Semantic Non-Assembly: Privacy by Architectural Inertness Under Component Exposure

Sam Ryan

arxiv: 2606.22311 · v1 · pith:HRNQ44DRnew · submitted 2026-06-21 · 💻 cs.CR · cs.CY· cs.DC

Semantic Non-Assembly: Privacy by Architectural Inertness Under Component Exposure

Sam Ryan This is my paper

Pith reviewed 2026-06-26 10:31 UTC · model grok-4.3

classification 💻 cs.CR cs.CYcs.DC

keywords semantic non-assemblyprivacy guaranteearchitectural securitycomponent exposureprovenance architectureproverif verificationbirthmark standard

0 comments

The pith

An architecture satisfies Semantic Non-Assembly when no coalition of fewer than a threshold of components can assemble an assignment that yields actionable data even after full exposure.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper defines Semantic Non-Assembly as a privacy guarantee that focuses on the information yield of exposure rather than preventing exposure itself. Privacy holds because any sub-threshold set of components lacks enough information to evaluate a designated predicate, regardless of decryption. This property is enforced structurally by a two-channel provenance architecture instead of by policy or computational hardness. The architecture is shown to satisfy four properties verified in ProVerif, and a Birthmark Standard instantiation demonstrates it on constrained hardware where zero-knowledge techniques are impractical.

Core claim

Semantic Non-Assembly is satisfied when no coalition of fewer than a defined threshold of components can assemble a sufficient assignment to the input domain of a designated predicate. Complete exposure and decryption of any sub-threshold component therefore yields no actionable data. The guarantee is structural, operating through architecture rather than policy, and its properties degrade predictably under compromise. The reference construction uses a two-channel provenance architecture to achieve Device Non-Correlation, Registry Observer Non-Identification, Submission Server Blindness, and Active Defense Gate correctness, all verified in ProVerif.

What carries the argument

The two-channel provenance architecture that separates channels so exposure of any sub-threshold set of components leaves no complete assignment to the predicate.

If this is right

Privacy properties degrade predictably under progressive component compromise rather than failing at a single breach point.
The Birthmark Standard enables the guarantee on constrained capture hardware where zero-knowledge methods are computationally infeasible.
Device Non-Correlation, Registry Observer Non-Identification, and Submission Server Blindness are obtained directly from the two-channel separation.
Audited organizational constraints can be combined with the structural guarantee without altering its core properties.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Designs that separate information across channels may reduce reliance on encryption strength alone for privacy.
The same inertness principle could be examined in other multi-component systems such as distributed ledgers or sensor networks.
Prototype implementations could be tested by measuring whether sub-threshold exposure ever produces predicate-evaluable data under realistic compromise scenarios.

Load-bearing premise

A two-channel provenance architecture can be realized such that the structural guarantee holds and the four ProVerif properties are preserved under the modeled threat model.

What would settle it

An explicit construction or simulation in which a coalition of fewer than the threshold number of components assembles a complete assignment and extracts actionable data after exposure and decryption.

Figures

Figures reproduced from arXiv: 2606.22311 by Sam Ryan.

**Figure 1.** Figure 1: System architecture overview. The Consortium Node (yellow) houses the Submission Server and Blockchain [PITH_FULL_IMAGE:figures/full_fig_p005_1.png] view at source ↗

**Figure 2.** Figure 2: Targeted privacy attack traversal and automated interception. An attacker with sequential access to SS1, [PITH_FULL_IMAGE:figures/full_fig_p010_2.png] view at source ↗

