Defense in depth, from cryptography to network topology. Every layer is designed to protect communication when infrastructure fails or is actively hostile.
| Algorithm | Purpose | Status | Implementation |
|---|---|---|---|
| AES-256-GCM | Authenticated encryption for all messages | Active | ghostwire/src/core/crypto_machine.rs |
| Ed25519 | Digital signatures for identity and message authentication | Active | ghostwire/src/core/crypto_machine.rs |
| X25519 | Key exchange with perfect forward secrecy | Active | ghostwire/src/core/encryption.rs |
| ML-KEM-768 | Post-quantum key encapsulation (NIST standard) | Planned | ghostwire/src/core/encryption.rs |
State-level or ISP-level monitoring of all traffic. GhostWire mitigates through end-to-end AES-256-GCM encryption, traffic obfuscation, cover traffic generation, and timing randomization. Metadata is minimized at every layer.
Cell tower outages, ISP failures, power grid collapse. GhostWire operates independently of centralized infrastructure via WiFi Direct, Bluetooth LE, LoRa radio, and Reticulum mesh. Messages queue and deliver when connectivity resumes.
Device confiscation or raid. Mitigated through full-disk encryption recommendations, GhostWire lockdown mode, ephemeral session keys, and identity keys that never leave the device. Users in high-threat environments should enable additional protections.
Adversary creates many fake nodes to infiltrate the mesh. Mitigated through proof-of-work node admission, quota enforcement, blacklist management, and the TrustStore reputation system. Fake nodes are computationally expensive to maintain.
Pattern analysis of message timing, size, and routing. Mitigated through cover traffic generation, timing randomization, stealth TCP transport, and metadata minimization. Full protection requires a well-populated mesh with active cover traffic.
AES-256-GCM authenticated encryption for all messages. X25519 key exchange with perfect forward secrecy. ML-KEM-768 post-quantum integration planned. Identity keys (Ed25519) never leave the device. All cryptographic operations implemented in Rust for memory safety.
crypto_machine.rs / encryption.rsS/Kademlia-hardened DHT routing. Gossipsub pub/sub messaging. QUIC and TCP transports. Noise protocol framework for secure handshakes. No single point of failure — the mesh routes around any compromised or offline node.
libp2p / tokio / axumLightGBM anomaly detection model (AUC 1.0, 76.7us inference) exported to ONNX and wired into Rust via ONNX Runtime. Detects anomalous node behavior, routing attacks, and potential Sybil nodes. GNN routing model trained on real GuifiSants mesh data.
LightGBM / ONNX / GNNSeparate cryptographic identities for different contexts. Community coordinator, disaster responder, privacy advocate profiles. Each profile has independent key pairs. QR code peer pairing for secure initial key exchange. Username discovery without central registry.
Ed25519 identity keys / QR pairingIf you discover a security vulnerability in GhostWire, please report it responsibly. We appreciate your help in keeping the project secure.
Email: mirungu015@proton.me
PGP Key: Available upon request. Include your PGP public key in your initial email for encrypted communication.
Expected response time: Within 48 hours for initial acknowledgment.
Day 0 — Reporter submits vulnerability details via encrypted email.
Day 0-2 — Team acknowledges receipt and begins triage.
Day 2-14 — Vulnerability is investigated and a fix is developed.
Day 14-30 — Fix is tested, reviewed, and merged. Security advisory drafted.
Day 30+ — Public disclosure with credit to reporter (unless anonymity requested).
Additional security documentation: