Security Model

Tubo's security model is built on transport isolation, secret-backed namespace discovery, stable service identity, and capability-based access. Understanding what each layer provides — and does not provide — is essential for safe deployment.

Non-goal: Tubo is not an anonymity tool. The relay sees connection metadata (source IP, timing). Tubo does not hide who is talking to whom at the network level.

Layer 1 — Transport isolation (PSK)

When a swarm key is configured, libp2p rejects any peer that cannot prove knowledge of the PSK during the pnet handshake. This happens before any libp2p protocol negotiation.

Provides:

Does not provide:

Layer 2 — Namespace discovery and publish authorisation

In discovery-enabled collaborative namespaces, overlay reachability alone is not enough to see services. Peers also need the correct namespace discovery entry. Every service has a stable service ID derived from an Ed25519 owner key, and before a service can publish into a namespace it must hold a PublishLease signed by the cluster authority.

Discovery subscribers validate:

  1. The GossipSub topic matches the expected Discovery V3 topic derived from the namespace discovery entry.
  2. The announcement signature is valid against the service owner key.
  3. The ServiceClaim is signed by a trusted cluster authority.
  4. The nonce has not been seen before (bounded replay window).
  5. The TTL is within the claim's expiry.

A compromised or rogue peer that has swarm transport access but lacks valid namespace discovery state or a valid authority-signed publication chain will have its announcements silently dropped.

Layer 3 — Connect authorisation (leases + PoP)

Connecting to a service requires a ConnectAccessLease bound to the client's local keypair. On every stream open, the client presents a signed proof-of-possession (PoP) that binds: scope, service ID, access lease hash, nonce, and timestamp.

The service validates:

Trust roots

There are two trust roots:

What Tubo does NOT guarantee

Cryptographic primitives

Use Primitive
Transport encryptionlibp2p Noise (XX handshake)
Peer identityEd25519 keypair (libp2p)
Service/authority signingEd25519
PSK swarm key32-byte random PSK (libp2p pnet)
Token encodingJSON + Ed25519 signatures (base64url)

Reporting vulnerabilities

Please report security issues via GitHub private vulnerability reporting or directly to the maintainers. Do not open public issues for security bugs.