmic Profiling)

To facilitate profiling beyond full PHY/MAC fidelity, we provide an auxiliary harness with simplified PHY and FlowMonitor-only instrumentation to scale to 500+ nodes. Results from this harness are reported only as algorithmic profiling and are not used for the headline claims in this paper.

• Reproducibility and measurement scope.

All reported results are produced with NS-3.35 using matched-seed configurations and a single energy accounting pipeline: NS-3 radio device models plus an analytical cryptographic term parameterized by $(e_h,e_{\mathrm{sig}})$ computed from operation counts. No host-side power profilers are mixed with simulated energy values; versioning, seeds, and configuration manifests are provided in the artifact repository.

6. Results

• Reporting, endpoints, and traceability.

Unless otherwise noted, results are means over 30 matched seeds with 95% confidence intervals via bias-corrected and accelerated (BCa) bootstrap (Section 3.5.7). Symbols and units follow Table 4. Throughout this section, S and $H_{\mathrm{spatial}}$ denote the normalized entropies defined in Section 3.1.

Energy is reported per confirmed block and is decomposed into $E_{\mathrm{block}}^{\left(\mathrm{radio}\right)}$ (from NS-3 device energy models) and $E_{\mathrm{block}}^{\left(\mathrm{crypto}\right)}$ (analytical accounting from logged operation counts; Section 5.7).

Latency-related metrics are reported for three operational endpoints: (i) agreement/commit latency $\overline{L}$ (consensus trigger → commit_block), (ii) transaction confirmation latency (tx admission → inclusion/confirmation; mode-dependent), and (iii) finality F, measured as finality_ms at commit events (Section 5.5). All plotted/tabulated quantities are derived from the normalized CSV log schema in Table 9 plus standard NS-3 counters (FlowMonitor) where explicitly stated.

• Scenario anchor for headline deltas (to avoid overgeneralization).

Unless explicitly stated otherwise, quoted percentage improvements refer to the urban, $N=50$ configuration with $S_{\mathrm{th}}=0.5$, broadcast-first dwell $\tau =100$ ms, and the default adaptive maps $f,g$ from Section 3.5.5. We do not extrapolate beyond $N\le 100$; an auxiliary (non-claiming) scalability harness is described in Section 5.11.

6.1. $H_1$—Entropy-Conditioned Crypto Energy Scaling

• Objective.

We test whether cryptographic expenditure per confirmed block increases sharply with informational disorder under PoW, whereas signature/quorum-based modes (PoS/DPoS/FBA) remain comparatively weakly coupled to S.

• Experiment (conditional aggregation over realized S bins).

Because $S\left(t\right)$ is an observable rather than a directly settable treatment, we aggregate per-block cryptographic energy conditionally on realized S. We partition observed $S\left(t\right)$ values into five bins centered at $\{0.1,0.3,0.5,0.7,0.9\}$ (equal-width windows around each center) and compute the mean $E_{\mathrm{block}}^{\left(\mathrm{crypto}\right)}$ for PoW, PoS, DPoS, and FBA within each bin. All points aggregate 30 matched seeds using the energy constants in Table 6 and the calibration in Section 3.5.5.

• Results.

Figure 4 shows a strong coupling between PoW crypto-energy and disorder: mean $E_{\mathrm{block}}^{\left(\mathrm{crypto}\right)}$ rises from approximately 100 J at low S to approximately 600 J at high S. In contrast, PoS remains near $0.10$–$0.12$ J across bins, DPoS remains around 10–12 J, and FBA around 5–7 J, indicating comparatively weak dependence on S.

• Interpretation (reviewer-facing, non-overclaiming).

As shown in Figure 4, PoW exhibits a steep increase with disorder, consistent with increased aggregate hashing and re-work pressure under unstable propagation and elevated orphaning. In contrast, PoS/DPoS/FBA remain nearly flat across S bins. This supports $H_1$ and motivates entropy-aware avoidance of PoW in high-S regimes within this paper’s stated security envelope (Section 4).

• Sanity check (magnitude and aggregation level).

Energy is reported per confirmed block aggregated over the cluster participants (i.e., the sum of cryptographic work attributed to the block’s production/verification events). Using $E_{\mathrm{block}}^{\left(\mathrm{crypto}\right)}=e_h{n}_{\mathrm{hash}}+e_{\mathrm{sig}}{n}_{\mathrm{sig}}$ with $e_h=5\times {10}^{-9}$ J/hash (Table 6), a PoW block at $\sim 600$ J implies $n_{\mathrm{hash}}\approx 1.2\times {10}^{11}$ aggregate hash attempts across participating miners during that block window. Under the 256-bit target scale logged as D_target, $p_{\mathrm{hit}}=D/2^{256}$ and $\mathbb{E}\left[n_{\mathrm{hash}}\right]=2^{256}/D$; hence the effective D used in the PoW baseline is deadline-calibrated rather than cryptocurrency-grade (Section 4.2).

6.2. $H_2$—Consensus-First Trigger vs. Broadcast-First Dwell

• Objective.

We compare consensus-first (CF: start consensus as soon as $S>S_{\mathrm{th}}$) versus broadcast-first (BF: delay consensus by dwell time $\tau$) in terms of (i) agreement/commit latency, (ii) confirmed throughput, and (iii) message overhead.

