Security

Our goal is to use state-of-the-art cryptography and prefer ciphers that are optimized for resource-constrained hardware whenever possible.

All the traffic that is sent over our network is end-to-end encrypted. The ancillary messages, that network nodes send to each other to maintain the system, are also encrypted and some of them are signed. The traffic never leaves or enters the network unless specified by the user.

We use signed public keys to authenticate network nodes. We use the same keys as the addresses of the nodes to get additional protection from man-in-the-middle attacks.

Signatures: ED25519.
Key exchange: X25519 (signed by a network-wide ED25519 key).
Key size: 256 bit.

We use state-of-the-art authenticated encryption, optimized for resource-constrained IoT devices, to encrypt the data sent over the network.

Authenticated encryption (AEAD): ChaCha20—Poly1305.
Key size: 256 bit.

We use audited cryptographic libraries and memory-safe programming language.

Libraries: Dalek cryptography.
Language: Rust.