saorsa-core 0.17.0

Saorsa - Core P2P networking library with DHT, QUIC transport, and post-quantum cryptography
Documentation

Saorsa Core

CI Crates.io Documentation

Core P2P networking library for Saorsa platform with DHT, QUIC transport, dual-stack endpoints (IPv6+IPv4), and post-quantum cryptography.

Documentation

Architecture Decision Records (ADRs)

Key design decisions are documented in docs/adr/:

ADR Title Description
ADR-001 Multi-Layer P2P Architecture Layered design separating transport, DHT, identity, and application concerns
ADR-002 Delegated Transport Using saorsa-transport for QUIC transport, NAT traversal, and bootstrap cache
ADR-003 Pure Post-Quantum Cryptography ML-DSA-65 and ML-KEM-768 without classical fallbacks
ADR-006 Trust System Response-rate scoring for Sybil resistance
ADR-008 Bootstrap Cache Delegation Delegating bootstrap to saorsa-transport with Sybil protection
ADR-009 Sybil Protection Multi-layered defense against identity attacks
ADR-012 Identity without PoW Pure cryptographic identity using ML-DSA

Features

  • P2P NAT Traversal: True peer-to-peer connectivity with automatic NAT traversal (saorsa-transport 0.21.x)
  • DHT (Distributed Hash Table): Peer phonebook and routing with geographic awareness
  • QUIC Transport: High-performance networking with saorsa-transport
  • Post-Quantum Cryptography: Future-ready cryptographic algorithms (ML-DSA-65, ML-KEM-768)
  • Trust System: Response-rate scoring with time decay and binary peer blocking

Quick Start

Add this to your Cargo.toml:

[dependencies]
saorsa-core = "0.16.0"

Basic P2P Node

use saorsa_core::{NodeConfig, P2PNode};
use tokio;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Create and start a P2P node
    let config = NodeConfig::default();
    let node = P2PNode::new(config).await?;
    node.run().await?;

    Ok(())
}

P2P NAT Traversal

saorsa-core includes full NAT traversal support in the transport and network layers, enabling direct peer-to-peer connections. User-facing messaging examples live in saorsa-node, while this crate provides the transport and DHT primitives.

Data Replication (saorsa-node)

saorsa-core does not replicate application data. saorsa-node:

  • Stores chunks locally and tracks replica sets.
  • Selects target peers using saorsa-core's adaptive routing outputs.
  • Replicates via send_message and reports success/failure back to the TrustEngine.
  • Reacts to churn events from DhtNetworkManager::subscribe_events() and re-replicates.

Architecture

Core Components

  1. Network Layer: QUIC-based P2P networking with automatic NAT traversal (saorsa-transport 0.26)
  2. DHT: Kademlia-based peer phonebook with geographic awareness
  3. Trust System: Response-rate scoring with time decay and binary peer blocking

Cryptographic Architecture

Saorsa Core implements a pure post-quantum cryptographic approach for maximum security:

  • Post-quantum signatures: ML-DSA-65 (FIPS 204) for quantum-resistant digital signatures (~128-bit quantum security)
  • PQC Encryption: saorsa-pqc primitives for key encapsulation and signatures
  • Key Exchange: ML-KEM-768 (FIPS 203) for quantum-resistant key encapsulation (~128-bit quantum security)
  • Hashing: BLAKE3 for fast, secure content addressing
  • Transport Security: QUIC with TLS 1.3 and PQC cipher suites
  • No Legacy Support: Pure PQC implementation with no classical cryptographic fallbacks

Recent Changes

  • Removed all Proof-of-Work (PoW) usage (identity, adaptive, DHT, error types, CLI).
  • Removed placement/storage orchestration system (now a phonebook-only DHT).
  • Implemented dual-stack listeners (IPv6 + IPv4) and Happy Eyeballs dialing.

