Guardian SDK

This project is a decentralized DDoS protection network built for Web3 systems like state channels, P2P networks, and WebSockets — areas where traditional cloud-based protections like AWS Shield or Cloudflare struggle. Instead of relying on one central server, it uses Programmable Key Pairs (PKPs) that run smart logic (“Lit Actions”) to collectively decide if incoming traffic is safe or malicious. These PKPs act like a distributed security team — if most of them (say 3 out of 4) approve a message, it goes through; if not, the message is blocked and flagged for on-chain review.

In normal operation, users send signed messages to a broker, which shares the traffic with all PKPs in parallel. Each PKP checks things like rate limits, digital signatures, and sender reputation before voting to ALLOW or BLOCK. This happens in milliseconds, so even at large scales, legitimate traffic flows smoothly. When malicious traffic is detected — like a botnet flood or fake connections — the PKPs coordinate to block it instantly.

Disputed or malicious events are sent to an L2 blockchain called Arcology, which acts as a parallel dispute resolver. It verifies PKP signatures, slashes the attacker’s on-chain stake, and rewards the PKPs that caught the attack. This gives the system an economic deterrent — attacking the network costs real money, while protecting it earns rewards for honest participants.

To understand why this matters, think about what happens when AWS goes down. A single misconfiguration or attack on AWS can knock out thousands of websites globally because it’s centralized — one failure cascades through everything. In contrast, this system can’t “go down” in the same way. Even if a few PKPs fail or get compromised, others keep running and verifying traffic. It’s like having dozens of independent AWS Shields verifying traffic together instead of one.

The result is a self-healing, decentralized firewall for Web3 that doesn’t rely on any single company or data center. It combines blockchain economics, distributed security logic, and parallel on-chain validation to keep decentralized applications online — even under massive attack — without a single point of failure.

We built the system as a multi-layer decentralized network that combines real-time message verification with on-chain economic security. The core idea was to move DDoS protection logic — usually centralized in cloud firewalls like AWS Shield — into a network of programmable cryptographic nodes (PKPs) that can independently verify traffic and reach consensus.

At the heart of it, each PKP Guardian runs a Lit Action, written in JavaScript, that analyzes incoming traffic from the broker. These Lit Actions perform checks like signature validation, message rate analysis, replay detection, and reputation scoring. Once a decision (ALLOW/BLOCK) is made, the PKP signs it cryptographically and returns it to the broker.

The Network Broker is built in Node.js and handles the real-time WebSocket traffic. It batches and forwards incoming messages to PKPs, aggregates their signed responses, and enforces a simple consensus rule (e.g., 3 out of 4 PKPs must approve a message). For performance testing, we simulated over 10,000 messages/second, and the broker was able to reach consensus with sub-second latency.

All disputes and attack evidence are submitted to Arcology, an L2 blockchain optimized for parallel execution. We wrote smart contracts in Solidity that verify PKP signatures, handle slashing of malicious actors, and reward PKPs that participated in correct decisions. Arcology’s parallelism allowed us to process multiple disputes at once — a huge improvement over the serial bottlenecks of standard EVM chains.

We used Lit Protocol for distributed key management, WebSockets for real-time communication, and Ethers.js for message signing and signature recovery. To test traffic behavior, we created a mock attack simulator that generated fake clients flooding the broker — this helped us tune rate limits and verify the PKPs’ decision accuracy.

A particularly hacky part was getting the PKP network to act like a distributed AWS Shield. Instead of one global firewall, we made each PKP independently verify packets and reach majority consensus before any message touched the state channel — effectively decentralizing DDoS filtering.