GitHubBack to Site
Infrastructure

Security Architecture

How anon0mesh protects your identity and payload using Arcium's encrypted supercomputer.

In an off-grid environment, security is the foundation. Every packet transmitted over the mesh is encrypted, authenticated, and metadata-minimized using the Noise Protocol.

Security Standards

AES-256-GCM

Authenticated encryption for symmetric symmetric in-transit packets via the @magicred1/ble-mesh stack.

XChaCha20-Poly1305

Provides robust end-to-end encryption for message content between sender and recipient keypairs.

Ed25519 Signatures

Solana-native signing ensures transaction authenticity and integrity without relying on central authorities.

Threat Model

anon0mesh is designed to resist common attack vectors in hostile network environments:

  • Passive Eavesdropping: RF signals (BLE/LoRa) are encrypted; an attacker monitoring frequencies cannot read content or transaction intent.
  • Malicious Relay Nodes: A compromised Beacon can refuse to forward packets but cannot decrypt them or alter content without detection since signatures remain valid.
  • On-Chain Clustering: Use of Disposable Wallets (ephemeral keypairs) prevents long-term transaction graph analysis from linking activity to a persistent identity.
  • Cloud Surveillance: Since the Multimodal LLM runs locally on your device, no prompts or data are ever sent to a central server for inference, eliminating the risk of data harvesting or censorship.

Known Limitations

  • Physical Range: BLE is typically limited to 10-100m. LoRa extends this significantly to 2-10km but requires compatible hardware.
  • Nonce Funding: Durable Nonces require a small SOL reserve (~0.0014 SOL) that must be funded while the user is online.
  • Radio Regulation: LoRa spectrum regulations vary by region; users are responsible for operating within local legal constraints.

Arcium DeCC Layer

We integrate with Arcium's Decentralized Confidential Computing (DeCC) network. Computation occurs inside Multi-Party Execution Environments (MXEs), which utilize Multi-Party Computation (MPC) and Fully Homomorphic Encryption (FHE). This protects data in use: when a transaction is relayed through third-party mesh nodes,neither the relayers nor the Arcium nodes themselves can see the plaintext data.

This reliability is further extended via Jito BAM, which provides a transparent and verifiable marketplace for block assembly. By utilizing open-source sequencing plugins, we ensure that anon0mesh transactions land on Solana with high-speed finality without relying on opaque, proprietary block engines.

Confidential Computation Flow

1. User generates & performs encrypted signing (Offline)
2. Encrypted intent split into MPC shares
3. Shares relayed via Mesh (BLE/LoRa) -> Beacon
4. Arcium MXEs execute logic on encrypted state
5. Proof of execution & settlement submitted to Solana
"Identity verification happens locally. Activity stays local until online. No emails, no phone numbers, no persistent tracking."
PreviousNode TypesNextRoadmap