Zero-Knowledge Audit for Internet of Agents: Privacy-Preserving Communication Verification with Model Context Protocol

• URL: http://arxiv.org/abs/2512.14737v1
• Date: Thu, 11 Dec 2025 19:18:07 GMT
• Title: Zero-Knowledge Audit for Internet of Agents: Privacy-Preserving Communication Verification with Model Context Protocol
• Authors: Guanlin Jing, Huayi Qi,
• Abstract summary: We introduce a framework for auditing agent communications that keeps messages private while still checking they follow expected rules.<n>It pairs zero-knowledge proofs with the existing Model Context Protocol (MCP) so messages can be verified without revealing their contents.<n>We show that zk-MCP provides data authenticity and communication privacy, achieving efficient verification with negligible latency overhead.
• Score: 2.503043323723241
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Existing agent communication frameworks face critical limitations in providing verifiable audit trails without compromising the privacy and confidentiality of agent interactions. The protection of agent communication privacy while ensuring auditability emerges as a fundamental challenge for applications requiring accurate billing, compliance verification, and accountability in regulated environments. We introduce a framework for auditing agent communications that keeps messages private while still checking they follow expected rules. It pairs zero-knowledge proofs with the existing Model Context Protocol (MCP) so messages can be verified without revealing their contents. The approach runs in lightweight networks, stays compatible with standard MCP exchanges, and adds asynchronous audit verification to confirm format and general message types without exposing specifics. The framework enables mutual audits between agents: one side can check communication content and quality while the other verifies usage metrics, all without revealing sensitive information. We formalize security goals and show that zk-MCP provides data authenticity and communication privacy, achieving efficient verification with negligible latency overhead. We fully implement the framework, including Circom-based zero-knowledge proof generation and an audit protocol integrated with MCP's bidirectional channel, and, to our knowledge, this is the first privacy-preserving audit system for agent communications that offers verifiable mutual auditing without exposing message content or compromising agent privacy.

