api-billing-v2 attack matrix
Machine-readable catalog: protocol/conformance/billing-v2-conformance.json
Integration enforcement: verifier-api/tests/billing-pilot.integration.test.js (15/15)
Scope
| In scope | Out of scope (this matrix) |
|---|---|
POST /api/vdi/billing/attest | Generic VDI causal/enforced-policy circuits |
POST /api/vdi/billing/verify | Frontend dashboard UX |
| Replay guard + transparency log | Stripe/PSP charge capture |
| Meter envelope trust anchors | Legal interpretation of tariffs |
Phase-2 in-circuit binding (apiBillingV2) | Multi-host adversarial MPC ceremony |
Adversary model: PPT attacker with visibility into bundles and API traffic; can submit malformed/tampered payloads; cannot break Ed25519 EUF-CMA or Groth16 soundness except with negligible probability.
Attack matrix
| ID | Threat | Attacker action | Expected result | Test / vector |
|---|---|---|---|---|
| BV2-HAPPY-01 | Forged “valid” bundle without crypto | Honest attest → verify | verification.valid + billing_check.valid | Integration: happy path |
| BV2-REPLAY-01 | Double-spend same usage event | Same event_id + tenant + window twice | HTTP 400, replay detected | Integration: duplicate event_id |
| BV2-REPLAY-02 | Crash after reserve, before commit | Stale reserved row blocks forever | Expired row reclaimed; attest succeeds | Integration: crash simulation |
| BV2-REPLAY-03 | Race duplicate attest | Concurrent POSTs, same event_id | Exactly one 200, one 400 | Integration: concurrent duplicate |
| BV2-TAMPER-01 | Dispute-time fingerprint swap | Verify with tampered expected_billing_v2 | Attestation OK; billing_check.valid: false | Integration: tampered fingerprint |
| BV2-METER-01 | Untrusted meter signing | Valid envelope from trusted kid | HTTP 200 | Integration: meter_envelope |
| BV2-METER-02 | Rogue meter key | Envelope signed with untrusted kid | HTTP 400 | Integration: bad kid |
| BV2-STRICT-01 | Weak authority on strict profile | Attest under VDI_VERIFY_STRICT_V1 | Authority binding step passes when configured | Integration: strict profile |
| BV2-LOG-01 | Equivocation / missing transparency | Auditor reads log head | Signed checkpoint + Merkle root published | Integration: transparency head |
| BV2-REVOC-01 | Stale revocation for strict verify | Fetch /.well-known/vdi-billing-revocation.json | JSON feed with snapshotTime | Integration: revocation feed |
| BV2-INCIRCUIT-01 | Commitment substitution | Enable Phase-2 binding; verify bundle | incircuit_binding_verification.valid: true | Integration: incircuit happy |
| BV2-INCIRCUIT-02 | Proof vs commitment mismatch | Tamper expected_public_commitments | In-circuit verify fails closed | Integration: incircuit tamper |
| BV2-EVAL-01 | Non-deterministic charge | Same meter + tariff | Same expected_charge_micros | Conformance: pilot_linear_charge |
| BV2-EVAL-02 | Min-charge bypass | Low usage below floor | Charge clamps to min_charge_micros | Conformance: min_charge_floor |
| BV2-EVAL-03 | Max-charge bypass | Absurd usage | Charge clamps to max_charge_micros | Conformance: max_charge_cap |
| BV2-ART-01 | Silent artifact substitution | Boot with wrong WASM/zkey/vkey | Startup validator rejects mismatch | artifactValidator.js + conformance pins |
| BV2-PERF-01 | DoS via slow attest (ops) | Warm attest flood | Wall time ≤ 8s CI budget | Integration: perf budget |
What we do not claim
| Claim | Reality |
|---|---|
| “Mathematical certainty of legal compliance” | Proofs show encoded circuit/manifest checks passed under stated assumptions |
| “Impossible to bill incorrectly” | Wrong tariff authoring or meter input errors are outside the proof relation |
| “MPC eliminates all trusted-setup risk” | Phase-2 ceremony was 3 contributors on one machine; adversarial MPC is a disclosed gap |
| “Verification works forever unconditionally” | Profiles may require revocation snapshots; expired attestations fail policy checks by design |
Reproduce gates
bash
# Offline conformance (deterministic evaluator + artifact pins)
cd protocol && node --test test/conformance-billing-v2.test.js
# Full HTTP attack matrix (PostgreSQL required)
cd verifier-api && npm run test:billing-pilot
# Artifact hashes (copy-paste)
bash scripts/verify-artifact-hashes.sh