read the original abstract

Existing privacy frameworks emphasize confidentiality, access control, appropriate information flow, or statistical disclosure limitation. We introduce a complementary class of privacy guarantee (Semantic Non-Assembly) in which privacy is characterized not by the difficulty of achieving exposure but by the information yield of exposure when it occurs. SNA prevents evaluation of a designated predicate by preventing any sub-threshold coalition from assembling a sufficient assignment to its input domain. An architecture satisfies Semantic Non-Assembly when no coalition of fewer than a defined threshold of components can assemble such an assignment: complete exposure and decryption of any sub-threshold component yields no actionable data. In the base protocol, the guarantee is structural: it operates through architecture, not policy, and its privacy properties degrade predictably under component compromise rather than collapsing at a single point. The reference instantiation combines this structural guarantee with audited organizational constraints, as characterized in Appendix A. This paper formalizes the guarantee and establishes four ProVerif-verified properties: Device Non-Correlation, Registry Observer Non-Identification, Submission Server Blindness, and Active Defense Gate correctness, the first three through a two-channel provenance architecture. The Birthmark Standard instantiates the guarantee on constrained capture hardware, demonstrating deployability where ZK-based approaches are computationally infeasible. All formal properties and scope limitations are documented in Appendix A.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

Semantic Non-Assembly frames privacy as structural prevention of predicate input assembly, with ProVerif checks on a two-channel model, but the verification does not cover the predicate semantics or actionable data definition.

read the letter

The paper introduces Semantic Non-Assembly as a privacy guarantee where no sub-threshold coalition can assemble inputs sufficient to evaluate a designated predicate, even under full exposure. The claim is that this holds structurally through architecture rather than policy, with predictable degradation, and it is instantiated on constrained hardware via the Birthmark Standard.

It separates this approach from confidentiality, access control, and statistical methods, and the focus on devices where zero-knowledge proofs are infeasible is a practical distinction. The two-channel provenance architecture and the four ProVerif properties (Device Non-Correlation, Registry Observer Non-Identification, Submission Server Blindness, Active Defense Gate correctness) give a concrete formal anchor.

The soft spot is that those properties are standard reachability and equivalence queries. They do not encode the predicate, its input domain structure, or the notion of an actionable partial assignment. The semantic non-assembly guarantee therefore depends on an interpretive step beyond the verified statements, and the structural claim carries the same limitation once the model is left.

This is for privacy researchers working on architectural invariants and constrained hardware. It shows clear engagement with the literature and formal tools, so it deserves a serious referee even with the gap in the semantic modeling.

Referee Report

2 major / 2 minor

Summary. The paper introduces Semantic Non-Assembly (SNA), a privacy guarantee in which no coalition of fewer than a defined threshold of components can assemble a sufficient assignment to evaluate a designated predicate, even under complete exposure and decryption. Privacy is achieved structurally through a two-channel provenance architecture rather than policy, with the guarantee degrading predictably under compromise. The work verifies four properties (Device Non-Correlation, Registry Observer Non-Identification, Submission Server Blindness, Active Defense Gate correctness) using ProVerif on the base protocol and instantiates the approach via the Birthmark Standard on constrained capture hardware where ZK techniques are infeasible. All formal properties and limitations are stated in Appendix A.

Significance. If the architectural inertness claim holds, SNA would provide a complementary privacy primitive that emphasizes information yield under exposure rather than preventing exposure, with graceful degradation and deployability on low-resource hardware. The explicit ProVerif verification of the four properties and the concrete Birthmark Standard instantiation are positive contributions that could be extended to other threshold-based settings.

major comments (2)

[Abstract and base protocol description] The four ProVerif properties (Device Non-Correlation, Registry Observer Non-Identification, Submission Server Blindness, Active Defense Gate correctness) are standard reachability and equivalence queries on the two-channel provenance model. They do not encode the designated predicate, its input domain structure, or the definition of 'actionable data,' so they do not establish that sub-threshold exposure yields no sufficient assignment for predicate evaluation. This gap is load-bearing for the central SNA claim (Abstract; base protocol description).
[Abstract and Appendix A] The assertion that the guarantee 'operates through architecture, not policy' and 'degrades predictably under component compromise' is not supported by the verified properties, which address cryptographic invariants rather than the semantic assembly of predicate inputs. An explicit model linking the two-channel architecture to the threshold on predicate assignments is required (Abstract; Appendix A).

