gnunet-handbook

The GNUnet Handbook
Log | Files | Refs
commit 9eb89cf0a2db9d8fb74b97c31ae6bc8cc4c57936
parent c9226e81ae603125f90802f866cf39350367a4a9
Author: Martin Schanzenbach <schanzen@gnunet.org>
Date:   Mon,  8 Jun 2026 19:07:58 +0200

more crypto

Diffstat:

Mabout.rst | 14++++++++++----


1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/about.rst b/about.rst
@@ -285,7 +285,7 @@ From the lowest layer to the applications layer, the securty goals and associate
 
 1. Base layer (Communicators/TRANSPORT): This layer optionally provides steganographic and ad-hoc security guarantees against external adversaries that largely depend on the communicator(s) used. For example, use of the HTTP3/QUIC communicator will use TLS and try to validate a certificate signed by the peer we want to connect to. Other communicators may not provide the same properties.
   - QUIC Communicator: Appears to be a regular TLS connection (EdDSA/X25519).
-  - TCP Communicator: Uses Diffie-Hellman with Elligator to appear as random noise (`LSD 0011 <https://lsd.gnunet.org/lsd0011/>`_).
+  - TCP/UDP Communicator: Uses Diffie-Hellman with Elligator (`LSD 0011 <https://lsd.gnunet.org/lsd0011/>`_) to look like random noise.
 2. Peer connectivity and routing layer (CORE, R5N): This layer provides a secure channel between two (physically) connected peers. Peers are mutually authenticated and a secure cryptographic channel is established, but there is no particular trust required between the communication partners. It does not assume any security guarantees from the previous layer. It provides confidential communication in the face of an external adversary. The R5N uses this layer to establish an overlay network (DHT).
   - CORE: DTLS-style KEMTLS called CAKE with EdDSA and X25519. Specification: `LSD 0012 <https://lsd.gnunet.org/lsd0012/>`_
   - R5N: EdDSA signatures for route recording: `LSD 0004 <https://lsd.gnunet.org/lsd0004/>`_
@@ -302,9 +302,15 @@ Cryptographic Inventory
 ~~~~~~~~~~~~~~~~~~~~~~~
 
 GNUnet makes heavy use of standard, well-tested cryptographic primitives to
-implement its protocols.
-The primary symmetric encryption primitive in use is ChaCha20-Poly1305.
-The primary asymmetric primitives in use are EdDSA and X25519.
+implement its protocols. The primary primtives are:
+
+- Digital signatures: For Peer Identities and general (data origin) authentication. Scheme: EdDSA.
+- Key exchange and KEMs: For handshakes. Schemes: X25519 (with Ed25519-to-Curve25519 transformations where necessary, such as CORE).
+- Blindable signature keys: For the GNU Name System. Schemes: EDDSA and EdDSA.
+- Blind signatures: For blind signing. Primarily used by GNU Taler. Scheme: RSA-FDH.
+- Symmetric encryption: For secure communication. Schemes: XSalsa20-Poly1305, AES (to be phased out in favor of AEGIS where possible).
+- Public-key encryption: To send encrypted messages. Schemes: HPKE (RFC 9180), only DHKEM(X25519, HKDF-SHA256), HKDF-SHA256, ChaCha20-Poly1305.
+- Hash functions and KDF: GNUnet primarily uses SHA(-512) and HKDF.
 
 Currently, no clear path to post-quantum primitives has been laid out.
 This is mostly due to open research questions in the areas of key blinding and blind signatures.