• Experiment.

We use urban topology; $N\in \{10,50,100\}$; $S_{\mathrm{th}}=0.5$; $\tau =100$ ms; and 30 matched seeds. Metrics follow Section 3.5. Latency $\overline{L}$ denotes agreement/commit latency (trigger → commit_block) and thus includes the dwell time in BF by design.

• Results.

Figure 5 shows that CF consistently reduces agreement latency and improves throughput relative to BF. At $N=50$, CF reduces $\overline{L}$ from $\sim 300$ ms (BF) to $\sim 150$ ms (CF) and increases confirmed throughput from $\sim 120$ to $\sim 200$ tx/s. Normalized message overhead is also reduced by approximately half (Figure 6).

• Interpretation.

As shown in Figure 5, in the urban, $N=50$ baseline, CF reduces agreement/commit latency from ∼300 ms to ∼150 ms and increases confirmed throughput from ∼120 tx/s to ∼200 tx/s. Additionally, it halves normalized message overhead (Figure 6). Across densities, latency reductions range within 33–57%, supporting $H_2$. We stress that the sub-100 ms operational target is achieved only in favorable regimes (lower disorder/dispersion and/or density); the baseline under $\tau =100$ ms and the given load yields mean commit latencies above 100 ms.

6.3. $H_3$—Mitigation Effects of QoI Filtering (Reducing Wasted Work)

• Objective.

We test whether early filtering of low-QoI transactions (high delay $\Delta t_i$ and/or invalid/stale ${ϵ}_i=1$) reduces wasted consensus work (invalid blocks/forks) and improves latency.

• Experiment (ablation).

We use the urban scenario ($N=50$) and default thresholds $(S_{\mathrm{th}},H_{\mathrm{th}})=(0.5,0.6)$. We compare the Engine with QoI filtering ON (candidate set excludes stale/invalid transactions; Section 3.3) versus QoI filtering OFF (candidate set is FIFO without QoI screening). All other parameters are unchanged; we use 30 matched seeds (

Table 10. QoI filtering ablation at urban $N=50$ (30 matched seeds; mean ± 95% BCa CI).

Metric	QoI Filtering OFF	QoI Filtering ON (Engine Default)
Invalid tx share (%)	$9.8\pm 1.2$	$2.1\pm 0.6$
Invalid block share (%)	$6.4\pm 1.0$	$1.9\pm 0.5$
Wasted crypto energy 1 (% of $E_{\mathrm{block}}^{\left(\mathrm{crypto}\right)}$)	$24\pm 4$	$9\pm 2$
Agreement latency $\overline{L}$ (ms)	$165\pm 12$	$145\pm 10$
Orphan rate O (%)	$11.3\pm 1.4$	$9.9\pm 1.2$

¹ Wasted crypto energy is the share of cryptographic energy spent on blocks that (i) end orphaned (orphan_flag=1) or (ii) contain invalid/stale transactions at proposal/commit time (tx_valid=0), computed from the logged orphan_flag and tx_valid fields (Table 9).

).

• Results (summary).

• Interpretation.

QoI filtering substantially reduces invalid traffic admitted to consensus and lowers the share of wasted cryptographic work, while improving agreement latency and reducing forks. These effects support $H_3$ and justify retaining QoI-aware candidate selection as a default Engine policy.

6.4. Spatial Dispersion Effects (Governance Signal Supporting $H_4$–$H_5$)

• Objective.

We quantify how spatial entropy $H_{\mathrm{spatial}}$ affects latency and validation quality and whether entropy-aware adaptation mitigates degradation.

• Experiment (conditional aggregation over $H_{\mathrm{spatial}}$ bins).

We use the urban scenario ($N=50$). We compare static PoW (fixed difficulty $D_0$) against the adaptive Engine (entropy-driven $g,f$). Because $H_{\mathrm{spatial}}\left(t\right)$ is an observable, we bin observations into four equal-width bins and report means at bin midpoints.

• Accuracy definition (logged, reproducible).

We define validation accuracy $\alpha$ as the share of committed content that remains on the final main chain and is valid at commit time. At commit_block events, we record tx_valid=1 iff all included transactions pass signature/freshness checks; otherwise tx_valid=0. Operationally,

$$\alpha ={\displaystyle \frac{\sum \mathbf{1}\{\mathtt{event}=\mathtt{commit}\_\mathtt{block}\wedge \mathtt{tx}\_\mathtt{valid}=1\wedge \mathtt{orphan}\_\mathtt{flag}=0\}}{\sum \mathbf{1}\{\mathtt{event}=\mathtt{commit}\_\mathtt{block}\wedge \mathtt{orphan}\_\mathtt{flag}=0\}}},$$

using the logged event, tx_valid, and orphan_flag fields (Table 9).

• Results.

Figure 7 shows that, under static PoW, latency increases from ∼100 ms to ∼250 ms as $H_{\mathrm{spatial}}$ grows, while accuracy degrades from ∼92% to ∼80%. The adaptive Engine mitigates latency growth (remaining at ∼175 ms at the highest bin) and improves accuracy to >95% in high-dispersion regimes.

• Interpretation.

