Shielded ARM Trust Assumptions And Security Properties

RM
1

This post is an attempt to extract ARM trust assumptions and specify the intended security properties.

1. Actor Trust Model

# Actor Trust Assumption Incentives Malicious potential (outside trust assumptions)
1 Users Act according to economic incentives Protect own funds Create invalid or unauthorized transactions
2 Application Developers Implement required security checks Adoption, fees, reputation Embed backdoors in business logic
3 Consensus Order transactions fairly, include valid transactions Block rewards, fees, reputation Censor transactions, reorder for MEV, include invalid transactions
4 Executor Reject invalid transactions, execute in determined order Block rewards, fees, reputation Censor transactions
5 Discovery Server Not share sensitive information (discovery keys, receiver identities) Service fees for discovery, reputation Censor discovery responses
6 Solvers Act according to economic incentives Profit from matching intents, fees, reputation Create invalid transactions, steal resources, front-run users, reveal sensitive information
7 Network Adversaries — Financial profit Modify transactions in transit, inject fake transactions, replay old transactions

2. Other trust assumptions

# Category Assumption
1 Cryptographic Primitives SHA256, Keccak256, AES256-GCM, SHA256-KDF, Pedersen commitment, k256 elliptic curve, ECDSA, RISC Zero STARK/Groth16, PRNG implementations are secure
2 Private key secrecy Users protect their keys: nullifierKey never published; encryption keys held only by receiver
3 Nonce uniqueness Nonce is unique for every resource
4 State consistency Commitment tree and nullifier set consistent across nodes
5 External libraries correctness All external libraries correctly implement relevant functionalities

3. Security properties

# Category Property Definition Enforcement
1 Asset Security Resource Uniqueness Each resource created once Uniqueness checks in commitment tree and nullifier set
2 Asset Security Existence Before Consumption Only created persistent resources can be consumed Merkle path proof in compliance proof
3 Asset Security No Double Spend Consumed resource cannot be consumed again Global nullifier set membership check
4 Asset Security Balance Preservation Total quantity per kind cannot differ from expectedBalance Delta proof against expectedBalance
5 Asset Security No Theft, No Unauthorized creation Resources cannot be consumed without authorization Nullifier computation requires nullifierKey; a valid logic proof is required; balance
6 Asset Security Append-only Log Commitment tree and nullifier set grow monotonically Append-only structures
7 Asset Security Kind Distinctness Different resource kinds cannot offset each other DeltaHash is kind-distinct
8 Integrity Commitment Integrity Created commitments must match compliance proof instance Recomputed from witness and compared to instance
9 Integrity Nullifier Integrity Consumed nullifiers must match compliance proof instance Recomputed from witness and compared to instance
10 Integrity Logic Reference Integrity Logic reference must match its hash in compliance proofs Checked in compliance circuit
11 Integrity Delta Integrity Compliance unit delta must be correctly computed from resource deltas Checked in compliance circuit
12 Integrity Tag Integrity Resource tags must be recomputed from witness and match instance Binding between instance and witness
13 Integrity Action Tree Root Integrity Action tree root must correctly commit to all tags in the action Tag inclusion verified against tree root in logic proofs
14 Integrity Resource Encryption Correctness Encrypted resources must be correctly decryptable by receiver Verifiable encryption checked in RL circuits
15 Authorization Logic Constraint Enforcement Creation/consumption must satisfy logic Resource logic proof per resource
16 Authorization ARM Compliance Enforcement All state changes must comply with RM rules Compliance proof per CU
17 Privacy Transaction Content Privacy Resource objects not publicly readable In-band encryption
18 Privacy Receiver Privacy Cannot determine receiver from public data In-band encryption
19 Privacy Linkability Resistance Cannot link nullifier to commitment Separate derivation paths
20 Privacy Cross-Transaction Privacy Cannot link resources across transactions Fresh nonce and seed per resource
21 Privacy Function Privacy [1] Asset types and logic behavior hidden Recursion
22 Invariants Action Scope Isolation Logic proofs only see resources in their action Input map; action tree root
23 Invariants Transaction Atomicity All actions succeed or fail together Transaction validity bound to delta proof
24 Invariants Transaction Composition Composition of valid transactions is valid CU and Action union; delta proof aggregation
25 Liveness Verifiability Anyone can verify transaction validity Public proofs; replicated state

  1. Currently not implemented but enabled by design ↩ī¸Ž

1 Like