# Tick 22 — 2026-05-22 08:17 UTC **Thread:** ADR-107 (cross-installation federation with secure aggregation) **Verdict:** Closes the privacy + federation chain explicitly deferred from ADR-105 + ADR-106. The full chain R6 → R3 → R14 → R15 → ADR-105 → ADR-106 → ADR-107 now has a formal guarantee at every layer. ## What shipped - `docs/adr/ADR-107-cross-installation-federation.md` — full ADR draft. Direct extension of ADR-105 + ADR-106. ## Five-layer defence (extends ADR-106's three) | Layer | Mechanism | Defends against | |---|---|---| | 1–3 (ADR-106) | Primitive isolation + grad clipping + DP noise | Local member inference, biometric exfiltration | | **4 NEW** | Secure Aggregation (Bonawitz 2016) | Cross-installation aggregator sees only sum | | **5 NEW** | Per-installation embedding-space rotation key | Cross-installation re-identification (R3 binding) | ## Counter-intuitive privacy win With N installations each at σ_local = 1.0: - Per-installation ε after 50 rounds: 2.5 - **Cross-installation effective σ = √N · σ_local ≈ 3.16** (amplification by sampling) - **Cross-installation ε after 50 rounds: ~1.5** — STRONGER than per-installation alone **Cross-installation federation actually IMPROVES privacy** through the amplification effect, as long as the cryptographic protocol is implemented correctly. ## Bandwidth Per round, 10 installations: ~2 MB/installation. Monthly cadence: 70-200 MB/month/installation total (within + cross-installation). <0.1% of home broadband. ## Implementation budget Additive on prior ADRs: | ADR | LOC | |---|---:| | ADR-105 (federation) | 500 | | ADR-106 (DP-SGD + isolation) | +300 | | **ADR-107 (cross-installation)** | **+530** | | **Total `ruview-fed` budget** | **~1,330 LOC, ~6 weeks** | ## Why this closes the chain The research loop has produced 7 layers, each with a formal guarantee: 1. **R6 / R6.1** — physics forward model 2. **R3** — embedding-space re-ID 3. **R14** — ethical opt-in / on-device / override 4. **R15** — biometric primitive catalogue 5. **ADR-105** — within-installation federation 6. **ADR-106** — DP-SGD + primitive isolation 7. **ADR-107** — cross-installation + secure aggregation **No remaining unspecified privacy gap.** Cross-installation training can ship without violating any constraint surfaced by the loop. ## Threat model (8 threats, 8 layers) Every threat row has a mitigation layer. Member inference (cross-installation) → Layer 3 + cross-installation DP composition. Cross-installation re-ID → Layer 5 rotation key. Sybil → Layer 4 dropout + Krum + N ≥ 5. Quantum-resistant DH = out-of-scope future ADR-108; Kyber substitution is mechanical. ## Composes with everything - R3 + R15 enforcement now technical, not just policy - R7 mincut extends to cross-installation multi-installation adversarial detection - R12 PABS works at any installation in the local rotated embedding space - R10/R11 cogs benefit asymmetrically; `cog-wildlife` is high-value cross-installation, `cog-maritime-watch` is per-vessel ## Honest scope - Cross-org PKI bootstrapping = operational, not architectural - Implementation cost real: 1,330 LOC + 6 weeks engineering - Krum + SA composition proof is non-trivial; reference implementations needed - √N amplification assumes installation independence (correlated installations need separate accounting) - Drop-out reconstruction has known attack surfaces; follow Bonawitz §4.3 carefully - Per-cog suitability varies; not all cogs benefit equally ## Coordination `ticks/tick-22.md`. No PROGRESS.md edit. Branch `research/sota-adr107-cross-install-federation`. ## Remaining work - **R6.2.3**: chest-centric / pose-trajectory zones - **R6.2.2.1**: 3D N-anchor coverage - **R12.1**: pose-PABS closed loop (highest-leverage implementation) - **R3.2**: embedding-level physics-informed env (R3.1's corrected sketch) - **ADR-108**: quantum-resistant DH substitution (Kyber) ~3.6h to cron stop. **22 ticks landed.** The loop has covered: - 13 research threads (R1-R15) - 3 ADRs (105, 106, 107) closing the privacy + federation chain - 3 kinds of negative result (physics-floor, architecture-error, revisited-to-positive) - 7 deferred follow-ups closed