Related papers

• VeriSBOM: Secure and Verifiable SBOM Sharing Via Zero-Knowledge Proofs [1.0896567381206717]
  A Software Bill of Materials (SBOM) is a structured inventory of the components, dependencies, and associated metadata of a software artifact.<n>We present VeriSBOM, a framework that provides cryptographic verifiability of SBOMs using zero-knowledge proofs.
  arXiv  Detail & Related papers  (2026-02-14T09:07:14Z)
• Aegis: Towards Governance, Integrity, and Security of AI Voice Agents [52.7512082818639]
  We propose Aegis, a framework for the governance, integrity, and security of voice agents.<n>We evaluate the framework through case studies in banking call centers, IT Support, and logistics.<n>We observe systematic differences across model families, with open-weight models exhibiting higher susceptibility.
  arXiv  Detail & Related papers  (2026-02-07T05:51:36Z)
• Towards Verifiably Safe Tool Use for LLM Agents [53.55621104327779]
  Large language model (LLM)-based AI agents extend capabilities by enabling access to tools such as data sources, APIs, search engines, code sandboxes, and even other agents.<n>LLMs may invoke unintended tool interactions and introduce risks, such as leaking sensitive data or overwriting critical records.<n>Current approaches to mitigate these risks, such as model-based safeguards, enhance agents' reliability but cannot guarantee system safety.
  arXiv  Detail & Related papers  (2026-01-12T21:31:38Z)
• Towards Trusted Service Monitoring: Verifiable Service Level Agreements [37.76528129929801]
  Service Level Agreement (SLA) monitoring in service-oriented environments suffers from inherent trust conflicts when providers self-report metrics.<n>We introduce a framework for generating verifiable SLA violation claims through trusted hardware monitors and zero-knowledge proofs.
  arXiv  Detail & Related papers  (2025-10-15T10:02:29Z)
• Context Lineage Assurance for Non-Human Identities in Critical Multi-Agent Systems [0.08316523707191924]
  We introduce a cryptographically grounded mechanism for lineage verification, anchored in append-only Merkle tree structures.<n>Unlike traditional A2A models that primarily secure point-to-point interactions, our approach enables both agents and external verifiers to cryptographically validate multi-hop provenance.<n>In parallel, we augment the A2A agent card to incorporate explicit identity verification primitives, enabling both peer agents and human approvers to authenticate the legitimacy of NHI representations.
  arXiv  Detail & Related papers  (2025-09-22T20:59:51Z)
• SilentLedger: Privacy-Preserving Auditing for Blockchains with Complete Non-Interactivity [38.520950743840785]
  SilentLedger is a privacy-preserving transaction system with auditing and complete non-interactivity.<n>We formally prove security properties including authenticity, anonymity, confidentiality, and soundness.<n>Our implementation and benchmarks demonstrate that SilentLedger achieves superior performance compared with state-of-the-art solutions.
  arXiv  Detail & Related papers  (2025-09-10T16:14:34Z)
• Beyond Jailbreaking: Auditing Contextual Privacy in LLM Agents [43.303548143175256]
  This study proposes an auditing framework for conversational privacy that quantifies an agent's susceptibility to risks.<n>The proposed Conversational Manipulation for Privacy Leakage (CMPL) framework is designed to stress-test agents that enforce strict privacy directives.
  arXiv  Detail & Related papers  (2025-06-11T20:47:37Z)
• Information Bargaining: Bilateral Commitment in Bayesian Persuasion [60.3761154043329]
  We introduce a unified framework and a well-structured solution concept for long-term persuasion.<n>This perspective makes explicit the common knowledge of the game structure and grants the receiver comparable commitment capabilities.<n>The framework is validated through a two-stage validation-and-inference paradigm.
  arXiv  Detail & Related papers  (2025-06-06T08:42:34Z)
• Attention Knows Whom to Trust: Attention-based Trust Management for LLM Multi-Agent Systems [52.57826440085856]
  Large Language Model-based Multi-Agent Systems (LLM-MAS) have demonstrated strong capabilities in solving complex tasks but remain vulnerable when agents receive unreliable messages.<n>This vulnerability stems from a fundamental gap: LLM agents treat all incoming messages equally without evaluating their trustworthiness.<n>We propose Attention Trust Score (A-Trust), a lightweight, attention-based method for evaluating message trustworthiness.
  arXiv  Detail & Related papers  (2025-06-03T07:32:57Z)
• Accountable, Scalable and DoS-resilient Secure Vehicular Communication [0.27624021966289597]
  broadcasted Cooperative Awareness Messages (CAMs) and Decentralized Environmental Notification Messages (DENMs) are pseudonymous authenticated for security and privacy protection.<n>This creates an asymmetry that can be easily exploited by external adversaries to launch a clogging Denial of Service (DoS) attack.<n>We propose efficient cryptographic constructs, which we term message verification facilitators, to prioritize processing resources for verification of potentially valid messages.
  arXiv  Detail & Related papers  (2025-05-28T09:25:34Z)
• Communication-Efficient and Privacy-Adaptable Mechanism for Federated Learning [54.20871516148981]
  We introduce the Communication-Efficient and Privacy-Adaptable Mechanism (CEPAM)<n>CEPAM achieves communication efficiency and privacy protection simultaneously.<n>We theoretically analyze the privacy guarantee of CEPAM and investigate the trade-offs among user privacy and accuracy of CEPAM.
  arXiv  Detail & Related papers  (2025-01-21T11:16:05Z)
• Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems [43.253676241213626]
  We propose an architecture for blockchain-based PAISs to preserve confidentiality and transparency.<n>Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information.<n>We assess the security of our solution through a systematic threat model analysis and evaluate its practical feasibility.
  arXiv  Detail & Related papers  (2024-12-07T20:18:36Z)
• A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
  The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
  arXiv  Detail & Related papers  (2024-01-19T14:52:04Z)
• FedGT: Identification of Malicious Clients in Federated Learning with Secure Aggregation [69.75513501757628]
  FedGT is a novel framework for identifying malicious clients in federated learning with secure aggregation. We show that FedGT significantly outperforms the private robust aggregation approach based on the geometric median recently proposed by Pillutla et al.
  arXiv  Detail & Related papers  (2023-05-09T14:54:59Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.