Skip to content

AP3 - Binaries

AP3 protocol requires high-performance privacy protocols as binaries to perform secure computations between agents enabling secure collaboration. Companies need to trust these binaries while maintaining security and auditability.

This document is a starting point and a high-level overview of strategies for secure distribution and verification.

Note

Currently, different protocol binaries are built and distributed by Silence Laboratories. AP3 ecosystem will support more protocol binaries in the future.

Challenge

  • Trust: Companies don't want to use black-box binaries
  • Security: Need to verify the code hasn't been compromised
  • Auditability: Companies want to review and build from source
  • Performance: Rust implementation provides necessary speed
  • Integration: Must work seamlessly with AP3 agents

Distribution Strategies

Strategy 1: Open Source with Reproducible Builds

Benefits

  • Full Transparency: Complete source code available
  • Reproducible Builds: Deterministic compilation
  • Community Audits: Open source community can review
  • Self-Building: Companies can build themselves

Verification Process

# Company verification workflow
1. Clone repository from official source
2. Verify commit signatures
3. Review source code
4. Build in isolated environment
5. Compare binary hash with published hash
6. Run test suite
7. Deploy to production

Strategy 2: Multi-Signature Binary Distribution

Implementation

# Binary verification system
class BinaryVerification:
    def __init__(self):
        self.trusted_signers = [
            "privacy-protocol-consortium",
            "mozilla-foundation",
            "linux-foundation",
            "google-security-team"
        ]

    def verify_binary(self, binary_path, signatures):
        """Verify binary against multiple trusted signatures."""
        for signer in self.trusted_signers:
            if not self.verify_signature(binary_path, signatures[signer]):
                return False
        return True

Benefits

  • Multi-Party Trust: Multiple organizations verify
  • Cryptographic Proof: Digital signatures ensure integrity
  • Convenience: Companies can use pre-built binaries
  • Trust Network: Leverages existing trust relationships

Strategy 3: Hardware Security Module (HSM) Attestation

Implementation

// Rust library with HSM attestation
#[no_mangle]
pub extern "C" fn ppap_psi_compute(
    input_data: *const u8,
    input_size: usize,
    output_data: *mut u8,
    attestation: *mut AttestationData
) -> i32 {
    // Generate HSM attestation
    let attestation_data = hsm_generate_attestation();

    // Perform PSI computation
    let result = psi_compute(input_data, input_size);

    // Store attestation
    unsafe {
        *attestation = attestation_data;
        std::ptr::copy_nonoverlapping(result.as_ptr(), output_data, result.len());
    }

    0 // Success
}

#[repr(C)]
pub struct AttestationData {
    pub measurement: [u8; 32],      // Code measurement
    pub signature: [u8; 64],        // HSM signature
    pub timestamp: u64,             // Attestation timestamp
    pub hsm_certificate: [u8; 512], // HSM certificate chain
}

Benefits

  • Hardware Trust: HSM provides tamper-proof attestation
  • Runtime Verification: Can verify at runtime
  • Code Integrity: Proves code hasn't been modified
  • Audit Trail: Cryptographic proof of execution

Strategy 4: Formal Verification and Certification

Implementation

// Formally verified PSI implementation
#[cfg(feature = "formal-verification")]
mod verified_psi {
    use creusot_contracts::*;

    #[requires(input_a.len() > 0 && input_b.len() > 0)]
    #[ensures(result.len() <= input_a.len().min(input_b.len()))]
    #[ensures(forall<i: Int> result[i] in input_a && result[i] in input_b)]
    pub fn compute_intersection(
        input_a: &[u64],
        input_b: &[u64]
    ) -> Vec<u64> {
        // Formally verified PSI implementation
        // Properties proven:
        // 1. Output is subset of both inputs
        // 2. No information leakage beyond intersection
        // 3. Correctness of intersection computation
        todo!()
    }
}

Benefits

  • Mathematical Proof: Formal verification of correctness
  • Security Guarantees: Proven security properties
  • Certification: Third-party security certification
  • Compliance: Meets regulatory requirements

Security Considerations

1. Supply Chain Security

  • Source Code Review: Companies can review all source code
  • Build Verification: Reproducible builds ensure no tampering
  • Signature Verification: Multiple trusted signatures
  • Audit Trail: Complete history of changes

2. Runtime Security

  • HSM Attestation: Tamper-proof execution proof
  • Memory Protection: Secure memory handling
  • Input Validation: Robust input sanitization
  • Error Handling: Secure error reporting

3. Update Security

  • Incremental Updates: Only necessary changes
  • Rollback Capability: Ability to revert updates
  • Update Verification: Verify updates before installation
  • Notification System: Alert about security updates

This approach gives companies the flexibility to choose their preferred level of verification while maintaining the highest security standards. Companies that want full control can build from source, while others can use the convenience of pre-built binaries with strong cryptographic guarantees.

The key is providing multiple trust mechanisms so companies can choose the approach that best fits their security requirements and operational constraints.