c/quicproquo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
150f30b0d621735585cb439ccd45091bb2584a01
quicproquo/docs/positioning.md
Christian Nennemann 92fefda41d docs: sharpen positioning with mesh focus and honest limitations 
- New elevator pitch: "MLS + PQ-KEM over multi-hop mesh"
- Competitive differentiation table vs Meshtastic/Reticulum/Briar
- Acknowledge MLS overhead and KeyPackage distribution gaps
- Taglines: "Reticulum's mesh + Signal's crypto + post-quantum ready"
2026-03-30 23:29:56 +02:00

108 lines
6.1 KiB
Markdown
Raw Blame History

# QuicProChat — positioning
Short copy for site, README excerpts, and investor/partner conversations. Code and technical docs stay English; this file is **German** with **English** variants where useful.
---
## Elevator pitch (one line, DE)
QuicProChat ist das einzige Mesh-Protokoll mit MLS-Gruppenencryption und Post-Quantum-Hybrid-KEMs: multi-hop routing über LoRa, WiFi oder QUIC — für Teams, die Reticulum-artige Netzwerk-Resilienz mit Signal-artiger Krypto wollen.
---
## About (~80 words, DE)
QuicProChat kombiniert zwei Welten: die transport-agnostische Mesh-Architektur von Reticulum (Announce-basiertes Routing, Multi-Hop, LoRa/Serial/TCP) mit der Krypto-Stärke moderner Messenger (MLS RFC 9420, Post-Quantum Hybrid-KEMs). Anders als Meshtastic (nur shared-key AES) oder Briar (nur 1-hop) liefert QuicProChat Forward Secrecy UND Post-Compromise Security für Gruppen über Multi-Hop-Mesh. Relay-Nodes sehen nur opake Ciphertext. Für Off-Grid-Teams, Krisenszenarien und Organisationen mit hohen Sicherheitsanforderungen.
---
## Elevator pitch (one line, EN)
QuicProChat is the only mesh protocol with MLS group encryption and post-quantum hybrid KEMs: multi-hop routing over LoRa, WiFi, or QUIC—for teams that want Reticulum-style network resilience with Signal-level cryptography.
---
## About (~80 words, EN)
QuicProChat bridges two worlds: Reticulum's transport-agnostic mesh architecture (announce-based routing, multi-hop, LoRa/Serial/TCP) with the cryptographic strength of modern messengers (MLS RFC 9420, post-quantum hybrid KEMs). Unlike Meshtastic (shared-key AES only) or Briar (one-hop only), QuicProChat delivers forward secrecy AND post-compromise security for groups over multi-hop mesh. Relay nodes see only opaque ciphertext. For off-grid teams, crisis scenarios, and organizations with high security requirements.
---
## Positioning pillars (internal)
1. **Best-in-class mesh crypto:** MLS groups (RFC 9420), post-quantum hybrid KEM (X25519 + ML-KEM-768), forward secrecy + post-compromise security — what Meshtastic and Reticulum lack.
2. **Transport-agnostic mesh:** Reticulum-inspired announce/routing over any medium (QUIC, TCP, LoRa, Serial). Multi-hop with store-and-forward. Not locked to a single transport like Briar (BT/WiFi only).
3. **Self-hostable, audit-ready:** Single Rust binary, MIT licensed, IETF-standard crypto. No phone number, no cloud dependency. Designed for third-party security audit.
---
## Competitive differentiation
| System | Group E2E | Forward Secrecy | Post-Compromise | Post-Quantum | Multi-Hop Mesh | LoRa |
|--------|-----------|-----------------|-----------------|--------------|----------------|------|
| **Meshtastic** | ✗ (shared key) | ✗ | ✗ | ✗ | ✓ | ✓ |
| **Reticulum** | ✗ (link-only) | link-only | ✗ | ✗ | ✓ | ✓ |
| **Briar** | ⚠️ Sender Keys | ⚠️ partial | ✗ groups | ✗ | ✗ (1-hop) | ✗ |
| **Berty** | ? (unaudited) | ? | ? | ✗ | ✗ | ✗ |
| **QuicProChat** | ✓ MLS | ✓ per-epoch | ✓ MLS Update | ✓ hybrid KEM | ✓ | ✓ |
---
## Anti-positioning (manage expectations)
- **Not mature:** Meshtastic has 100K+ nodes, Reticulum has 8 years of production. QuicProChat is early-stage research.
- **Not a drop-in Matrix replacement:** No federation ecosystem, no bridges, no feature parity.
- **MLS overhead is real:** KeyPackages are ~500-800 bytes. On SF12 LoRa (51-byte MTU), group setup requires fragmentation and burns duty cycle budget. We're designing "MLS-Lite" for constrained links. See `docs/plans/mesh-protocol-gaps.md`.
- **KeyPackage distribution unsolved:** MLS needs pre-positioned KeyPackages. Over pure mesh (no server), this is an open problem we're working on.
- **Scope v1: niche** — security- and ops-conscious teams, crisis scenarios, off-grid deployments.
---
## Tagline options
- "Reticulum's mesh + Signal's crypto + post-quantum ready"
- "MLS over LoRa — because shared keys aren't good enough"
- "The mesh protocol that assumes your relay nodes are hostile"
---
## Key differentiators for pitch deck
### vs. Meshtastic
- **Their weakness:** AES-256-CTR with shared channel key. No forward secrecy. CVE-2025-52464 (low-entropy keys), CVE-2025-53627 (DM downgrade attacks). If channel key leaks, all past and future messages are exposed.
- **Our strength:** MLS per-epoch keys. Every group operation derives fresh keys. Past keys are deleted. Post-compromise security: any member can heal the group by issuing an Update.
### vs. Reticulum
- **Their weakness:** Link-level crypto only. Each relay hop decrypts and re-encrypts. No end-to-end group encryption. Python-only (no embedded targets).
- **Our strength:** End-to-end MLS encryption. Relay nodes forward opaque ciphertext. Rust implementation, cross-compile to ARM/MIPS/no_std. IETF-standard crypto (MLS RFC 9420).
### vs. Briar
- **Their weakness:** One-hop only (BT/WiFi range limits). 4x battery drain from constant scanning. Mandatory contact pairing before any communication.
- **Our strength:** Multi-hop mesh routing (km-scale via LoRa). Configurable announce intervals for battery management. Optional contact pairing (can discover via announce).
### vs. Signal/Matrix
- **Their weakness:** Requires Internet connectivity. Centralized infrastructure (Signal) or complex federation (Matrix). Not designed for mesh/off-grid.
- **Our strength:** Works fully offline over LoRa/Serial/mesh. Self-hostable single binary. No phone number required.
---
## The "harvest now, decrypt later" pitch
All competitors are vulnerable to quantum computers collecting encrypted traffic today:
```
2026: Adversary records all mesh traffic
2035: Quantum computer operational
Meshtastic: AES-256-CTR (symmetric) → quantum-safe ✓ (but no forward secrecy anyway)
Reticulum: X25519 (ECDH) → quantum-broken ✗
Briar: X25519 (Double Ratchet) → quantum-broken ✗
QuicProChat: X25519 + ML-KEM-768 → quantum-safe ✓ (hybrid belt-and-suspenders)
```
QuicProChat's hybrid KEM: both classical AND post-quantum KEMs must be broken. If either survives, the content is protected.
---
*Last updated: 2026-03-30*
Reference in New Issue View Git Blame Copy Permalink