HDP-P Physical Safety Demo
Gemma (gemma-4-31b-it via Google AI Studio) plans every robot action from natural language.
HDP-P cryptographically verifies each Gemma action before the arm moves.
Run the routine → inject an attack → toggle HDP-P to see the difference. [OK] Gemma connected — live inference active.
[GUARD] HDP-P ON — PreExecutionGuard verifies every Gemma action.
No attack injected yet.
Run the routine or inject an attack to see Gemma's raw output.
Architecture
User task description
│
▼
Gemma (gemma-4-31b-it via Google AI Studio)
← adversary injects text here to poison Gemma's output
│ generates: RobotAction(zone, force_n, velocity_ms)
▼
PreExecutionGuard (6-gate check against signed EDT)
│ blocks or approves
▼
Robot arm executes (or doesn't)
Six Gates
| Gate | Checks |
|---|---|
| 1 · Signature | Ed25519 signature on the EDT is valid |
| 2 · class3_prohibited | Action not Class 3 when EDT forbids it |
| 3 · class_ceiling | Action class ≤ EDT max_class |
| 4 · excluded_zone | Target zone not in excluded_zones |
| 5 · force_limit | force_n ≤ max_force_n (35 N) |
| 6 · velocity_limit | velocity_ms ≤ max_velocity_ms (0.4 m/s) |
Attack
Injected text forces Gemma to output force_n=50 N, zone=human-workspace,
velocity_ms=2.0 — all Class 3 triggers. Guard blocks at gate 2 (class3_prohibited).