# Attribution Boundary
## Forensic Provenance Protocol (FPP)
## 1. Purpose
This document defines the **strict boundary between provenance analysis and attribution** within the Forensic Provenance Protocol (FPP).
FPP is a protocol for reconstructing **how value moved**, not **who controlled it**.
Any interpretation that crosses this boundary is **out of scope**, **non-compliant**, and **not supported by the protocol**.
## 2. Definitions
### 2.1 Provenance
**Provenance** answers questions of the form:
* How did value flow through the ledger?
* What transformations occurred?
* Where did uncertainty increase or decay?
* What are the observable transactional relationships?
Provenance is **mechanical, ledger-derived, and deterministic**.
### 2.2 Attribution
**Attribution** answers questions of the form:
* Who owns this address?
* Who controlled these funds?
* Who is responsible for this transaction?
* What entity is behind this activity?
Attribution is **interpretive**, **contextual**, and often **off-chain**.
## 3. Hard Boundary Rule
**FPP MUST NOT perform attribution.**
This includes, but is not limited to:
* Identity inference
* Ownership claims
* Control assertions
* Behavioral profiling
* Intent speculation
Any output suggesting such conclusions is **outside protocol scope**.
## 4. What FPP Explicitly Allows
FPP MAY:
* Trace value flows across transactions
* Represent uncertainty explicitly
* Model obfuscation mechanisms
* Quantify confidence decay
* Present multiple possible paths
* Show convergence and divergence points
All results are **descriptive**, not accusatory.
## 5. What FPP Explicitly Forbids
FPP MUST NOT:
* Claim or imply that an address belongs to a person
* Collapse probabilistic paths into certainty
* Label nodes as “owners,” “actors,” or “entities”
* Assign responsibility or intent
* De-anonymize mixer participants
* Bypass anonymity guarantees
These actions violate protocol invariants.
## 6. Relationship to Confidence
Confidence values represent **linkage certainty**, not attribution likelihood.
Forbidden interpretations include:
* “90% likely owned by X”
* “High confidence this address belongs to Y”
* “Most probable controller”
Such interpretations are **invalid uses** of protocol output.
## 7. Exchange, Custodian, and Service Boundaries
When funds interact with:
* Exchanges
* Custodians
* Mixers
* Bridges
* Smart contracts
FPP may model **transactional interaction**, but must not:
* Attribute internal ownership
* Infer user identity
* Assume custody semantics beyond ledger facts
## 8. Synthetic Nodes and Attribution Risk
Synthetic nodes exist to:
* Represent aggregation
* Model anonymity sets
* Group known protocol structures
They MUST NOT be interpreted as real-world entities.
Labeling synthetic nodes as actors is forbidden.
## 9. Legal and Ethical Neutrality
FPP is:
* Jurisdiction-agnostic
* Policy-neutral
* Non-enforcement
* Non-accusatory
The protocol provides **information**, not conclusions.
Downstream use is the responsibility of the user, not the protocol.
## 10. Misuse Detection and Non-Compliance
Any implementation that:
* Adds identity heuristics
* Performs attribution
* Presents probabilistic output as certainty
* Hides uncertainty
is **non-compliant with FPP**.
Such behavior invalidates protocol claims.
## 11. Relationship to Other Documents
* PROTOCOL.md
→ Defines provenance mechanics
* INVARIANTS.md
→ Forbids attribution implicitly and explicitly
* CONFIDENCE\_MODEL.md
→ Prevents probabilistic misuse
* THREAT\_MODEL.md
→ Identifies misuse as an adversarial threat
## 12. Versioning
This attribution boundary applies to **FPP v0.1**.
Any change that weakens this boundary **requires full protocol review**.