Please DO NOT open a public GitHub issue for security vulnerabilities.

If you discover a security vulnerability in ARIA Protocol, please report it responsibly:

• Email: security@aria-protocol.org
• Response time: We aim to acknowledge reports within 48 hours
• Disclosure: We follow coordinated disclosure practices

1. Description of the vulnerability
2. Steps to reproduce
3. Potential impact assessment
4. Suggested fix (if any)

We will not pursue legal action against security researchers who:

• Act in good faith to avoid privacy violations, data destruction, or service disruption
• Provide us reasonable time to address the issue before public disclosure
• Do not exploit the vulnerability beyond what is necessary to demonstrate it

ARIA Protocol secures decentralized AI inference through five defense layers, each independently catching failures the others miss:

• TLS 1.3 for all WebSocket connections
• Certificate validation and perfect forward secrecy
• Replay protection via timestamps and nonces

• Message authentication with node signatures
• Version negotiation preventing downgrade attacks
• Rate limiting on peer announcements

• Proof of Useful Work (PoUW): Every computation is real AI inference — no wasted work. Every contribution requires actual AI inference work, verified via output hashing and timing analysis.
• Proof of Sobriety: Energy consumption is tracked per inference and cross-referenced with hardware capabilities. Statistical outlier detection flags impossible claims.
• Provenance Ledger: Every inference is recorded immutably — timestamp, I/O hashes, participating nodes, energy consumed. Full audit trail.

• Reputation-based node ranking (quality-driven participation)
• Reputation penalties for detected fraud
• Time-weighted reputation preventing hit-and-run attacks
• Slow accrual, fast decay reputation scoring
• Anti-Sybil: subnet limiting, hardware fingerprinting, cluster detection

• Consent contracts: explicit CPU, RAM, schedule, and task-type limits
• Data minimization: inference runs locally, no prompts sent to cloud
• End-to-end prompt encryption (planned)

A comprehensive threat model covering P2P attacks (Sybil, Eclipse, MITM), inference integrity attacks (result falsification, pipeline poisoning), reputation attacks (energy fraud, reputation gaming), and privacy attacks (prompt leakage) is documented in docs/threat-model.md.

ARIA Protocol is pre-mainnet software. The following security features are designed but not yet implemented:

• Frontier API key encryption uses local Fernet (planned v1.0.0: OS keyring integration)
• Reputation penalties for misbehavior (planned v1.0.0)
• Hardware attestation (planned v1.0.0)
• Third-party security audit (planned v1.0.0)
• Bug bounty program (planned v1.0.0)

We believe in transparency about our security posture. See our roadmap for implementation timeline.