mirror of
https://github.com/ruvnet/RuView
synced 2026-06-09 10:13:17 +00:00
rUv
9b5e317f99
Closes the cross-installation federation work explicitly deferred from ADR-105 + ADR-106. Direct extension of both. Five-layer defence (extends ADR-106's three): 1-3 (ADR-106): Primitive isolation + grad clipping + DP noise 4 NEW: Secure Aggregation (Bonawitz 2016) -- aggregator sees only sum 5 NEW: Per-installation embedding-space rotation key -- cross-install re-ID prevented Counter-intuitive privacy win: cross-installation amplification IMPROVES privacy. With N=10 installations each at sigma_local=1.0: - Per-installation epsilon (50 rounds): 2.5 - Cross-installation effective sigma = sqrt(N) * sigma_local = 3.16 - Cross-installation epsilon (50 rounds): ~1.5 <-- STRONGER Cross-installation federation actually improves privacy through the amplification effect, as long as the crypto protocol is implemented correctly. Bandwidth: ~2 MB/install/round, monthly ~70-200 MB/install (within+cross). <0.1% of typical home broadband. Implementation budget: - ADR-105 baseline: 500 LOC - ADR-106 layers: +300 LOC - ADR-107 SA layer: +530 LOC - TOTAL ruview-fed: ~1,330 LOC, ~6 weeks The privacy chain closes: 1. R6/R6.1 physics forward model 2. R3 embedding-space re-ID 3. R14 ethical opt-in / on-device / override 4. R15 biometric primitive catalogue 5. ADR-105 within-installation federation 6. ADR-106 DP-SGD + primitive isolation 7. ADR-107 cross-installation + secure aggregation Every layer has a formal guarantee, implementation path, and honest scope. No remaining unspecified privacy gap. Cross-installation training can ship without violating any constraint surfaced by the research loop. Threat model: 8 threats, every row has a mitigation layer. - Compromised aggregator views deltas -> Layer 4 SA - Cross-installation re-ID -> Layer 5 rotation - Sybil -> Layer 4 dropout + Krum + N >= 5 - Quantum-resistant: out-of-scope ADR-108 (Kyber substitution) Honest scope: - Cross-org PKI = operational, not architectural - Krum+SA composition proof is non-trivial; reference implementations needed before production - sqrt(N) amplification assumes installation independence - Drop-out reconstruction has known attack surfaces (Bonawitz §4.3) - Per-cog suitability varies (cog-wildlife yes, cog-maritime-watch no) Composes: - R3+R15 enforcement now technical, not just policy - R7 mincut extends to cross-installation adversarial detection - R12 PABS works at any installation in local rotated embedding space - R10/R11 cogs benefit asymmetrically Coordination: ticks/tick-22.md, no PROGRESS.md edit.