minor comments (2)

[base protocol description] Clarify the exact definition of the coalition threshold and how it is enforced in the two-channel model without additional policy assumptions.
[Appendix A] The reference to 'audited organizational constraints' in Appendix A should be expanded with a brief summary of their interaction with the architectural guarantee.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their detailed review and for highlighting the need to strengthen the link between the verified properties and the Semantic Non-Assembly claim. We address each major comment below and will revise the manuscript accordingly.

read point-by-point responses

Referee: [Abstract and base protocol description] The four ProVerif properties (Device Non-Correlation, Registry Observer Non-Identification, Submission Server Blindness, Active Defense Gate correctness) are standard reachability and equivalence queries on the two-channel provenance model. They do not encode the designated predicate, its input domain structure, or the definition of 'actionable data,' so they do not establish that sub-threshold exposure yields no sufficient assignment for predicate evaluation. This gap is load-bearing for the central SNA claim (Abstract; base protocol description).

Authors: We agree that the properties are reachability and equivalence queries and do not directly encode the predicate or 'actionable data.' The two-channel architecture structurally separates data such that sub-threshold coalitions cannot assemble sufficient inputs, which the properties establish via non-correlation and blindness. We will revise the base protocol description to add an explicit definition of 'sufficient assignment' and a lemma in Appendix A mapping the properties to the non-assembly guarantee for the designated predicate. revision: yes
Referee: [Abstract and Appendix A] The assertion that the guarantee 'operates through architecture, not policy' and 'degrades predictably under component compromise' is not supported by the verified properties, which address cryptographic invariants rather than the semantic assembly of predicate inputs. An explicit model linking the two-channel architecture to the threshold on predicate assignments is required (Abstract; Appendix A).

Authors: The properties confirm that the architectural separation prevents the assembly of predicate inputs even under exposure, supporting the claim of operation through architecture rather than policy. We acknowledge that an explicit linking model is required and will add this to Appendix A, including a description of predictable degradation as additional components are compromised up to the threshold. revision: yes

Circularity Check

0 steps flagged

No significant circularity; central claim uses external verification

full rationale

The paper defines Semantic Non-Assembly directly via its predicate-assembly criterion and then separately establishes four ProVerif properties on the two-channel model. No equations or steps reduce the SNA guarantee to fitted parameters, self-citations, or prior author ansatzes by construction. Verification is attributed to an external tool (ProVerif) whose queries are reachability/equivalence statements independent of the semantic predicate interpretation. This satisfies the self-contained benchmark rule; the interpretive step from properties to 'actionable data' is a modeling choice, not a definitional loop.

Axiom & Free-Parameter Ledger

1 free parameters · 1 axioms · 1 invented entities

The central claim rests on the definitional threshold and the assumption that the architecture enforces non-assembly structurally; verification depends on the ProVerif model being faithful.

free parameters (1)

coalition threshold
The minimum number of components required to assemble a sufficient assignment is a design parameter in the definition of the guarantee.

axioms (1)

domain assumption ProVerif correctly verifies the modeled protocol properties under the stated threat model
The four properties (Device Non-Correlation, Registry Observer Non-Identification, Submission Server Blindness, Active Defense Gate correctness) are established through ProVerif verification.

invented entities (1)

Semantic Non-Assembly no independent evidence
purpose: New class of privacy guarantee based on architectural inertness
Defined as complementary to existing frameworks emphasizing confidentiality or access control.

pith-pipeline@v0.9.1-grok · 5756 in / 1369 out tokens · 49829 ms · 2026-06-26T10:31:53.921971+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

15 extracted references · 6 canonical work pages

[1]

C2PA Technical Specification, Version 2.1

Coalition for Content Provenance and Authenticity. C2PA Technical Specification, Version 2.1. September 2024. https://spec.c2pa.org/specifications/specifications/2.1/

2024
[2]

