Skip to content

Formal security package (api-billing-v2)

QuantZK includes a formal security package designed to support an independent review. It documents the threat model, trust assumptions, adversarial test coverage, parser behavior, circuit inventory, canonicalization approach, and known limitations.

This is not a third-party audit letter, penetration-test report, or a claim that “QuantZK has been security audited.” It is the protocol owner’s reproducible harness: scope, adversary model, executable vector catalog, and production-scale methodology.

Package vs code review

Code reviewFormal security package (this track)
Reads source for intent and styleExecutes fail-closed vectors with expected outcomes
Subjective severityPass/fail per catalog ID (BV2-*, ADV-*)
Point-in-timeReproducible from pinned artifacts + conformance JSON
May miss parser edgesTargets serialization, canonicalization, malformed proofs
Line-coverage % as a proxyBehavioral coverage: primary threat-model scenarios have executable tests

Adversary model

  • Power: PPT attacker; can craft HTTP bodies, reorder JSON, swap proof fields, race concurrent attests, forge transparency proofs, and supply stale revocation snapshots.
  • Cannot: Break Ed25519 EUF-CMA, Groth16 soundness, or SHA-256 collision resistance except with negligible probability.
  • Goal: Forge a valid billing receipt, double-spend usage, bypass charge bounds, or verify a tampered bundle as valid.

Audit domains

DomainQuestionPrimary evidence
Circuit correctnessDoes apiBillingV2 bind the published commitment relation?Phase-2 in-circuit tests + artifact pins
Serialization edge casesDo unsafe integers / overflow paths fail closed?ADV-CHARGE-01, ADV-EVAL-01
Parser ambiguityAre digests independent of JSON key order?ADV-CANON-01, meter envelope tests
Signature verificationDo tampered meter + attestation signatures reject?ADV-SIG-01, ADV-METER-01
CanonicalizationIs RFC 8785-style canonical JSON single-sourced?protocol/lib/canonicalize.js + ADV-CANON-*
Replay logicIs (tenant, window, event_id) double-spend blocked?BV2-REPLAY-01/02/03
API abuseDo strict profiles enforce revocation freshness?ADV-REVOC-01/02
Malformed proofsDo swapped/truncated proofs fail verification?ADV-PROOF-01/02/03
Denial of serviceDo oversized payloads reject without wedging?ADV-PAYLOAD-01, BV2-PERF-01

Evidence gates (run in order)

Gate 1 — Artifact integrity

bash
bash scripts/verify-artifact-hashes.sh

Pins WASM, zkey, canonical vkey hash; runs offline conformance.

Gate 2 — Deterministic evaluator + canonicalization

bash
cd protocol && node --test test/conformance-billing-v2.test.js
cd protocol && node --test test/adversarial-billing-v2.test.js

Gate 3 — Functional + adversarial integration (PostgreSQL)

bash
cd verifier-api && npm run test:billing-pilot
cd verifier-api && npm run test:billing-adversarial

Expect 15/15 pilot + 12/12 adversarial (release bar).

Gate 4 — Full formal audit runner

bash
bash scripts/run-formal-security-audit.sh

Runs gates 1–3 and writes audit-logs/formal-security-audit-<timestamp>.json.

Gate 5 — Production smoke (live, optional)

bash
API=https://api.quantzk.com VDI_ATTEST_SECRET=<secret> bash scripts/smoke-billing-phase2.sh

Gate 6 — Production scale (load methodology)

bash
# Quick local sample (100 attest+verify pairs)
node scripts/production-scale-audit.mjs --total 100

# Sustained verify-only throughput (uses cached attestation)
node scripts/production-scale-audit.mjs --mode verify-only --total 10000 --concurrency 20

# Production target profile (documented; run on dedicated hardware)
SCALE_TOTAL=10000000 node scripts/production-scale-audit.mjs --mode verify-only --concurrency 50

See Production scale methodology below.

Adversarial catalog

Machine-readable: protocol/conformance/billing-v2-adversarial.json
Human matrix: Billing v2 attack matrix

Determined reviewer questions → vectors

Reviewer questionVector IDExpected result
Proof fields swapped?ADV-PROOF-01verification.valid: false
Timestamps overflow / expired?ADV-TIME-01verification.valid: false
JSON reordered?ADV-CANON-01Same digest; meter resign invariant
Malformed public signals?ADV-PROOF-02commitment_binding_verification.valid: false
Replay attempts?BV2-REPLAY-01/03HTTP 400 or race 200+400
Stale revocation cache?ADV-REVOC-02Strict verify fails revocation_status when snapshotTime predates issued_at (pass revocation inline on verify body; env feed clamps stale times to now)
Concurrent requests?BV2-REPLAY-03Exactly one success
Malformed signatures?ADV-SIG-01, ADV-METER-01Verify/attest fail closed
Invalid transparency checkpoints?ADV-LOG-01/02log_proof_verification.valid: false
Canonicalization mismatch?ADV-METER-01Attest HTTP 400
Oversized payloads?ADV-PAYLOAD-01HTTP ≥ 400

Production scale methodology

What we show today: Correctness under adversarial vectors + CI perf budget (single warm attest ≤ 8s).

What production scale proves: Sustained verify throughput, zero verification mismatches on honest bundles, and operational error rate under load.

The harness (scripts/production-scale-audit.mjs) reports:

MetricDefinition
attest_successHTTP 200 attest count
verify_successHTTP 200 verify count
verification_mismatchesHonest bundle where verification.valid !== true
billing_check_mismatchesHonest bundle where billing_check.valid !== true
error_rate(failures) / (attempts)
uptime_ratio1 - error_rate over the run window
latency_p50_ms / latency_p99_msEnd-to-end per operation

Target profile (design partner / auditor disclosure)

These are methodology targets, not marketing guarantees until measured on your production environment:

TargetMethod
10M attestations processedBatch attest with unique event_id; replay guard prevents duplicates
0 verification mismatchesEvery honest attest→verify must pass all checks
99.99% uptimeuptime_ratio ≥ 0.9999 over sustained window
Sustained load--concurrency + --duration-sec or --total

Honest limits:

  • Full attest+verify at 10M scale requires production PostgreSQL, meter keys, and hours of wall time — use verify-only mode with a cached attestation to stress cryptographic verification path.
  • 99.99% uptime is measured over the audit window against the configured API base URL, not a historical SLA unless backed by external monitoring.
  • Groth16 proving dominates attest latency; scale tests separate prove path (attest) from verify path (cheap).

Auditor deliverables

After running Gate 4, attach to your report:

  1. audit-logs/formal-security-audit-*.json — gate results + git SHA
  2. protocol/conformance/billing-v2-conformance.json — artifact pins
  3. protocol/conformance/billing-v2-adversarial.json — adversarial catalog
  4. Production scale JSON (if Gate 6 run): audit-logs/production-scale-*.json

Verification keys are embedded in attestations. The verifier is open source.