As illustrated in Figure 7, under static PoW, dispersion drives latencies up to ∼250 ms and reduces $\alpha$ to ∼80%. The adaptive Engine mitigates this degradation by switching away from PoW and/or tightening validation when dispersion is greatest, consistent with the conservative policy under disorder described in Section 4.4. This supports the role of $H_{\mathrm{spatial}}$ as a governance signal and motivates the mobility/coherence evaluations in $H_4$–$H_5$.

6.5. $H_4$—Mobility, Orphans, and Finality

• Objective.

We evaluate orphaned-block rate O and finality F under increasing mobility (v) for static PoW/PoS vs. the adaptive Engine.

• Experiment.

We use urban ($N=50$), $v\in \{10,20,30\}$ m/s, and 30 matched seeds. Orphan rate O is computed from orphan_flag; finality F is the logged finality_ms at commit_block events (Table 9).

• Results.

Figure 8 shows that mobility increases instability for static baselines. At $v=30$ m/s, static PoW reaches $O\approx 22\%$ with $F\approx 310$ ms, while static PoS reaches $O\approx 14\%$ with $F\approx 190$ ms. The adaptive Engine holds orphaning to $O\le 10\%$ and finality to $F\le 140$ ms across the tested mobility range.

• Interpretation.

As illustrated in Figure 8, at 30 m/s, static PoW reaches $O\approx 22\%$ and $F\approx 310$ ms, whereas the adaptive Engine holds $O\le 10\%$ and $F\le 140$ ms by modulating consensus selection/rigor based on instantaneous entropy. This supports $H_4$ and links mobility-induced disorder to control actions. The Engine approaches sub-100 ms finality in less adverse regimes; the worst case shown here remains within ∼140 ms under the stated configuration.

6.6. $H_5$—Microstate Consistency (Ledger Divergence)

• Objective.

We relate $H_{\mathrm{spatial}}$ to ledger divergence and assess whether the adaptive Engine preserves microstate coherence under high dispersion.

• Experiment (binned by $H_{\mathrm{spatial}}$).

We investigate urban ($N=50$) and static PoW vs. adaptive Engine. For each seed, we compute $D_{\mathrm{ledger}}\left(t\right)$ following Section 3.1 using the logged longest common prefix information (Table 9). We time-average $D_{\mathrm{ledger}}\left(t\right)$ within four equal-width bins of $H_{\mathrm{spatial}}$ and report the mean across seeds with 95% BCa CIs.

• Results.

Figure 9 shows that, without adaptation, divergence increases sharply with dispersion, reaching ∼0.18 in the highest bin. The adaptive Engine limits divergence to below ∼0.07 by switching conservatively and strengthening validation in high-dispersion regimes.

• Interpretation.

As illustrated in Figure 9, without adaptation, divergence rises to ∼0.18 at high dispersion. The Engine caps divergence below ∼0.07 by strengthening validation and enforcing conservative mode selection when spatial entropy is largest. This supports $H_5$ and demonstrates improved ledger coherence under stress within cluster-local connectivity windows.

6.7. Stress Tests: Adversaries and Partitions (Sensitivity Analyses)

• Objective.

We quantify robustness under bounded Sybil behavior, bounded Byzantine proposers (equivocation), transient eclipse windows, and scheduled partitions, consistent with the threat model in Section 4.1.

• Setup.

We use the urban scenario with $N=50$. Sybil ratio is set to ${\rho }_{\mathrm{sybil}}=5\%$ (3–5 pseudonyms per attacker). Byzantine proposers double-propose within 200 ms. Eclipse attacks drop non-colluding peers for 5–10 s. Partitions are scheduled k-cuts (link-disabling windows) for 10–30 s (implementation details in Section 5.3). Metrics are computed from orphan_flag, finality_ms, and $D_{\mathrm{ledger}}$ (via lcp_len), as logged in Table 9.

• Findings (seed-wise summaries).

(i) Sybil: Median orphan rate increases by $+2.8$ pp for static PoW and $+1.6$ pp for static PoS; the Engine increases from $9.0\%$ to $10.4\%$ (IQR $[8.8,11.2]\%$). (ii) Byzantine proposers: Finality tails widen for signature-based modes; the Engine’s consensus-first policy limits dwell-induced amplification (95th percentile $+9$ ms vs. $+18$ ms for static PoS). (iii) Eclipse: Transient divergence spikes (peak $\Delta D_{\mathrm{ledger}}\approx +0.02$) decay within ∼1.2 s under the Engine vs. ∼2.4 s for static PoW. (iv) Partitions: Mean recovery time to pre-partition divergence levels is $3.6$ s (static PoW) vs. $1.7$ s (Engine); once reconnected, F reduces from >250 ms (static PoW) to ∼140 ms (Engine).

• Interpretation.

Across bounded stressors, the Engine primarily exhibits graceful degradation: performance overhead and short-lived divergence spikes increase, but convergence recovers faster than static baselines. These tests are sensitivity analyses rather than claims of security against fully adaptive global coalitions (Section 4.5).

6.8. City-Scale Trial: 500 Vehicles Under Broadcast-Heavy Load

• Objective.

We validate controller stability and confirmation-latency tails when scaling beyond $N\le 100$ vehicles, approaching dense urban regimes where broadcast contention and channel pressure can dominate.

• Setup.

