Christian Nennemann
d073f614b3
Update 25+ files and add 6 new pages to reflect the v2 migration from Cap'n Proto to Protobuf framing over QUIC. Integrates SDK and Operations docs into the mdBook, restructures SUMMARY.md, and rewrites the wire format, architecture, and protocol sections with accurate v2 content.
quicproquo
End-to-end encrypted group messaging over QUIC, powered by MLS and post-quantum cryptography.
Roadmap · SDK Docs · Operations · Quick Start
quicproquo is a production-grade messenger where the server never sees plaintext. All traffic flows over QUIC/TLS 1.3, group keys are negotiated with the MLS protocol (RFC 9420), and a hybrid X25519 + ML-KEM-768 KEM provides post-quantum confidentiality. Written in Rust. 45,000 lines of code. 301 tests.
┌─────────────────────────────────────────────────┐
│ Application / MLS ciphertext │ ← group key ratchet (RFC 9420)
├─────────────────────────────────────────────────┤
│ Protobuf RPC / Cap'n Proto (legacy) │ ← typed, schema-versioned framing
├─────────────────────────────────────────────────┤
│ QUIC + TLS 1.3 (quinn/rustls) │ ← mutual auth + transport secrecy
└─────────────────────────────────────────────────┘
Highlights
| Zero-knowledge server | Routes opaque MLS ciphertexts by recipient key — never decrypts |
| Post-quantum ready | Hybrid X25519 + ML-KEM-768 KEM on both MLS and Noise layers |
| Password auth | OPAQUE — password never leaves the client, not even as a hash |
| Forward secrecy | MLS epoch ratchet: compromise today can't decrypt yesterday |
| Multi-device | Per-device keys, delivery fan-out, up to 5 devices per account |
| Federation | Server-to-server relay over QUIC with mTLS |
| Offline-first | Client-side outbox with idempotent retry and gap detection |
| Sealed sender | Optional anonymous enqueue — server can't see who sent a message |
| 7 SDKs | Rust, Go, Python, TypeScript, Swift, Kotlin/Java, Ruby |
Quick Start
# Build (no system dependencies — protoc is vendored)
cargo build --workspace
# Run tests
cargo test --workspace
# Start the server (auto-generates self-signed TLS cert)
cargo run --bin qpq-server -- --allow-insecure-auth
# Interactive REPL (registers + logs in automatically)
cargo run --bin qpq -- repl --username alice --password secret
Two-terminal demo:
# Terminal 1 # Terminal 2
qpq repl -u alice -p secretA qpq repl -u bob -p secretB
# Alice: # Bob sees:
/dm bob [alice] Hello, Bob!
Hello, Bob!
Architecture
quicproquo/
├── crates/
│ ├── quicproquo-core # MLS, hybrid KEM, PQ Noise, OPAQUE, recovery, padding
│ ├── quicproquo-proto # Protobuf (prost) + Cap'n Proto generated types
│ ├── quicproquo-rpc # QUIC RPC framework (framing, dispatch, middleware)
│ ├── quicproquo-sdk # Client SDK (QpqClient, conversation store, outbox)
│ ├── quicproquo-server # QUIC server, 33 RPC methods, domain services, plugins
│ ├── quicproquo-client # CLI + REPL + TUI (Ratatui)
│ ├── quicproquo-kt # Key transparency (Merkle-log, revocation)
│ ├── quicproquo-p2p # iroh P2P, mesh identity, store-and-forward
│ ├── quicproquo-ffi # C FFI (libquicproquo_ffi.so)
│ └── quicproquo-plugin-api # Dynamic plugin hooks (C ABI)
├── proto/qpq/v1/ # 15 .proto schema files
├── sdks/ # Go, Python, TypeScript, Swift, Kotlin, Java, Ruby
├── docs/ # mdBook docs, SDK guides, operational runbooks
└── packaging/ # OpenWrt, Docker, cross-compilation
Security Properties
| Property | Mechanism |
|---|---|
| Transport confidentiality | TLS 1.3 over QUIC (rustls) |
| Group key agreement | MLS MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519 |
| Post-quantum confidentiality | X25519 + ML-KEM-768 hybrid KEM (MLS + Noise layers) |
| Forward secrecy | MLS epoch ratchet + per-epoch key schedule |
| Post-compromise security | MLS Update proposals rotate leaf material |
| Identity | Ed25519 long-term keys (MLS credential + leaf signature) |
| Password authentication | OPAQUE-ke (augmented PAKE, no password on wire) |
