Skip to content

api-billing-v2 attack matrix

Machine-readable catalog: protocol/conformance/billing-v2-conformance.json
Integration enforcement: verifier-api/tests/billing-pilot.integration.test.js (15/15)

Scope

In scopeOut of scope (this matrix)
POST /api/vdi/billing/attestGeneric VDI causal/enforced-policy circuits
POST /api/vdi/billing/verifyFrontend dashboard UX
Replay guard + transparency logStripe/PSP charge capture
Meter envelope trust anchorsLegal interpretation of tariffs
Phase-2 in-circuit binding (apiBillingV2)Multi-host adversarial MPC ceremony

Adversary model: PPT attacker with visibility into bundles and API traffic; can submit malformed/tampered payloads; cannot break Ed25519 EUF-CMA or Groth16 soundness except with negligible probability.

Attack matrix

IDThreatAttacker actionExpected resultTest / vector
BV2-HAPPY-01Forged “valid” bundle without cryptoHonest attest → verifyverification.valid + billing_check.validIntegration: happy path
BV2-REPLAY-01Double-spend same usage eventSame event_id + tenant + window twiceHTTP 400, replay detectedIntegration: duplicate event_id
BV2-REPLAY-02Crash after reserve, before commitStale reserved row blocks foreverExpired row reclaimed; attest succeedsIntegration: crash simulation
BV2-REPLAY-03Race duplicate attestConcurrent POSTs, same event_idExactly one 200, one 400Integration: concurrent duplicate
BV2-TAMPER-01Dispute-time fingerprint swapVerify with tampered expected_billing_v2Attestation OK; billing_check.valid: falseIntegration: tampered fingerprint
BV2-METER-01Untrusted meter signingValid envelope from trusted kidHTTP 200Integration: meter_envelope
BV2-METER-02Rogue meter keyEnvelope signed with untrusted kidHTTP 400Integration: bad kid
BV2-STRICT-01Weak authority on strict profileAttest under VDI_VERIFY_STRICT_V1Authority binding step passes when configuredIntegration: strict profile
BV2-LOG-01Equivocation / missing transparencyAuditor reads log headSigned checkpoint + Merkle root publishedIntegration: transparency head
BV2-REVOC-01Stale revocation for strict verifyFetch /.well-known/vdi-billing-revocation.jsonJSON feed with snapshotTimeIntegration: revocation feed
BV2-INCIRCUIT-01Commitment substitutionEnable Phase-2 binding; verify bundleincircuit_binding_verification.valid: trueIntegration: incircuit happy
BV2-INCIRCUIT-02Proof vs commitment mismatchTamper expected_public_commitmentsIn-circuit verify fails closedIntegration: incircuit tamper
BV2-EVAL-01Non-deterministic chargeSame meter + tariffSame expected_charge_microsConformance: pilot_linear_charge
BV2-EVAL-02Min-charge bypassLow usage below floorCharge clamps to min_charge_microsConformance: min_charge_floor
BV2-EVAL-03Max-charge bypassAbsurd usageCharge clamps to max_charge_microsConformance: max_charge_cap
BV2-ART-01Silent artifact substitutionBoot with wrong WASM/zkey/vkeyStartup validator rejects mismatchartifactValidator.js + conformance pins
BV2-PERF-01DoS via slow attest (ops)Warm attest floodWall time ≤ 8s CI budgetIntegration: perf budget

What we do not claim

ClaimReality
“Mathematical certainty of legal compliance”Proofs show encoded circuit/manifest checks passed under stated assumptions
“Impossible to bill incorrectly”Wrong tariff authoring or meter input errors are outside the proof relation
“MPC eliminates all trusted-setup risk”Phase-2 ceremony was 3 contributors on one machine; adversarial MPC is a disclosed gap
“Verification works forever unconditionally”Profiles may require revocation snapshots; expired attestations fail policy checks by design

Reproduce gates

bash
# Offline conformance (deterministic evaluator + artifact pins)
cd protocol && node --test test/conformance-billing-v2.test.js

# Full HTTP attack matrix (PostgreSQL required)
cd verifier-api && npm run test:billing-pilot

# Artifact hashes (copy-paste)
bash scripts/verify-artifact-hashes.sh

See Artifact hash commands and Security disclosure.

Verification keys are embedded in attestations. The verifier is open source.