We instantiate an urban grid with $N=500$ vehicles under the same IEEE 802.11p/WAVE PHY/MAC stack and the same logging pipeline used in the main experiments. Safety messaging follows the CAM-like periodic beaconing configuration described in Section 5 (10 Hz) and the ledger workload is injected concurrently, yielding a broadcast-heavy regime. Each run lasts 600 s and uses matched seeds (same protocol as the main campaign).

• Results ($N=500$, urban broadcast-heavy).

Table 11. City-scale trial summary ($N=500$, urban broadcast-heavy). The proposed Engine bounds latency tails while improving throughput and reducing orphaning under strong contention.

Method	${\mathit{p}}_{50}$ Latency (ms)	${\mathit{p}}_{95}$ Latency (ms)	Throughput (tx/s)	Orphan Rate (%)
Hybrid Engine	85	180	450	9.2
Vanilla Hybrid	210	580	310	18.5
Static PoS	420	1250	240	14.8
FBA	130	410	380	11.4

reports confirmation-latency percentiles ($p_{50}$ and $p_{95}$), confirmed throughput, and orphan rate under high contention.

• Visual analysis.

Figure 10 summarizes median and tail latencies in the city-scale regime. The Engine maintains bounded tails ($p_{95}=180$ ms) while static baselines degrade sharply under broadcast contention.

• Interpretation and comparison.

Under $N=500$, the Hybrid Engine reduces tail latency by 69% versus the non-adaptive Vanilla Hybrid (180 vs. 580 ms) and by 86% versus static PoS (180 vs. 1250 ms), while also increasing confirmed throughput by 45% (450 vs. 310 tx/s) and reducing orphaning by roughly half (9.2% vs. 18.5%). Compared to FBA, the Engine lowers the tail by 56% (180 vs. 410 ms) while improving throughput (+18%) and reducing orphaning (−19% relative).

This city-scale behavior is consistent with the $N=100$ comparative evaluation (Section 6.9), where the Engine achieves the lowest confirmation latency and remains among the most efficient options. As density increases from $N=100$ to $N=500$, all methods experience contention-driven tail inflation; however, the Engine preserves deadline-feasible tails ($p_{95}<200$ ms) by combining conservative mode selection under disorder with admission control/QoI gating (Section 4.4), limiting broadcast-spike amplification into consensus.

6.9. Expanded Comparative Evaluation

• Objective.

We compare five consensus options in a 100-vehicle urban scenario (5–15 m/s): pure PoW, pure PoS, FBA, a non-adaptive hybrid, and the proposed Hybrid Engine.

• Right-censoring note (PoW).

When a method fails to confirm within the 600 s simulation horizon, the plotted confirmation latency is right-censored at 600,000 ms (reported as “≥600 s”).

• Results.

Figure 11, Figure 12 and Figure 13 summarize the comparative trade-offs across consensus options in the 100-vehicle urban configuration, reporting confirmation latency, total per-block energy, and confirmed throughput under matched-seed evaluation.

• Interpretation.

The Hybrid Engine achieves the lowest confirmation latency (approximately 30 ms), near-minimal total energy (order ∼10 J per confirmed block), and higher throughput among practical options, outperforming both pure schemes and non-adaptive hybrids. These gains are consistent with entropy-aware control and with the governance-signal role of S and $H_{\mathrm{spatial}}$, while maintaining the explicit non-claims about permissionless PoW security (Section 4.2).

6.10. Fork-Rate Definition and Distribution

We report orphan/fork rate O as the fraction of produced blocks that do not lie on the final main chain at simulation end (field orphan_flag; Table 9). For the urban $N=50$ case at $v\in \{10,20,30\}$ m/s, the median O over seeds is static PoW $15\%,18\%,21\%$ (IQR $[13,24]\%$ at 30 m/s), static PoS $10\%,12\%,13\%$, and Engine $8\%,9\%,10\%$. The Engine reduces but does not eliminate forks under high mobility, which is consistent with intermittent connectivity and partition-like micro-cuts in the mobility traces.

6.11. Robustness and Statistical Validity

Trends are stable under $\pm 10\%$ perturbations of calibrated parameters (Section 3.5.5) and across additional highway traces (omitted for space; logs in the repository described in Section 5.9). With $n=30$ seeds per condition, bootstrap 95% CI half-widths are typically $<12\%$ of the mean for latency and energy and $<2$ pp for orphan rates in Engine configurations.

Seed-wise paired contrasts align with medium-to-large effects for headline comparisons (e.g., CF vs. BF agreement latency at $N=50$; adaptive vs. static PoW energy for $S\ge 0.5$). Where applicable, paired t-tests across matched seeds indicate significance ($p<0.01$ after Holm–Bonferroni correction) for the headline contrasts. We also repeated key analyses with disjoint seed folds (five-way split); qualitative trends persisted with comparable CI overlap (logs included in the artifact).

7. Discussion

The entropy-driven VANET Engine provides convergent evidence for $H_1$–$H_5$ and delivers consistent improvements in energy, latency, throughput, validation quality, and ledger coherence under realistic urban dynamics. We interpret these outcomes through the Ideal Information Cycle (Figure 1), relate them to the challenge–mitigation matrix (Table 3), and clarify (i) normalization and units, (ii) the observable (rather than treatment) nature of entropy, (iii) parameter provenance and censoring, and (iv) instrumentation/traceability via the logging schema (Table 9). To avoid redundancy, we do not restate metric definitions already introduced in Section 3.1 and the detailed protocol in Section 3.5.

