Skip to content

AP3 - Architecture

AP3 adds a privacy layer to the inter-agent communication stack, so agents can jointly compute over their inputs without any party seeing the other's data or the computation function logic.

The inputs to the joint private compute never leave the initiating agent, nor are transmitted to the network. The approach rests on two cryptographic building blocks composed into a single protocol surface:

  • Secure Multi-Party Computation (SMPC) for joint evaluation of functions over inputs (context and memory fabric) held privately by each agent.
  • Trusted Execution Environment (TEE) attestation, as a complement to SMPC for execution integrity and hardware-rooted trust.

As the result of the computation, only the minimal inference or proof is disclosed to the calling agent. The inference returned to a calling agent is scoped to what the workflow requires: a boolean outcome such as a sanctions-screening result, a bounded risk score, a negotiated price, a verified set intersection, or a signed compliance attestation.


AP3 architecture across two trust zones: distributed collective intelligence without surrendering private context

Core Principles

AP3 is designed around four fundamental principles:

  1. Privacy by Design: All computations preserve the confidentiality of private inputs through cryptographic techniques
  2. Verifiable Computation: Results can be cryptographically verified without revealing the computation process or inputs
  3. Interoperability: Built as an A2A extension, AP3 works with any compliant agent framework
  4. Composability: Privacy operations can be combined and chained to create complex multi-party workflows

AP3 introduces below concepts to enable privacy-preserving computation:

Sequence Diagram (example)

Let's take an example of XYZ agent who wants to find suitable partners for a blacklist of 5000 entries with 5 fields and ABC agent who wants to compute the intersection of their private sets.

sequenceDiagram
    autoNumber
    participant I as ABC (ap3_initiator)
    participant R as XYZ (ap3_receiver)

    rect rgb(240, 240, 240)
    Note over I, R: 1. Agent Discovery
    I->>R: GET agent card eg: (/.well-known/agent-card.json)
    R-->>I: Returns Agent Card
    end

    rect rgb(240, 240, 240)
    Note over I, R: 2. AP3 compatibility
    I->>I: Parse Agent Card for compatibility <br/>(Roles, Commitments, Operations)<br/>
    end

    rect rgb(240, 240, 240)
    Note over I, R: 3. Start the protocol
    I->>R: Initiate privacy operation via Intent Directive
    R-->>I: ACK/Validate Intent
    I->>R: Encrypted data A (msg1)
    R->>I: Encrypted data B (msg2)
    end

    rect rgb(240, 240, 240)
    Note over I, R: 4. Operation Results
    R->>I: Result of the operations via Result Directive
    I->>I: Verify proofs and result_hash
    end