Skip to main content

Overview

boop network is a distributed, privacy-preserving authentication system built on multi-party computation (MPC) principles. The architecture ensures no single entity ever has access to complete biometric data.

High-Level Architecture

Component Details

API Gateway

Purpose: Central entry point for all external communications Responsibilities:
  • Request routing and load balancing
  • Authentication and authorization
  • Rate limiting and DDoS protection
  • Protocol translation (HTTP/WebSocket)
  • Request/response transformation
Key Features:
  • RESTful API endpoints
  • WebSocket support for real-time communication
  • OpenAPI documentation
  • Metrics and logging

MPC Gateway

Purpose: Orchestrates multi-party computation for biometric matching Responsibilities:
  • Biometric data splitting across MPC nodes
  • Coordinating secure computation protocols
  • Result aggregation without revealing individual shares
  • Key management and rotation
Security Model:

Bridge Service

Purpose: Manages real-time WebSocket connections Responsibilities:
  • WebSocket connection management
  • Event broadcasting
  • Connection pooling
  • Message queuing and delivery
  • Heartbeat and reconnection logic
Connection Types:
  • User registration sessions
  • Vendor authentication channels
  • PVS configuration streams
  • Admin monitoring connections

Attribute Service

Purpose: Manages user attributes with privacy controls Responsibilities:
  • Attribute storage and retrieval
  • Permission management
  • Consent tracking
  • Attribute encryption
  • Selective disclosure
Data Model: 
{
  "user_id": "uuid",
  "attributes": {
    "email": {
      "value": "encrypted_email",
      "permissions": ["vendor_123"],
      "updated_at": "2024-01-01T00:00:00Z"
    },
    "age_verified": {
      "value": true,
      "verified_by": "gov_authority",
      "expires_at": "2025-01-01T00:00:00Z"
    }
  }
}

Ledger Service

Purpose: Immutable transaction log Responsibilities:
  • Transaction recording
  • Balance management
  • Audit trail maintenance
  • Settlement processing
  • Reporting and analytics
Transaction Types:
  • Payment transactions
  • Authentication events
  • Attribute updates
  • Consent changes

Data Flow Patterns

Registration Flow

Authentication Flow

Scalability Design

Horizontal Scaling

Stateless Services

API Gateway, Bridge Service scale horizontally behind load balancers

Database Sharding

Attribute and Ledger services support sharding by user ID

MPC Node Distribution

MPC nodes can be geographically distributed for resilience

Cache Layer

Redis cache for frequently accessed data

Performance Optimization

# Example deployment scaling
services:
  api-gateway:
    replicas: 5
    resources:
      requests:
        cpu: "1"
        memory: "2Gi"
    autoscaling:
      min: 3
      max: 10
      targetCPU: 70%

  mpc-gateway:
    replicas: 3
    resources:
      requests:
        cpu: "2"
        memory: "4Gi"

Security Architecture

Defense in Depth

  1. Network Security
    • TLS 1.3 for all communications
    • mTLS between internal services
    • Network segmentation and firewalls
  2. Application Security
    • OAuth2/JWT for authentication
    • RBAC for authorization
    • Input validation and sanitization
    • Rate limiting and DDoS protection
  3. Data Security
    • Encryption at rest (AES-256)
    • Encryption in transit (TLS)
    • Key rotation policies
    • Secure key management (HSM)
  4. Operational Security
    • Audit logging
    • Intrusion detection
    • Security scanning
    • Incident response

Threat Model

The system is designed to withstand:
  • Compromise of any single MPC node
  • Man-in-the-middle attacks
  • Replay attacks
  • Timing attacks
  • Side-channel attacks

Deployment Topology

Production Deployment

Monitoring & Observability

Metrics Stack

  • Prometheus: Metrics collection
  • Grafana: Visualization and dashboards
  • Tempo: Distributed tracing
  • Loki: Log aggregation
  • AlertManager: Alert routing

Key Metrics

MetricTargetAlert Threshold
API Latency (p99)< 100ms> 200ms
MPC Computation Time< 500ms> 1000ms
Error Rate< 0.1%> 1%
System Availability99.99%< 99.9%

Disaster Recovery

Backup Strategy

  • Database Backups: Hourly snapshots, daily full backups
  • MPC Key Backups: Encrypted, distributed storage
  • Configuration Backups: Version controlled in Git

Recovery Procedures

1

Detection

Monitoring alerts trigger incident response
2

Assessment

Determine scope and impact of failure
3

Isolation

Isolate affected components
4

Recovery

Execute recovery procedures
5

Verification

Verify system functionality
6

Post-Mortem

Document lessons learned

Next Steps

MPC Security

Deep dive into MPC

API Reference

Explore the APIs

Deployment

Deploy boop