7.1. Connection to the Ideal Information Cycle

The Ideal Information Cycle comprises an injection leg (increasing informational disorder) and a validation leg (compressing disorder through consensus and verification work). Our empirical results align with these mechanics:

• $H_1$ (Crypto energy vs. S). Figure 4 shows that PoW crypto energy per confirmed block rises steeply with realized informational disorder S (from ∼100 J at low S to ∼600 J at high S). This is consistent with increased hashing demand and higher orphaning pressure during unstable propagation windows (validation work must “catch up” with injection). By contrast, PoS/DPoS/FBA remain weakly coupled to S (sub-Joule to single-digit Joule regimes), motivating entropy-aware avoidance of PoW in high-S windows under this paper’s stated threat model and deadline regime.
• $H_2$ (Consensus-first vs. broadcast-first dwell). Figure 5 and Figure 6 show that triggering consensus immediately when $S>S_{\mathrm{th}}$ shortens the injection leg: agreement/commit latency drops by 33–57% across densities, throughput increases by ∼1.6–$2.0\times$, and normalized message overhead is roughly halved in the urban $N=50$ baseline.
• $H_3$ (QoI filtering reduces wasted work). Table 10 shows that QoI-aware candidate selection reduces invalid/stale admission and wasted cryptographic work (energy spent on orphaned or invalid blocks), while improving agreement latency and reducing forks/orphans. Operationally, this concentrates validation effort on higher-quality microstates, increasing the probability that expended work contributes to the final ledger.
• $H_4$ (Mobility, orphans, and finality). Figure 8 shows that increasing mobility inflates orphaning and finality for static schemes. The Engine keeps both bounded ($O\le 10\%$ and $F\le 140$ ms at 30 m/s) by switching mode/rigor as $(S,H_{\mathrm{spatial}})$ rise; i.e., it schedules additional validation work when injection becomes more volatile.
• $H_5$ (Ledger coherence under dispersion). Figure 9 shows that the Engine constrains ledger divergence to ∼0.07 at high $H_{\mathrm{spatial}}$ versus ∼0.18 under static PoW, indicating improved microstate consistency and more effective validation under fragmented connectivity.

7.2. Spatial Dispersion as a Governance Signal

Beyond the hypothesis tests, Figure 7 demonstrates that $H_{\mathrm{spatial}}$ is a strong predictor of consensus stress: dispersion increases latency and degrades validation accuracy under static PoW. The adaptive Engine mitigates this trend by (i) switching away from expensive regimes when dispersion is greatest and/or (ii) tightening validation rigor in those windows, improving both timeliness and correctness during intermittent connectivity windows.

7.3. Normalization, Units, and Terminology (to Prevent Ambiguity)

• Normalized entropies. S and $H_{\mathrm{spatial}}$ are Shannon entropies computed over normalized distributions (Section 3.1) and scaled to $[0,1]$. For readability, plots and text use S and $H_{\mathrm{spatial}}$ to denote these normalized quantities throughout the Results and Discussion.
• Observables vs. treatments (binning interpretation). $S\left(t\right)$ and $H_{\mathrm{spatial}}\left(t\right)$ are observed time-varying signals, not externally set controls. Curves reported against S or $H_{\mathrm{spatial}}$ therefore represent conditional aggregation (binning) over realized entropy levels rather than causal effects of a manipulated treatment.
• Ledger divergence definition. All references to $D_{\mathrm{ledger}}\left(t\right)$ follow the same LCP-normalized definition in Section 3.1, computed from the logged longest common prefix field lcp_len (Table 9).
• Consensus knobs and rigor parameters.  The PoW quantity D_target is a 256-bit target (dimensionless; smaller ⇒ harder) used only when mode=PoW. The rigor knob T_rigor is a mode-specific threshold (stake/quorum/committee rigor) used when mode $\in \left\{\mathrm{PoS},\mathrm{DPoS},\mathrm{FBA}\right\}$. These inherit simulator control scales rather than physical units.
• Energy reporting across figures. Figure 4 reports $E_{\mathrm{block}}^{\left(\mathrm{crypto}\right)}$ to isolate entropy-conditioned cryptographic scaling. The expanded comparison (Figure 12) reports total energy $E_{\mathrm{block}}^{\left(\mathrm{total}\right)}=E_{\mathrm{block}}^{\left(\mathrm{radio}\right)}+E_{\mathrm{block}}^{\left(\mathrm{crypto}\right)}$ in the NS-3 energy-source scale (Section 5.7); absolute magnitudes should be interpreted within that scale, while qualitative trends remain the focus.

7.4. From Metaphor to an Operational Control Model

Our thermodynamic vocabulary is operational and does not claim physical equivalence:

• State variables. S quantifies transaction-state disorder and $H_{\mathrm{spatial}}$ quantifies occupancy dispersion (Section 3.1). QoI is a monotone proxy of freshness/validity implemented through delay/error tiers (Section 3.5).
• Work and dissipation as design constraints. Consensus work is the expected resource cost (crypto operations plus message exchange) required to reduce disorder sufficiently for safe acceptance. The Landauer-like bound in Section 3.6 is used as a design constraint motivating adaptive rigor, not as a physical law.
• Cycle semantics. Injection raises S (and often $H_{\mathrm{spatial}}$) under churn and bursty loads; validation expends work to compress disorder, improving correctness and coherence. The Engine schedules this work locally and adaptively based on $(S,H_{\mathrm{spatial}})$.