An Efficient Cryptographic Protocol Verifier Based on Prolog Rules

Blanchet, B. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. CSFW 2001

2001
[3]

Wood, G. et al. Polkadot: Vision for a Heterogeneous Multi-Chain Framework. 2016

2016
[4]

The Birthmark Standard: Privacy -Preserving Photo Authentication via Hardware Roots of Trust and Consortium Blockchain

Ryan, S. The Birthmark Standard: Privacy -Preserving Photo Authentication via Hardware Roots of Trust and Consortium Blockchain. arXiv:2602.04933, 2026. (arXiv preprint; not independently peer-reviewed at time of this submission.)

arXiv 2026
[5]

ZPiE: Zero -Knowledge Proofs in Embedded Systems

Salleras, X.; Daza, V. ZPiE: Zero -Knowledge Proofs in Embedded Systems. Mathematics 2021, 9(20), 2569. https://doi.org/10.3390/math9202569

work page doi:10.3390/math9202569 2021
[6]

2024 Data Breach Investigations Report

Verizon. 2024 Data Breach Investigations Report. Verizon Business, 2024

2024
[7]

The Protection of Information in Computer Systems

Saltzer, J.H.; Schroeder, M.D. The Protection of Information in Computer Systems. Proceedings of the IEEE, 63(9), 1278 – 1308, 1975

1975
[8]

On the size of pairing-based non-interactive arguments

Groth, J. On the Size of Pairing-Based Non-Interactive Arguments. EUROCRYPT 2016, LNCS vol. 9666, pp. 305–326. DOI: 10.1007/978-3-662-49896-5_11

work page doi:10.1007/978-3-662-49896-5_11 2016
[9]

Privacy by Design: The 7 Foundational Principles

Cavoukian, A. Privacy by Design: The 7 Foundational Principles. IPC Ontario, revised January 2011

2011
[10]

Reconciling Two Views of Cryptography

Abadi, M.; Rogaway, P. Reconciling Two Views of Cryptography. Journal of Cryptology, 15(2), 103 –127, 2002. DOI: 10.1007/s00145-002-0103-3

work page doi:10.1007/s00145-002-0103-3 2002
[11]

Random Graphs,

Bernstein, D.J.; Schwabe, P. NEON Crypto. CHES 2012. LNCS vol. 7428, pp. 320 –339. DOI: 10.1007/978 -3-642-33027- 8_19

work page doi:10.1007/978 2012
[12]

Bernstein, D.J.; Lange, T. (eds.). eBACS: ECRYPT Benchmarking of Cryptographic Systems. https://bench.cr.yp.to (accessed 2026)

2026
[13]

Completeness Theorems for Non -Cryptographic Fault -Tolerant Distributed Computation

Ben-Or, M.; Goldwasser, S.; Wigderson, A. Completeness Theorems for Non -Cryptographic Fault -Tolerant Distributed Computation. STOC 1988, pp. 1–10. DOI: 10.1145/62212.62213

work page doi:10.1145/62212.62213 1988
[14]

Privacy as Contextual Integrity

Nissenbaum, H. Privacy as Contextual Integrity. Washington Law Review, 79(1), 119–158, 2004

2004
[15]

Proceedings of the Third Conference on Theory of Cryptography , pages =

Dwork, C.; McSherry, F.; Nissim, K.; Smith, A. Calibrating Noise to Sensitivity in Private Data Analysis. TCC 2006, LNCS vol. 3876, pp. 265–284. DOI: 10.1007/11681878_14. APPENDIX A: PROVERIF FORMAL VERIFICATION A.1 Overview This appendix presents the formal verification of the privacy properties described in Sections 4 and 5.2 using ProVerif, a cryptogra...

work page doi:10.1007/11681878_14 2006

[1] [1]

C2PA Technical Specification, Version 2.1

Coalition for Content Provenance and Authenticity. C2PA Technical Specification, Version 2.1. September 2024. https://spec.c2pa.org/specifications/specifications/2.1/

