Secure E2EE Protocol v6 — High-assurance messaging kernel.
Sibna is a reference messaging kernel written in memory-safe Rust. It handles the complex mathematics of X3DH and Double Ratchet, providing a production-ready core for secure messaging applications.
- 🛡️ Post-Compromise Security: Self-healing cryptographic state machine.
- ⚡ High Performance: Rust-native core with zero-cost abstractions.
- 📦 Multi-Language: Optimized bindings for Python, Flutter, JavaScript, and C++.
- 🔐 Zero-Knowledge: Relay servers never touch plaintext or metadata.
The Sibna Kernel manages the entire lifecycle of a secure session, from initial handshake to continuous re-keying.
graph TD
A["User Identity"] --> B{"X3DH Handshake"}
B -->|"Success"| C["Root Key"]
C --> D["Double Ratchet"]
D --> E["Chain Keys"]
E -->|"Derive"| F["Message Keys"]
F -->|"Encrypt/Decrypt"| G["Ciphertext"]
D -->|"Self-Healing"| C
Follow these steps to move from a fresh clone to a functional secure session.
First, ensure the Rust-native core is built correctly.
# Navigate to the core
cd core
cargo build --release
# Verify the binary is functional
./target/release/sibna_kernel --helpNote
If the help menu appears, the Sibna Kernel is ready for service.
Run the full suite to ensure all cryptographic primitives are operating within specification.
Rust Unit Tests (Internal State):
cargo test --verboseExpected Result: test result: ok. 0 failed; ...
Python Integration Tests (End-to-End):
cd tests
python integration_test_full.pyExpected Result: All tests passed! (Successfully performed X3DH & Double Ratchet)
Sibna provides a "Single Source of Truth." Use these examples to implement secure messaging in your application.
Installation & Usage:
pip install ./bindings/pythonfrom sibna import SecureContext, Config
# Initialize
ctx = SecureContext(Config(), password=b"master_secret")
# Create Session & Loop
session = ctx.get_or_create_session(peer_id="alice_99")
ciphertext = session.encrypt(b"Hello World")
plaintext = session.decrypt(session.peer_id, ciphertext)
print(f"Decrypted: {plaintext.decode()}") # Expected: Hello WorldInstallation & Usage:
npm install ./sibna-jsimport { SibnaKernel } from 'sibna-js';
const kernel = new SibnaKernel();
await kernel.initialize({ masterKey: '...' });
const encrypted = await kernel.encryptMessage('alice_99', 'Hello Web');
const decrypted = await kernel.decryptMessage('alice_99', encrypted);
console.log(decrypted); // Expected: Hello WebAdd to pubspec.yaml:
dependencies:
sibna_dart:
git: { url: "...", path: "sibna-dart" }import 'package:sibna_dart/sibna_dart.dart';
final ctx = SecureContext(Config(), password: "...");
final enc = await ctx.encrypt("peer_id", "Hello Flutter");
final dec = await ctx.decrypt("peer_id", enc);To add a new language, follow this standardized FFI (Foreign Function Interface) workflow:
Generate the bridge from the Rust source to a C-compatible header.
cargo install cbindgen
cbindgen --config core/cbindgen.toml --output core/sibna.h- Load Library: Use your language's FFI loader (e.g.,
ctypes,dart:ffi) to find the.so/.dll/.dylibgenerated in/core/target/release/. - Pointer Wrapping: Map the raw pointers from
sibna.hto your language's classes. - Memory Management: CRITICAL! You must implement destructors (or finalizers) that call
sibna_free()to zeroize and release sensitive key material.
| Directory | Content |
|---|---|
/core |
Rust-native implementation of the protocol engine. |
/bindings |
Optimized wrappers for Python and C++. |
/sibna-dart |
Flutter/Dart SDK for mobile development. |
/sibna-js |
JavaScript/TypeScript SDK for web apps. |
/server |
Reference FastAPI Relay and Pre-Key Server. |
| Primitive | Implementation | Purpose |
|---|---|---|
| Handshake | X3DH (X25519 & Ed25519) | Authentication & Key Exchange |
| Ratchet | Double Ratchet (HMAC-SHA256) | Post-Compromise Security |
| AEAD | ChaCha20-Poly1305 | Authenticated Encryption |
📖 Whitepaper | 🌐 Encyclopedia | 🛠️ Dev Guide
Made with ❤️ for Secure Communication by the Sibna Core Team