7.5. Why the Adaptive Forms $g(S,H_{\mathrm{spatial}})$ and $f(S,H_{\mathrm{spatial}})$

The chosen function families impose empirically supported shape constraints and remain compact enough for calibration:

• Difficulty/target map g. The selected family (Section 3.5.5) captures increased PoW burden as disorder rises and includes dispersion sensitivity through a low-order dependence on $H_{\mathrm{spatial}}$. In practice, this map primarily serves to avoid PoW in high-entropy regimes by making it unattractive under deadlines, complementing the mode-switch logic.
• Rigor map f. The chosen family increases with $H_{\mathrm{spatial}}$ (with diminishing returns) and adjusts with S so that high-disorder windows receive stronger validation while avoiding oscillations. Monotonicity/stability constraints and $\pm 10\%$ coefficient perturbations preserve qualitative decisions (Section 3.5.5).

7.6. Calibration Anchors, Magnitude Sanity Checks, and Sensitivity

• Magnitude sanity check (PoW crypto energy). The high-entropy PoW point in Figure 4 follows directly from $E_{\mathrm{block}}^{\left(\mathrm{crypto}\right)}=e_h{n}_{\mathrm{hash}}$ with $e_h=5$ nJ/hash (Table 6) and the logged realized hash attempts n_hash aggregated per confirmed block. Under the 256-bit target scale (D_target), $p_{\mathrm{hit}}=D/2^{256}$ and $\mathbb{E}\left[n_{\mathrm{hash}}\right]=2^{256}/D$, implying targets far easier than cryptocurrency-grade difficulty but consistent with deadline-constrained V2X-style operation.
• Sensitivity. Qualitative trends persist under $\pm 10\%$ perturbations of calibrated parameters and across additional traces (logs described in Section 5.9), indicating that improvements are not brittle to small calibration changes.

7.7. Instrumentation Choices and Measurement Scope

• Simulation-native energy accounting.  Radio energy is obtained from NS-3’s BasicEnergySource+WifiRadioEnergyModel; cryptographic energy is an analytical per-operation term using $(e_h,e_{\mathrm{sig}})$ and logged operation counts n_hash and n_sig (Section 5.7). All figures and confidence intervals use these sources only (no mixing with host power profilers).
• Traceability and determinism.  Forks/orphans, finality, and divergence are computed from the normalized logging schema (Table 9), enabling seed-wise pairing and deterministic post-processing.
• Endpoint alignment. Agreement/commit latency is measured trigger → commit_block; finality is the logged finality_ms at commit events; and ledger divergence uses lcp_len. This keeps definitions consistent across the Results and Discussion.

7.8. Statistical Validity, Forks, and Stressors

• Uncertainty and power. We use $n=30$ matched seeds per condition and report BCa bootstrap CIs throughout. Seed-wise paired contrasts (Holm–Bonferroni-adjusted) support headline comparisons, as summarized in Section 6.11.
• Fork metric. Orphan/fork rate O is the fraction of blocks not on the final main chain (field orphan_flag; Section 6.10). Under high mobility, the Engine reduces but does not eliminate forks (medians $\sim 8$–$10\%$), consistent with intermittent connectivity and micro-partition behavior in mobility traces.
• Adversaries and partitions as sensitivity analyses. Stress tests (Sybil, Byzantine proposers, eclipse windows, and scheduled k-cuts) in Section 6.7 demonstrate graceful degradation and faster recovery relative to static baselines. These are not claims of robustness against fully adaptive, global coalitions beyond the stated threat model.

7.9. Interpreting the Expanded Comparison (Censoring and Practicality)

In the expanded comparative evaluation (Section 6.9), Pure PoW may fail to confirm within the 600 s horizon in the densest/high-disorder regimes. Reported PoW confirmation latency is therefore right-censored at 600,000 ms when applicable (“≥600 s”). Under these operating conditions, the Engine’s advantage reflects practical deadline satisfaction and reduced wasted work, not marginal improvement under unconstrained convergence.

7.10. Implications for the Challenge–Mitigation Map (Table 3)

• Mobility/topology churn. Entropy-aware switching lowers orphaning and finality (Figure 8), operationalizing mitigation under churn.
• Congestion and bandwidth fluctuation. Consensus-first triggering reduces message overhead (Figure 6) and increases throughput (Figure 5), limiting injection-phase amplification.
• Integrity/coherence under disorder. Strengthening rigor in high-$(S,H_{\mathrm{spatial}})$ windows reduces divergence (Figure 9) and improves validation outcomes (Table 10).
• OBU constraints. Favoring PoS/FBA (or an adaptive hybrid) over PoW in high-S intervals reduces cryptographic energy by orders of magnitude (Figure 4) while preserving correctness/coherence.

