All the traffic that is sent over our network is end-to-end encrypted. The ancillary messages, that network nodes send to each other to maintain the system, are also encrypted and some of them are signed. The traffic never leaves or enters the network unless specified by the user.
We use signed public keys to authenticate network nodes. We use the same keys as the addresses of the nodes to get additional protection from man-in-the-middle
.Key exchange: X25519
(signed by a network-wide ED25519 key).Key size:
We use state-of-the-art authenticated encryption
, optimized for resource-constrained IoT devices, to encrypt the data sent over the network.Authenticated encryption (AEAD): ChaCha20—Poly1305
We use audited cryptographic libraries and memory-safe programming language.Libraries: Dalek cryptography