amaters-net 0.1.0

Network layer for AmateRS (Musubi)
Documentation

amaters-net

Network layer for AmateRS (Musubi - The Knot)

Overview

amaters-net provides the networking infrastructure for AmateRS, implementing the Musubi component. It handles client-server communication using gRPC over QUIC with mutual TLS (mTLS) for secure, high-performance data exchange.

Features

  • gRPC Protocol: RPC communication for queries and operations
  • QUIC Transport: HTTP/3 with multiplexing and 0-RTT
  • mTLS: Mutual TLS for authenticated connections
  • Connection Pooling: Efficient connection reuse
  • Protocol Buffers: AmateRS Query Language (AQL) serialization

Architecture

Client ←→ [Musubi] ←→ Server
          ├── gRPC
          ├── QUIC (HTTP/3)
          ├── mTLS
          └── Connection Pool

Protocol Definition

AmateRS Query Protocol (AQL)

service AmateRS {
  rpc Execute(QueryRequest) returns (QueryResponse);
  rpc ExecuteStream(stream QueryRequest) returns (stream QueryResponse);
}

message QueryRequest {
  bytes query_bytes = 1;  // Serialized AQL
  bytes client_signature = 2;
}

message QueryResponse {
  bytes result_bytes = 1;
  bytes server_proof = 2;  // Future: ZKP
}

Usage (Future)

use amaters_net::{Client, Server};

// Client
let client = Client::connect("https://localhost:7878")
    .with_tls(cert_path, key_path)
    .await?;

let query = QueryRequest { /* ... */ };
let response = client.execute(query).await?;

// Server
let server = Server::bind("0.0.0.0:7878")
    .with_tls(cert_path, key_path)
    .serve(handler)
    .await?;

Configuration

[network]
bind_address = "0.0.0.0:7878"
max_connections = 1000
idle_timeout_ms = 60000
keep_alive_interval_ms = 10000

[tls]
cert_path = "/etc/amaters/server.crt"
key_path = "/etc/amaters/server.key"
ca_path = "/etc/amaters/ca.crt"

[quic]
max_concurrent_streams = 100
initial_window_size = 65536

Security

mTLS Authentication

  • Server validates client certificates
  • Client validates server certificates
  • Mutual authentication prevents MITM

QUIC Benefits

  • Encrypted by default (TLS 1.3)
  • Connection migration support
  • No head-of-line blocking
  • 0-RTT reconnection

Protocol Security

  • All queries encrypted in transit
  • Server never sees plaintext (FHE)
  • Optional ZK proofs for computation verification

Performance

Benchmarks (Target)

  • Latency: < 5ms (local network)
  • Throughput: > 100K queries/sec
  • Connections: 10K+ concurrent clients

Optimization

  • Connection pooling reduces handshake overhead
  • QUIC multiplexing eliminates HOL blocking
  • Zero-copy serialization with rkyv

Development Status

  • 📋 Phase 1: Protocol design
  • 📋 Phase 2: gRPC implementation
  • 📋 Phase 3: QUIC transport
  • 📋 Phase 4: mTLS authentication
  • 📋 Phase 5: Connection pooling

Testing

# Run unit tests
cargo test

# Integration tests with mock server
cargo test --test integration

# Benchmarks
cargo bench

Dependencies

  • tonic - gRPC framework
  • quinn - QUIC implementation
  • rustls - TLS library
  • tokio - Async runtime

License

Licensed under MIT OR Apache-2.0

Authors

COOLJAPAN OU (Team KitaSan)