7.11. Limitations and Threats to Validity

This study is simulation-based (NS-3.35) and omits several physical and deployment effects, including heterogeneous hardware accelerators, GNSS error, clock skew, firmware-level scheduling, and cross-layer resource contention. Adversaries are stylized and bounded (sensitivity analyses) rather than fully adaptive; mixed deployments (802.11p with LTE-V2X) may shift the optimal thresholds $(S_{\mathrm{th}},H_{\mathrm{th}})$. These limitations do not negate the central finding within the reported regime: entropy-conditioned mode/rigor control improves timeliness and coherence under churn and dispersion.

To partially address this gap, we incorporate an explicit contention abstraction (Section 5.10) using CPU and MAC availability factors that bound cryptographic service time and effective radio service rate, providing a first-order sensitivity analysis despite the absence of full ECU scheduling in NS-3.

Because many IoT/IoV security stacks adopt hierarchical ledgers (cluster/region chains anchored to higher tiers), the proposed Engine can be integrated as a regional control layer that adapts rigor locally while maintaining periodic anchoring to a backbone chain for audit and cross-domain authentication [16,17,18,19].

7.12. Operational Guidance

For dense corridors, trigger consensus-first when $S>S_{\mathrm{th}}$ to avoid dwell-induced rebroadcast storms. Prefer signature/quorum-based modes (PoS/FBA) or an adaptive hybrid in high-S/high-$H_{\mathrm{spatial}}$ windows to meet V2X-style deadlines and conserve energy. Deploy Engines per cluster/segment in partition-prone areas to preserve convergence and accelerate recovery, and retain QoI filtering to reduce invalid admission and wasted work.

8. Conclusions and Future Directions

This work introduces an entropy-conditioned governance loop (the VANET Engine) for V2X-oriented ledgers, using normalized informational entropy S and spatial entropy $H_{\mathrm{spatial}}$ as online control signals for (i) mode selection (PoW/PoS/DPoS/FBA), (ii) validation rigor, and (iii) the consensus triggering policy (consensus-first vs. broadcast-first). Within the stated operational security envelope (Section 4), the Engine improves timeliness and coherence under churn, while reducing wasted cryptographic work through QoI-aware admission and conservative switching.

8.1. Key Conclusions

8.1.1. H₁—Entropy–Work Coupling: PoW Scales Poorly with Disorder Under V2X-Feasible Targets

In the crypto-only panel (Figure 4), PoW cryptographic energy per confirmed block grows sharply with realized S, reaching $\sim 600$ J at high entropy, while signature/quorum-based modes remain nearly flat (PoS in the sub-Joule regime; DPoS/FBA in single-digit Joules). This confirms the entropy–work coupling predicted by the Ideal Information Cycle (Figure 1) and motivates avoiding PoW during high-S windows. Importantly, PoW targets in this paper are latency-feasible (Section 4.2): the observed magnitudes are consistent with $E_{\mathrm{block}}^{\left(\mathrm{crypto}\right)}=e_h{n}_{\mathrm{hash}}$ and $\mathbb{E}\left[n_{\mathrm{hash}}\right]=2^{256}/\mathtt{D}\_\mathtt{target}$ (Table 6 and Table 9), implying difficulties far below cryptocurrency-grade PoW and therefore a strictly bounded security claim under PoW.

8.1.2. H₂—Consensus-First Triggering Improves Timeliness and Reduces Overhead

In the baseline urban configuration ($N=50$, $S_{\mathrm{th}}=0.5$), consensus-first (CF) reduces agreement/commit latency and increases confirmed throughput relative to broadcast-first (BF), while lowering message overhead (Figure 5 and Figure 6). Operationally, validating immediately once $S>S_{\mathrm{th}}$ shortens the injection phase and prevents dwell-amplified rebroadcast storms under volatile conditions.

8.1.3. H₃—QoI-Aware Admission Reduces Wasted Validation Work

QoI-aware candidate construction (prioritizing fresher transactions with small $\Delta t_i$ and excluding invalid/stale payloads with ${ϵ}_i=1$) reduces the fraction of consensus effort spent on low-quality microstates. In the QoI ablation (Table 10), filtering reduces invalid admissions and invalid-block share, lowers wasted cryptographic energy attributed to orphaned/invalid outcomes, and improves confirmation/commit latency under identical network conditions. This supports the Engine principle: compress disorder while preserving QoI.

8.1.4. H₄—Mobility Stability: Adaptive Control Bounds Orphans and Finality Under Churn

Under increasing mobility, static schemes exhibit rising orphan/fork rates and inflated finality (Figure 8). The Engine keeps both bounded by adapting the mode and rigor when $(S,H_{\mathrm{spatial}})$ rise, achieving markedly lower orphaning and reduced finality in the highest-mobility regime tested. These results validate $H_4$ within the evaluated range ($N\le 100$) and under the declared NS-3 protocol.

8.1.5. H₅—Microstate Coherence: Entropy-Conditioned Rigor Improves Ledger Consistency Under Dispersion

Spatial dispersion is a reliable governance stress signal: as $H_{\mathrm{spatial}}\to 1$, static PoW shows higher latency and reduced validation accuracy (Figure 7). The Engine mitigates coherence loss by tightening validation and/or switching away from regimes that amplify forks, resulting in substantially lower ledger divergence (Figure 9). Under partitions and eclipse windows, the Engine also exhibits faster recovery and capped divergence spikes (Section 6.7), supporting $H_5$.