| Local storage | SQLCipher + Argon2id + ChaCha20-Poly1305 |
| Key transparency | Append-only Merkle log with inclusion proofs + revocation |
| Traffic analysis resistance | Uniform padding + configurable decoy traffic |
Features
Messaging
- 1:1 DMs and N-party groups with full MLS lifecycle (add, remove, key rotation)
- Rich messaging — reactions, read receipts, typing indicators, edit, delete
- File transfer — chunked upload/download, SHA-256 content addressing, 50 MB limit
- Disappearing messages — per-conversation TTL with server-side GC
- Offline queue — messages queued locally when disconnected, flushed on reconnect
- Delivery proofs — server-signed Ed25519 receipts for cryptographic send confirmation
- Transcript export — encrypted, tamper-evident archives with Merkle chain verification
Infrastructure
- Multi-device — per-device keys and delivery fan-out (up to 5 devices)
- Account recovery — 8 recovery codes, encrypted bundles, zero-knowledge server
- Federation — server-to-server relay with mTLS and cross-server user resolution
- Abuse prevention — user blocking, message reporting, ban enforcement, admin tools
- Graceful shutdown — SIGTERM drain with configurable timeout, health endpoint awareness
- Rate limiting — sliding window algorithm, trait-based for Redis swap
- Observability — request correlation IDs, per-endpoint latency histograms, structured audit log
- Dynamic plugins — load
.so/.dylibat runtime via--plugin-dir(6 hook points) - Mesh networking — iroh P2P, mDNS discovery, store-and-forward, broadcast channels
Client SDKs
| Language | Location | Transport | Notes |
|---|---|---|---|
| Rust | crates/quicproquo-sdk |
QUIC (quinn) | Reference implementation |
| Go | sdks/go/ |
QUIC (quic-go) | Cap'n Proto RPC, full API |
| Python | sdks/python/ |
QUIC (aioquic) + FFI | Async client, PyPI-ready |
| TypeScript | sdks/typescript/ |
WebSocket + WASM crypto | 175 KB WASM bundle, browser demo |
| Swift | sdks/swift/ |
C FFI wrapper | iOS 15+ / macOS 13+ |
| Kotlin/Java | sdks/kotlin/, sdks/java/ |
JNI + C FFI | Android + JVM |
| Ruby | sdks/ruby/ |
C FFI gem | Block-form auto-disconnect |
REPL Commands
40+ slash commands including:
/dm <user> Start a 1:1 DM
/create-group <name> Create a group
/invite <user> Add member to group
/remove <user> Remove member
/send-file <path> Upload and send a file
/verify <user> Compare safety numbers
/rotate-keys Rotate MLS key material
/disappear <duration> Set message TTL
/export <path> Export encrypted transcript
/devices list|add|rm Manage devices
/block <user> Block a user
/recovery setup Generate recovery codes
/help Full command reference
Deployment
Docker
docker build -t quicproquo -f docker/Dockerfile .
docker run -p 7000:7000 -v qpq-data:/data quicproquo
Production (Docker Compose)
# Includes server + Prometheus + Grafana with pre-configured dashboards
docker compose -f docker-compose.prod.yml up -d
OpenWrt
Cross-compiled static binaries for mesh/embedded deployments:
./scripts/cross-compile.sh # builds for x86_64, armv7, aarch64 (musl)
See docs/openwrt.md for opkg packaging and procd init scripts.
Configuration
# Environment variables (see .env.example for full list)
QPQ_LISTEN=0.0.0.0:7000
QPQ_AUTH_TOKEN=your-strong-token
QPQ_DB_KEY=your-db-encryption-key
QPQ_STORE_BACKEND=sql
QPQ_METRICS_LISTEN=0.0.0.0:9090
QPQ_DRAIN_TIMEOUT=30
QPQ_RPC_TIMEOUT=30
Documentation
mdbook serve docs # http://localhost:3000
- SDK Integration Guide — wire format, per-language guides, "build your own SDK"
- Operational Runbook — backup/restore, key rotation, incident response
- Scaling Guide — resource sizing, horizontal scaling, capacity planning
- Monitoring — Prometheus metrics, Grafana dashboards, alert rules
Security
This project has not undergone a formal third-party audit. See the threat model for details.
If you discover a security vulnerability, please report it privately.
License
MIT