Chris Nennemann
853ca4fec0
Rename the entire workspace:
- Crate packages: quicnprotochat-{core,proto,server,client,gui,p2p,mobile} -> quicproquo-*
- Binary names: quicnprotochat -> qpq, quicnprotochat-server -> qpq-server,
quicnprotochat-gui -> qpq-gui
- Default files: *-state.bin -> qpq-state.bin, *-server.toml -> qpq-server.toml,
*.db -> qpq.db
- Environment variable prefix: QUICNPROTOCHAT_* -> QPQ_*
- App identifier: chat.quicnproto.gui -> chat.quicproquo.gui
- Proto package: quicnprotochat.bench -> quicproquo.bench
- All documentation, Docker, CI, and script references updated
HKDF domain-separation strings and P2P ALPN remain unchanged for
backward compatibility with existing encrypted state and wire protocol.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
8.4 KiB
References and Further Reading
This page collects the standards, crate documentation, and research papers referenced throughout the quicproquo documentation. Entries are organised by category.
Standards and RFCs
| Reference | Description |
|---|---|
| RFC 9420 -- The Messaging Layer Security (MLS) Protocol | The group key agreement protocol used by quicproquo. Defines KeyPackages, Welcome messages, Commits, the ratchet tree, epoch advancement, and the security properties (forward secrecy, post-compromise security). See MLS (RFC 9420). |
| RFC 9000 -- QUIC: A UDP-Based Multiplexed and Secure Transport | The transport protocol underlying quicproquo's primary connection layer. Provides multiplexed streams, 0-RTT connection establishment, and built-in congestion control. See QUIC + TLS 1.3. |
| RFC 9001 -- Using TLS to Secure QUIC | Defines how TLS 1.3 is integrated into QUIC for authentication and key exchange. quicproquo uses this via the quinn + rustls stack. |
| RFC 8446 -- The Transport Layer Security (TLS) Protocol Version 1.3 | The TLS version used exclusively by quicproquo (no TLS 1.2 fallback). Provides the handshake, key schedule, and record layer for QUIC transport security. |
| RFC 9180 -- Hybrid Public Key Encryption (HPKE) | The public-key encryption scheme used internally by MLS for encrypting to KeyPackage init keys. quicproquo's MLS ciphersuite uses DHKEM(X25519, HKDF-SHA256) with AES-128-GCM. |
| NIST FIPS 203 -- Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM) | The post-quantum KEM standard. quicproquo plans to use ML-KEM-768 in a hybrid construction with X25519 at milestone M7. See Post-Quantum Readiness. |
| Cap'n Proto specification | The zero-copy serialisation format and RPC system used for all quicproquo wire messages and service interfaces. See Cap'n Proto Serialisation and RPC. |
| draft-ietf-tls-hybrid-design -- Hybrid Key Exchange in TLS 1.3 | The combiner approach used by quicproquo's hybrid KEM construction (X25519 shared secret concatenated with ML-KEM-768 shared secret, fed through HKDF). See Hybrid KEM. |
| RFC 9497 -- OPAQUE | Asymmetric password-authenticated key exchange. Considered for future authentication (see Future Research). |
Rust Crate Documentation
| Crate | docs.rs | Role in quicproquo |
|---|---|---|
openmls |
docs.rs/openmls | MLS protocol implementation: group creation, member addition, Welcome processing, application message encryption/decryption. See MLS (RFC 9420). |
openmls_rust_crypto |
docs.rs/openmls_rust_crypto | Pure-Rust cryptographic backend for openmls. Provides the OpenMlsRustCrypto provider used by GroupMember. |
quinn |
docs.rs/quinn | QUIC transport implementation. Provides the Endpoint, Connection, and stream types for client and server. See QUIC + TLS 1.3. |
rustls |
docs.rs/rustls | TLS 1.3 implementation used by quinn. Configured with TLS13 cipher suites only and custom certificate verification. |
capnp |
