diff --git a/docs/positioning.md b/docs/positioning.md new file mode 100644 index 0000000..0cdb6a6 --- /dev/null +++ b/docs/positioning.md @@ -0,0 +1,107 @@ +# QuicProChat — positioning + +Short copy for site, README excerpts, and investor/partner conversations. Code and technical docs stay English; this file is **German** with **English** variants where useful. + +--- + +## Elevator pitch (one line, DE) + +QuicProChat ist das einzige Mesh-Protokoll mit MLS-Gruppenencryption und Post-Quantum-Hybrid-KEMs: multi-hop routing über LoRa, WiFi oder QUIC — für Teams, die Reticulum-artige Netzwerk-Resilienz mit Signal-artiger Krypto wollen. + +--- + +## About (~80 words, DE) + +QuicProChat kombiniert zwei Welten: die transport-agnostische Mesh-Architektur von Reticulum (Announce-basiertes Routing, Multi-Hop, LoRa/Serial/TCP) mit der Krypto-Stärke moderner Messenger (MLS RFC 9420, Post-Quantum Hybrid-KEMs). Anders als Meshtastic (nur shared-key AES) oder Briar (nur 1-hop) liefert QuicProChat Forward Secrecy UND Post-Compromise Security für Gruppen über Multi-Hop-Mesh. Relay-Nodes sehen nur opake Ciphertext. Für Off-Grid-Teams, Krisenszenarien und Organisationen mit hohen Sicherheitsanforderungen. + +--- + +## Elevator pitch (one line, EN) + +QuicProChat is the only mesh protocol with MLS group encryption and post-quantum hybrid KEMs: multi-hop routing over LoRa, WiFi, or QUIC—for teams that want Reticulum-style network resilience with Signal-level cryptography. + +--- + +## About (~80 words, EN) + +QuicProChat bridges two worlds: Reticulum's transport-agnostic mesh architecture (announce-based routing, multi-hop, LoRa/Serial/TCP) with the cryptographic strength of modern messengers (MLS RFC 9420, post-quantum hybrid KEMs). Unlike Meshtastic (shared-key AES only) or Briar (one-hop only), QuicProChat delivers forward secrecy AND post-compromise security for groups over multi-hop mesh. Relay nodes see only opaque ciphertext. For off-grid teams, crisis scenarios, and organizations with high security requirements. + +--- + +## Positioning pillars (internal) + +1. **Best-in-class mesh crypto:** MLS groups (RFC 9420), post-quantum hybrid KEM (X25519 + ML-KEM-768), forward secrecy + post-compromise security — what Meshtastic and Reticulum lack. +2. **Transport-agnostic mesh:** Reticulum-inspired announce/routing over any medium (QUIC, TCP, LoRa, Serial). Multi-hop with store-and-forward. Not locked to a single transport like Briar (BT/WiFi only). +3. **Self-hostable, audit-ready:** Single Rust binary, MIT licensed, IETF-standard crypto. No phone number, no cloud dependency. Designed for third-party security audit. + +--- + +## Competitive differentiation + +| System | Group E2E | Forward Secrecy | Post-Compromise | Post-Quantum | Multi-Hop Mesh | LoRa | +|--------|-----------|-----------------|-----------------|--------------|----------------|------| +| **Meshtastic** | ✗ (shared key) | ✗ | ✗ | ✗ | ✓ | ✓ | +| **Reticulum** | ✗ (link-only) | link-only | ✗ | ✗ | ✓ | ✓ | +| **Briar** | ⚠️ Sender Keys | ⚠️ partial | ✗ groups | ✗ | ✗ (1-hop) | ✗ | +| **Berty** | ? (unaudited) | ? | ? | ✗ | ✗ | ✗ | +| **QuicProChat** | ✓ MLS | ✓ per-epoch | ✓ MLS Update | ✓ hybrid KEM | ✓ | ✓ | + +--- + +## Anti-positioning (manage expectations) + +- **Not mature:** Meshtastic has 100K+ nodes, Reticulum has 8 years of production. QuicProChat is early-stage research. +- **Not a drop-in Matrix replacement:** No federation ecosystem, no bridges, no feature parity. +- **MLS overhead is real:** KeyPackages are ~500-800 bytes. On SF12 LoRa (51-byte MTU), group setup requires fragmentation and burns duty cycle budget. We're designing "MLS-Lite" for constrained links. See `docs/plans/mesh-protocol-gaps.md`. +- **KeyPackage distribution unsolved:** MLS needs pre-positioned KeyPackages. Over pure mesh (no server), this is an open problem we're working on. +- **Scope v1: niche** — security- and ops-conscious teams, crisis scenarios, off-grid deployments. + +--- + +## Tagline options + +- "Reticulum's mesh + Signal's crypto + post-quantum ready" +- "MLS over LoRa — because shared keys aren't good enough" +- "The mesh protocol that assumes your relay nodes are hostile" + +--- + +## Key differentiators for pitch deck + +### vs. Meshtastic +- **Their weakness:** AES-256-CTR with shared channel key. No forward secrecy. CVE-2025-52464 (low-entropy keys), CVE-2025-53627 (DM downgrade attacks). If channel key leaks, all past and future messages are exposed. +- **Our strength:** MLS per-epoch keys. Every group operation derives fresh keys. Past keys are deleted. Post-compromise security: any member can heal the group by issuing an Update. + +### vs. Reticulum +- **Their weakness:** Link-level crypto only. Each relay hop decrypts and re-encrypts. No end-to-end group encryption. Python-only (no embedded targets). +- **Our strength:** End-to-end MLS encryption. Relay nodes forward opaque ciphertext. Rust implementation, cross-compile to ARM/MIPS/no_std. IETF-standard crypto (MLS RFC 9420). + +### vs. Briar +- **Their weakness:** One-hop only (BT/WiFi range limits). 4x battery drain from constant scanning. Mandatory contact pairing before any communication. +- **Our strength:** Multi-hop mesh routing (km-scale via LoRa). Configurable announce intervals for battery management. Optional contact pairing (can discover via announce). + +### vs. Signal/Matrix +- **Their weakness:** Requires Internet connectivity. Centralized infrastructure (Signal) or complex federation (Matrix). Not designed for mesh/off-grid. +- **Our strength:** Works fully offline over LoRa/Serial/mesh. Self-hostable single binary. No phone number required. + +--- + +## The "harvest now, decrypt later" pitch + +All competitors are vulnerable to quantum computers collecting encrypted traffic today: + +``` +2026: Adversary records all mesh traffic +2035: Quantum computer operational + +Meshtastic: AES-256-CTR (symmetric) → quantum-safe ✓ (but no forward secrecy anyway) +Reticulum: X25519 (ECDH) → quantum-broken ✗ +Briar: X25519 (Double Ratchet) → quantum-broken ✗ +QuicProChat: X25519 + ML-KEM-768 → quantum-safe ✓ (hybrid belt-and-suspenders) +``` + +QuicProChat's hybrid KEM: both classical AND post-quantum KEMs must be broken. If either survives, the content is protected. + +--- + +*Last updated: 2026-03-30*