https://github.com/lvmalware/ztunnel
Secure End-To-End Encrypted tunnels using zig
https://github.com/lvmalware/ztunnel
cryptography e2ee hybrid-encryption kyber quantum-resistant-crypto tunnel x25519kyber768 zig zig-package
Last synced: 11 months ago
JSON representation
Secure End-To-End Encrypted tunnels using zig
- Host: GitHub
- URL: https://github.com/lvmalware/ztunnel
- Owner: LvMalware
- Created: 2025-03-22T13:30:09.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2025-07-16T18:08:03.000Z (11 months ago)
- Last Synced: 2025-07-28T16:02:23.128Z (11 months ago)
- Topics: cryptography, e2ee, hybrid-encryption, kyber, quantum-resistant-crypto, tunnel, x25519kyber768, zig, zig-package
- Language: Zig
- Homepage:
- Size: 23.4 KB
- Stars: 3
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# ZTunnel
This library provides a simple protocol based on SSH's Binary Packet Protocol (BPP), that can be used to establish a secure end-to-end encrypted tunnel between a client and a server.
Key-exchange is performed using `X25519Kyber768`, that is Ellipitic Curve Diffe-Hellman (ECDH) using curve X25519 + the post-quantum Key-Encapsulation Mechanism (KEM) called Kyber. This way, the communication remains secure as long as at least one of the two algorithms is unbroken. All data is then transmitted using `AES-256-GCM`.
This protocol is useful to protect against eavesdropping and in the latest versions, it also includes a method to validate each peer's X25519 public keys during key-exchange, which can prevent Man-In-The-Middle (MITM) attacks.
> Note: Although this protocol offers quantum resistance against eavesdropping, the mechanism used to protect against MITM depends only on validating the X25519 public keys, which is not quantum resistant by itself. If an attacker manages to somehow compromise the security of the ECC curve in use, this protocol will not be able to protect the communication against active MITM.