docs.rs/capnp | Cap'n Proto serialisation library. Used for building and reading all wire messages. |
capnp-rpc |
docs.rs/capnp-rpc | Cap'n Proto RPC framework. Provides the async RPC system for NodeService. Runs inside the QUIC encrypted channel. |
capnpc |
docs.rs/capnpc | Cap'n Proto compiler invoked at build time (build.rs) to generate Rust types from .capnp schemas. |
ml-kem |
docs.rs/ml-kem | ML-KEM (NIST FIPS 203) implementation. Vendored in the workspace for the planned hybrid post-quantum KEM (M7). |
ed25519-dalek |
docs.rs/ed25519-dalek | Ed25519 signing and verification. Used for MLS identity credentials (BasicCredential). See Ed25519 Identity Keys. |
x25519-dalek |
docs.rs/x25519-dalek | X25519 Diffie-Hellman key exchange. Used in hybrid KEM (X25519 + ML-KEM-768) and as the classical component of DHKEM in MLS HPKE. See Hybrid KEM. |
zeroize |
docs.rs/zeroize | Secure memory zeroisation. All private key types implement Zeroize + ZeroizeOnDrop. See Key Lifecycle and Zeroization. |
tokio |
docs.rs/tokio | Async runtime. All server and client I/O runs on Tokio. |
clap |
docs.rs/clap | CLI argument parser for the client binary. |
dashmap |
docs.rs/dashmap | Concurrent hash map. Used for the in-memory AS key store and DS delivery queues (to be replaced by SQLite at M6). |
tracing |
docs.rs/tracing | Structured logging framework. Used throughout the server for request logging and diagnostics. |
thiserror |
docs.rs/thiserror | Derive macro for typed error enums in library crates. |
anyhow |
docs.rs/anyhow | Flexible error handling for application crates (server, client). |
Research Papers and Background
MLS Motivation and Design
"On Ends-to-Ends Encryption: Asynchronous Group Messaging with Strong Security Guarantees" Katriel Cohn-Gordon, Cas Cremers, Luke Garratt, Jon Millican, and Kevin Milner. ACM CCS 2018.
This paper analyses the security properties of group messaging protocols and motivates the design of MLS. It defines the security goals (forward secrecy, post-compromise security, asynchronous operation) that MLS formalises into a protocol. Essential background for understanding why quicproquo uses MLS rather than extending the Signal protocol to groups.
Signal Protocol
"The Double Ratchet Algorithm" Trevor Perrin and Moxie Marlinspike. signal.org/docs/specifications/doubleratchet
Defines the double ratchet used in Signal's 1:1 messaging. Relevant as a potential optimisation for quicproquo's 1:1 channels (see Future Research: Double-Ratchet DM Layer) and as background for understanding how MLS generalises ratcheting to groups.
"The X3DH Key Agreement Protocol" Moxie Marlinspike and Trevor Perrin. signal.org/docs/specifications/x3dh
Defines the extended triple Diffie-Hellman key agreement used in Signal's initial key exchange. MLS KeyPackages serve an analogous role to X3DH's prekeys, enabling asynchronous group setup.
Post-Quantum Cryptography
"CRYSTALS-Kyber: A CCA-Secure Module-Lattice-Based KEM" Roberto Avanzi et al. NIST PQC Round 3 submission
The predecessor to ML-KEM (NIST FIPS 203). CRYSTALS-Kyber was selected by NIST
and standardised as ML-KEM. quicproquo uses the ml-kem crate which
implements the final FIPS 203 standard.
Metadata Resistance
"Sealed Sender" Signal Blog. signal.org/blog/sealed-sender
Describes Signal's approach to hiding sender identity from the server. Relevant to quicproquo's future research on metadata resistance (see Future Research).
Cross-references
- Glossary -- definitions of terms used in these references
- Protocol Layers Overview -- how the protocols layer in quicproquo
- Cryptography Overview -- cryptographic properties and threat model
- Future Research -- technologies under consideration
- Milestones -- current project status