Security posture
This page states what is true today, not what we hope becomes true once the audit lands. Honesty about the gap is the credibility strategy, not a marketing problem to route around.
This protocol has not yet received an independent security audit. One is scheduled. Do not rely on it for life-safety or high-risk communication until the audit is published.
What is in scope, and what is not.
Defends against
- Passive eavesdropping on message content in transit.
- Tampering with a message body between hops.
- Impersonation of another device within the mesh.
Does not defend against
- State-level traffic analysis of who is talking to whom.
- RF direction finding that locates a transmitting device physically.
- A compromised endpoint: a phone with a broken keyboard, a stolen unlock code, or malware already on the device.
Availability and abuse are part of the model, not an afterthought
A mesh can be broken without breaking a single cryptographic primitive. Storage exhaustion, flooding and rate-limit abuse, and timestamp manipulation are treated as in-scope threats, with the same design attention as confidentiality and integrity.
- Storage exhaustion from an oversized or repeated message flood.
- Rate-limit abuse designed to starve the relay queue.
- Timestamp manipulation aimed at reordering or replaying messages.
The primitive is rarely where this category fails.
Modern ciphers and key-exchange primitives are, on the whole, sound. What has repeatedly failed across this category is the binding: an identity key that exists on paper but is never enforced during the handshake, or a flaw in how an otherwise-sound cryptographic library got wired into the rest of the system. Those are engineering failures, not cryptography failures, and they are the ones an audit is built to catch.
The litepaper specifies, exactly, how identity keys bind to the handshake and exactly how each cryptographic library is integrated into the protocol. That level of specificity is a design commitment made now, ahead of the audit, so the audit has something precise to check against rather than a description in prose.
Scrutiny is invited, not tolerated.
A protocol that invites review turns a would-be attacker into a contributor before release, which is a better outcome than finding out about a flaw after people are depending on it. If you have found something, or want to look before the formal audit, get in touch directly.
A formal responsible-disclosure policy publishes alongside the audit. Until then, this is the channel: