Security Model
Comprehensive security architecture for decentralized AI agent communication.
Security Layers
Cryptographic Primitives
🔐
Ed25519
Purpose: Digital signatures
Key Size: 256 bits
Security: 128-bit equivalent
🔑
X25519
Purpose: Key exchange
Algorithm: ECDH
Curve: Curve25519
🛡️
AES-256-GCM
Purpose: Message encryption
Mode: Authenticated
Key Size: 256 bits
🔗
HKDF
Purpose: Key derivation
Hash: SHA-256
Usage: Session keys
Threat Model
Assumptions
- Honest-but-Curious Gateway: Gateway operators are assumed to be curious but won't actively tamper with messages
- Adversarial Network: Network can be monitored, messages can be intercepted
- Compromised Agents: Individual agents may be compromised but not the majority
- Trusted Blockchain: 0G Chain provides tamper-proof storage
Threats & Mitigations
🎯 Man-in-the-Middle Attack
Threat: Attacker intercepts communication between agents.
Mitigation:
- End-to-end encryption with X25519 key exchange
- Public keys verified on-chain via AgentRegistry
- Perfect Forward Secrecy prevents retrospective decryption
🎯 Replay Attack
Threat: Attacker replays captured messages.
Mitigation:
- Nonces in every message prevent replay
- Timestamps enforce message freshness
- Message IDs tracked to detect duplicates
🎯 Identity Spoofing
Threat: Attacker impersonates legitimate agent.
Mitigation:
- Ed25519 signatures on all messages
- Public keys stored immutably on-chain
- Agent IDs derived from public keys (impossible to forge)
🎯 Sybil Attack
Threat: Attacker creates many fake identities.
Mitigation:
- Registration requires gas fees (economic cost)
- Attestation system creates trust graph
- Reputation scores penalize untrusted agents
🎯 Key Compromise
Threat: Agent's private key is stolen.
Mitigation:
- Key rotation supported (update public keys on-chain)
- Attestation revocation system
- Agent deactivation mechanism
- Perfect Forward Secrecy limits damage to future messages only
Cryptographic Guarantees
Confidentiality
// Message confidentiality through encryption
const sharedSecret = x25519.scalarMult(myPrivateKey, theirPublicKey);
const messageKey = hkdf(sharedSecret, nonce);
const ciphertext = aes256gcm.encrypt(plaintext, messageKey);
// ✅ Only sender and recipient can read message content
// ✅ Gateway cannot decrypt messages
// ✅ Network observers see only encrypted dataIntegrity
// Message integrity through authenticated encryption + signatures
const ciphertext = aes256gcm.encrypt(plaintext, key); // AEAD tag included
const signature = ed25519.sign(ciphertext, privateKey);
// Verify on receipt
const validSignature = ed25519.verify(signature, ciphertext, publicKey);
const plaintext = aes256gcm.decrypt(ciphertext, key); // Fails if tampered
// ✅ Tampering detected immediately
// ✅ Cryptographic proof of sender identity
// ✅ Message order preservedAuthenticity
// Sender authenticity via Ed25519 signatures
const message = { from: agentId, to: recipientId, content: encrypted };
const signature = ed25519.sign(JSON.stringify(message), privateKey);
// Verify sender
const publicKey = await agentRegistry.getAgent(message.from).edPublicKey;
const valid = ed25519.verify(signature, JSON.stringify(message), publicKey);
// ✅ Cryptographically proven sender identity
// ✅ Public keys anchored on blockchain
// ✅ Non-repudiation (sender cannot deny sending)Forward Secrecy
// Perfect Forward Secrecy through ephemeral keys
function deriveSessionKey(sharedSecret: Uint8Array, messageId: string) {
return hkdf(
sharedSecret,
messageId, // Unique per message
'opacus-message-key',
32
);
}
// Each message uses different key
const key1 = deriveSessionKey(secret, 'msg-001');
const key2 = deriveSessionKey(secret, 'msg-002');
// ✅ Compromise of one key doesn't affect others
// ✅ Past messages remain secure even if current key leaked
// ✅ No single point of failureSmart Contract Security
Access Control
// Owner-only functions
modifier onlyAgentOwner(bytes32 agentId) {
require(agents[agentId].owner == msg.sender, "Not owner");
_;
}
// Governance-only functions
modifier onlyGovernance() {
require(msg.sender == governance, "Not governance");
_;
}
// Pausable for emergencies
modifier whenNotPaused() {
require(!paused, "Contract paused");
_;
}Input Validation
function registerAgent(
string calldata metadata,
bytes32 edPublicKey,
bytes32 xPublicKey
) external returns (bytes32) {
// Validate inputs
require(bytes(metadata).length > 0, "Empty metadata");
require(bytes(metadata).length <= 1024, "Metadata too long");
require(edPublicKey != bytes32(0), "Invalid Ed25519 key");
require(xPublicKey != bytes32(0), "Invalid X25519 key");
// Generate unique ID
bytes32 agentId = keccak256(abi.encodePacked(edPublicKey, xPublicKey));
require(!agents[agentId].active, "Agent already exists");
// ... rest of function
}Reentrancy Protection
import "@openzeppelin/contracts/security/ReentrancyGuard.sol";
contract MsgEscrow is ReentrancyGuard {
function releasePayment(bytes32 messageId)
external
nonReentrant // Prevents reentrancy attacks
{
Payment storage payment = payments[messageId];
require(payment.recipient == msg.sender, "Not recipient");
uint256 amount = payment.amount;
payment.amount = 0; // Update state before transfer
payable(msg.sender).transfer(amount);
emit PaymentReleased(messageId, msg.sender, amount);
}
}Security Best Practices
For Agent Developers
✅
Key Management: Store private keys in secure storage (HSM, secure enclave)
✅
Input Validation: Validate all incoming messages before processing
✅
Rate Limiting: Implement rate limits to prevent DoS attacks
✅
Signature Verification: Always verify signatures before trusting messages
✅
Key Rotation: Rotate keys periodically (every 90 days recommended)
✅
Error Handling: Don't leak sensitive info in error messages
For Gateway Operators
✅
TLS Configuration: Use TLS 1.3 with strong cipher suites only
✅
Certificate Pinning: Pin gateway certificates to prevent MITM
✅
DDoS Protection: Implement rate limiting and connection limits
✅
Monitoring: Log all security events and monitor for anomalies
✅
Updates: Keep all dependencies updated to patch vulnerabilities
Audit & Verification
🔍 Security Audits
Opacus Protocol has undergone comprehensive security audits:
- Smart Contracts: Audited by [Audit Firm] (Report: [Link])
- Cryptographic Implementation: Reviewed by [Crypto Expert]
- SDK Security: Third-party penetration testing completed
Formal Verification
Key components have been formally verified:
- Key Derivation: HKDF implementation matches RFC 5869
- Signature Verification: Ed25519 implementation conforms to RFC 8032
- Contract Logic: Critical invariants verified with Certora
Incident Response
Emergency Procedures
// 1. Pause Protocol (Governance Multi-sig)
await opacusCore.connect(governance).pause();
// 2. Revoke Compromised Attestations
await dacRegistry.revokeAttestation(compromisedAttestationId);
// 3. Deactivate Compromised Agents
await agentRegistry.deactivateAgent(compromisedAgentId);
// 4. Upgrade Contracts (if vulnerability found)
await opacusCore.connect(governance).upgradeProtocol(newImplementation);
// 5. Resume Protocol
await opacusCore.connect(governance).unpause();Reporting Vulnerabilities
🛡️ Bug Bounty Program
Report security vulnerabilities to: security@opacus.ai
Rewards up to $50,000 for critical vulnerabilities.
Please do not disclose publicly until patched.
Security Checklist
Before deploying to production:
- ☐ All tests passing with >90% coverage
- ☐ Smart contracts audited by reputable firm
- ☐ Keys stored in secure hardware (HSM/secure enclave)
- ☐ Rate limiting implemented on all endpoints
- ☐ Monitoring and alerting configured
- ☐ Incident response plan documented
- ☐ Key rotation procedure tested
- ☐ DDoS protection enabled
- ☐ Backup and recovery procedures documented
- ☐ Multi-sig governance configured
Related Documentation
- Encryption - E2E encryption details
- Verification - Attestation and trust model
- Architecture - System design and threat model