Data Flow

Application
    ↓
Network API
    ↓
DHT Phonebook + Geographic Routing
    ↓
QUIC Transport (saorsa-transport)
    ↓
Internet

Configuration

use saorsa_core::NetworkConfig;

let config = NetworkConfig {
    listen_port: 9000,
    bootstrap_nodes: vec![
        "bootstrap1.example.com:9000".parse()?,
        "bootstrap2.example.com:9000".parse()?,
    ],
    ..Default::default()
};

Feature Flags

No feature flags — all functionality is always enabled. DHT, QUIC transport (saorsa-transport), and post-quantum cryptography are included unconditionally.

Performance

Saorsa Core is designed for high performance:

  • Concurrent Operations: Tokio-based async runtime
  • Memory Efficiency: Zero-copy operations where possible
  • Network Optimization: QUIC with congestion control

Security

Saorsa Core implements defense-in-depth security designed for adversarial decentralized environments.

For complete security documentation, see docs/SECURITY_MODEL.md.

Cryptographic Foundation

  • Post-Quantum Signatures: ML-DSA-65 (FIPS 204) for quantum-resistant digital signatures (~128-bit quantum security)
  • Key Exchange: ML-KEM-768 (FIPS 203) for quantum-resistant key encapsulation
  • Symmetric Encryption: Provided by upper layers; saorsa-core focuses on PQC key exchange and signatures
  • Hashing: BLAKE3 for fast, secure content addressing
  • Pure PQC: No classical cryptographic fallbacks - quantum-resistant from the ground up

Network Protection

Protection Implementation
Node Monitoring Automatic eviction after 3 consecutive failures
Reputation System Response-rate scoring with time decay
Sybil Resistance IP diversity limits (/64: 1, /48: 3, /32: 10, ASN: 20)
Geographic Diversity Regional diversity in routing
Routing Validation Trust-based peer blocking and eviction

Anti-Centralization

The network enforces geographic and infrastructure diversity to prevent centralization:

┌───────────────────────────────────────────────────┐
│           Geographic Diversity Distribution        │
├───────────────────────────────────────────────────┤
│  Region A      Region B      Region C      ...    │
│  (max 2)       (max 2)       (max 2)              │
│     │             │             │                 │
│     └─────────────┼─────────────┘                 │
│                   ▼                               │
│    Selection prefers 3+ regions                   │
│    (prevents regional collusion)                  │
└───────────────────────────────────────────────────┘
  • ASN Diversity: Max 20 nodes per autonomous system
  • Hosting Provider Limits: Stricter limits (halved) for known VPS/cloud providers
  • Eclipse Detection: Continuous routing table diversity monitoring

Development

Building

# Standard build
cargo build --release

# With all features
cargo build --all-features

Testing

# Unit tests
cargo test

# Integration tests
cargo test --test '*'

Linting

cargo clippy -- -D warnings -D clippy::unwrap_used -D clippy::expect_used
cargo fmt --all

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Add tests for new functionality
  5. Ensure all tests pass
  6. Submit a pull request

Code Style

  • Follow Rust 2024 idioms
  • Use cargo fmt for formatting
  • Ensure cargo clippy passes
  • Add documentation for public APIs
  • Include tests for all new features

License

This project is dual-licensed:

  • AGPL-3.0: Open source license for open source projects
  • Commercial: Commercial license for proprietary projects

For commercial licensing, contact: david@saorsalabs.com

Dependencies

Core Dependencies

  • tokio - Async runtime
  • futures - Future utilities
  • serde - Serialization
  • anyhow - Error handling
  • tracing - Logging

Networking

  • saorsa-transport (0.26) - QUIC transport with P2P NAT traversal

Cryptography

  • saorsa-pqc - Post-quantum cryptography (ML-DSA, ML-KEM)
  • blake3 - Hashing
  • rand - Random number generation

See Cargo.toml for complete dependency list.

Changelog

See CHANGELOG.md for version history.

Support

Saorsa Labs Limited - Building the decentralized future