2024

[2] [2]

An Efficient Cryptographic Protocol Verifier Based on Prolog Rules

Blanchet, B. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. CSFW 2001

2001

[3] [3]

Wood, G. et al. Polkadot: Vision for a Heterogeneous Multi-Chain Framework. 2016

2016

[4] [4]

The Birthmark Standard: Privacy -Preserving Photo Authentication via Hardware Roots of Trust and Consortium Blockchain

Ryan, S. The Birthmark Standard: Privacy -Preserving Photo Authentication via Hardware Roots of Trust and Consortium Blockchain. arXiv:2602.04933, 2026. (arXiv preprint; not independently peer-reviewed at time of this submission.)

arXiv 2026

[5] [5]

ZPiE: Zero -Knowledge Proofs in Embedded Systems

Salleras, X.; Daza, V. ZPiE: Zero -Knowledge Proofs in Embedded Systems. Mathematics 2021, 9(20), 2569. https://doi.org/10.3390/math9202569

work page doi:10.3390/math9202569 2021

[6] [6]

2024 Data Breach Investigations Report

Verizon. 2024 Data Breach Investigations Report. Verizon Business, 2024

2024

[7] [7]

The Protection of Information in Computer Systems

Saltzer, J.H.; Schroeder, M.D. The Protection of Information in Computer Systems. Proceedings of the IEEE, 63(9), 1278 – 1308, 1975

1975

[8] [8]

On the size of pairing-based non-interactive arguments

Groth, J. On the Size of Pairing-Based Non-Interactive Arguments. EUROCRYPT 2016, LNCS vol. 9666, pp. 305–326. DOI: 10.1007/978-3-662-49896-5_11

work page doi:10.1007/978-3-662-49896-5_11 2016

[9] [9]

Privacy by Design: The 7 Foundational Principles

Cavoukian, A. Privacy by Design: The 7 Foundational Principles. IPC Ontario, revised January 2011

2011

[10] [10]

Reconciling Two Views of Cryptography

Abadi, M.; Rogaway, P. Reconciling Two Views of Cryptography. Journal of Cryptology, 15(2), 103 –127, 2002. DOI: 10.1007/s00145-002-0103-3

work page doi:10.1007/s00145-002-0103-3 2002

[11] [11]

Random Graphs,

Bernstein, D.J.; Schwabe, P. NEON Crypto. CHES 2012. LNCS vol. 7428, pp. 320 –339. DOI: 10.1007/978 -3-642-33027- 8_19

work page doi:10.1007/978 2012

[12] [12]

Bernstein, D.J.; Lange, T. (eds.). eBACS: ECRYPT Benchmarking of Cryptographic Systems. https://bench.cr.yp.to (accessed 2026)

2026

[13] [13]

Completeness Theorems for Non -Cryptographic Fault -Tolerant Distributed Computation

Ben-Or, M.; Goldwasser, S.; Wigderson, A. Completeness Theorems for Non -Cryptographic Fault -Tolerant Distributed Computation. STOC 1988, pp. 1–10. DOI: 10.1145/62212.62213

work page doi:10.1145/62212.62213 1988

[14] [14]

Privacy as Contextual Integrity

Nissenbaum, H. Privacy as Contextual Integrity. Washington Law Review, 79(1), 119–158, 2004

2004

[15] [15]

Proceedings of the Third Conference on Theory of Cryptography , pages =

Dwork, C.; McSherry, F.; Nissim, K.; Smith, A. Calibrating Noise to Sensitivity in Private Data Analysis. TCC 2006, LNCS vol. 3876, pp. 265–284. DOI: 10.1007/11681878_14. APPENDIX A: PROVERIF FORMAL VERIFICATION A.1 Overview This appendix presents the formal verification of the privacy properties described in Sections 4 and 5.2 using ProVerif, a cryptogra...

work page doi:10.1007/11681878_14 2006