amaters-net 0.1.0

Network layer for AmateRS (Musubi)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

# amaters-net

Network layer for AmateRS (Musubi - The Knot)

## Overview

`amaters-net` provides the networking infrastructure for AmateRS, implementing the **Musubi** component. It handles client-server communication using gRPC over QUIC with mutual TLS (mTLS) for secure, high-performance data exchange.

## Features

- **gRPC Protocol**: RPC communication for queries and operations
- **QUIC Transport**: HTTP/3 with multiplexing and 0-RTT
- **mTLS**: Mutual TLS for authenticated connections
- **Connection Pooling**: Efficient connection reuse
- **Protocol Buffers**: AmateRS Query Language (AQL) serialization

## Architecture

```
Client ←→ [Musubi] ←→ Server
          ├── gRPC
          ├── QUIC (HTTP/3)
          ├── mTLS
          └── Connection Pool
```

## Protocol Definition

### AmateRS Query Protocol (AQL)

```protobuf
service AmateRS {
  rpc Execute(QueryRequest) returns (QueryResponse);
  rpc ExecuteStream(stream QueryRequest) returns (stream QueryResponse);
}

message QueryRequest {
  bytes query_bytes = 1;  // Serialized AQL
  bytes client_signature = 2;
}

message QueryResponse {
  bytes result_bytes = 1;
  bytes server_proof = 2;  // Future: ZKP
}
```

## Usage (Future)

```rust
use amaters_net::{Client, Server};

// Client
let client = Client::connect("https://localhost:7878")
    .with_tls(cert_path, key_path)
    .await?;

let query = QueryRequest { /* ... */ };
let response = client.execute(query).await?;

// Server
let server = Server::bind("0.0.0.0:7878")
    .with_tls(cert_path, key_path)
    .serve(handler)
    .await?;
```

## Configuration

```toml
[network]
bind_address = "0.0.0.0:7878"
max_connections = 1000
idle_timeout_ms = 60000
keep_alive_interval_ms = 10000

[tls]
cert_path = "/etc/amaters/server.crt"
key_path = "/etc/amaters/server.key"
ca_path = "/etc/amaters/ca.crt"

[quic]
max_concurrent_streams = 100
initial_window_size = 65536
```

## Security

### mTLS Authentication
- Server validates client certificates
- Client validates server certificates
- Mutual authentication prevents MITM

### QUIC Benefits
- Encrypted by default (TLS 1.3)
- Connection migration support
- No head-of-line blocking
- 0-RTT reconnection

### Protocol Security
- All queries encrypted in transit
- Server never sees plaintext (FHE)
- Optional ZK proofs for computation verification

## Performance

### Benchmarks (Target)
- **Latency**: < 5ms (local network)
- **Throughput**: > 100K queries/sec
- **Connections**: 10K+ concurrent clients

### Optimization
- Connection pooling reduces handshake overhead
- QUIC multiplexing eliminates HOL blocking
- Zero-copy serialization with rkyv

## Development Status

- 📋 **Phase 1**: Protocol design
- 📋 **Phase 2**: gRPC implementation
- 📋 **Phase 3**: QUIC transport
- 📋 **Phase 4**: mTLS authentication
- 📋 **Phase 5**: Connection pooling

## Testing

```bash
# Run unit tests
cargo test

# Integration tests with mock server
cargo test --test integration

# Benchmarks
cargo bench
```

## Dependencies

- `tonic` - gRPC framework
- `quinn` - QUIC implementation
- `rustls` - TLS library
- `tokio` - Async runtime

## License

Licensed under MIT OR Apache-2.0

## Authors

**COOLJAPAN OU (Team KitaSan)**