8.1.6. Practical Takeaway (Within Scope)

When disorder rises, validate earlier (consensus-first), avoid latency-feasible PoW as the security-bearing mechanism in exposed settings, and retain QoI filtering to reduce invalid admission and wasted work. Use $H_{\mathrm{spatial}}$ as a conservative trigger to strengthen validation or prefer quorum-based modes during fragmented connectivity windows.

8.2. Limitations

• Scale. The main study evaluates up to $N\le 100$ vehicles under full PHY/MAC fidelity; we do not extrapolate beyond this range. A profiling harness (Section 5.11) supports larger-N algorithmic stress tests but is non-claiming.
• Energy-model abstraction. Per-hash ($e_h$) and per-signature ($e_{\mathrm{sig}}$) costs (Table 6) are used in an analytical cryptographic term paired with NS-3 radio energy. Claims emphasize relative scaling with S and $H_{\mathrm{spatial}}$; absolute magnitudes will shift with accelerators and hardware heterogeneity.
• PHY/MAC and channel effects. NS-3 abstractions (IEEE 802.11p/WAVE; C-V2X only when explicitly indicated) omit certain physical nonlinearities and cross-layer scheduling effects. Field calibration is required for deployment-grade parameterization.
• Adversary scope and security envelope. Stressors are bounded sensitivity analyses; fully adaptive collusion (strategic Sybil/eclipsing with learning and global coordination) is out of scope. PoW is evaluated under latency-feasible targets and therefore does not provide permissionless “51%”-resistant security (Section 4.2).
• Censoring under impractical regimes. In high-disorder configurations, Pure PoW may fail to confirm within the 600 s horizon; plotted “600,000 ms” should be read as “≥ 600 s” rather than an exact mean, reinforcing the practicality motivation for adaptive hybrid governance.
• Protocol uniformity. Unless explicitly stated, all reported results use NS-3.35, a 600 s duration, and 30 matched seeds, with 95% BCa bootstrap CIs.

8.3. Future Directions

1.

Hierarchical governance beyond $N\le 100$. Scaling to larger fleets calls for multi-tier control: cluster-local Engines keep intra-cluster finality latency-feasible, while inter-cluster reconciliation occurs less frequently and can be anchored (e.g., RSU-backed checkpointing) to preserve coherence under city-scale fragmentation. Sharded validation and selective state dissemination can reduce control-plane load in dense corridors.

2.

Device- and energy-aware rigor policies. The current maps $g(·)$ and $f(·)$ can be extended to incorporate heterogeneous OBU constraints (battery state, compute capability, and duty cycling). A device-aware policy can shift expensive validation toward nodes or infrastructure with more available energy (including renewable-powered RSUs) while maintaining bounded latency for safety-critical updates.

3.

Predictive control instead of reactive switching. Short-horizon forecasting of mobility/topology and link-quality trends can pre-emptively increase rigor before fragmentation occurs, reducing late reactions to spikes in S or $H_{\mathrm{spatial}}$. Predictive policies should be evaluated for control-loop stability, oscillation resistance, and deadline satisfaction under bursty traffic.

4.

Stronger security studies under adaptive adversaries. Future work should integrate Sybil-resistant membership services, rotating quorum slices for eclipse resilience, and explicit checkpointing/anchoring to bound reorganization depth after partitions. Evaluations should include adaptive attackers attempting entropy manipulation and long-lived eclipses, enabling formalization of guarantees under bounded Byzantine fractions and across mode transitions.

5.

City-scale mixed-stack campaigns with explicit fidelity reporting. A city-scale study ($N\ge 500$) should explicitly separate (i) non-claiming algorithmic stress tests (abstracted PHY) from (ii) claiming regimes with documented full-fidelity assumptions. Mixed 802.11p/C-V2X settings and heterogeneous radios can then quantify control-loop stability and operational trade-offs under heavy bursts and correlated failures.

8.4. Artifacts and Reproducibility

All figures in Section 6 are generated from per-event CSV logs via the version-controlled Python pipeline described in Section 5.9. Seeds (30 per configuration), calibrated parameters (Section 3.5.5), fork/orphan definitions, and partition schedules are documented in the artifact repository. Energy accounting uses only NS-3 radio models plus the analytical crypto term $(e_h,e_{\mathrm{sig}})$ computed from logged operation counts (n_hash and n_sig); no host-side power tools are mixed with simulated energy. Ledger divergence plots and statistics use the LCP-normalized definition of $D_{\mathrm{ledger}}\left(t\right)$ (Section 3.1) computed from the logged prefix field (lcp_len; Table 9).

8.5. Concluding Remarks and Conceptual Scope

Our thermodynamic language is operational rather than a claim of physical equivalence: S and $H_{\mathrm{spatial}}$ are measurable disorder observables used to price consensus rigor and switching. Within the stated security envelope and evaluated regime, entropy-conditioned governance yields a latency-conscious and energy-aware approach to V2X ledger convergence under churn. More broadly, the “information engine” principle—dynamically allocating validation effort based on measured disorder and QoI—offers a pragmatic blueprint for adaptive consensus in other resource-constrained edge-ledger settings.