Toph

霧 — the fog you cannot see through, carrying traffic you cannot read.

Privacy-first overlay network. Self-hosted, invitation-only mesh built so that relay infrastructure is cryptographically incapable of reading the traffic it carries — not policy-incapable.

Single static Zig binary. Hybrid post-quantum KEX (X25519 ⊕ ML-KEM-768). Signal-style Double Ratchet. Magic-byte-free obfuscated UDP. First-party NixOS module.

What you get

• No central authority. No coordination server. No company that can be

compelled, breached, or acquired.

• Cryptographically blind relays. Even with full RAM/disk compromise,

a Toph relay yields no plaintext, no session keys, no message content.

• Post-quantum. ML-KEM-768 hybrid KEX defeats the

record-now-decrypt-later adversary.

• Forward secret + break-in recoverable. Signal Double Ratchet bounds

the blast radius of any single key compromise.

• Looks like noise. Bucket-aligned packets ({256, 512, 1024, 1400}),

encrypted ratchet headers, no protocol fingerprint.

• Three commands cover 95% of usage. toph init, toph invite,

toph up.

Architecture

                  ┌─────────────┐
                  │   anchor    │  (your VPS)
                  │  ─────────  │
                  │ peer registry
                  │ rendezvous  │
                  │ relay fwd   │
                  └──────┬──────┘
                         │
              opaque ciphertext only
                         │
         ┌───────────────┼───────────────┐
         │                                │
   ┌─────┴─────┐                    ┌────┴──────┐
   │ endpoint  │ ─── direct UDP ─── │ endpoint  │
   │  alice    │   (LAN or punch)   │   bob     │
   └───────────┘                    └───────────┘

Connection establishment proceeds in three phases, stopping at the earliest success:

1. LAN-direct via mDNS-SD discovery on _toph._udp.local.
2. Hole-punch orchestrated by the anchor (STUN-style simultaneous open)
3. Relay fallback via the anchor (ciphertext only)

Quick start

# On your VPS:
zig build -Doptimize=ReleaseSafe
TOPH_PASSPHRASE='strong-pass' ./zig-out/bin/toph init --mode anchor
TOPH_PASSPHRASE='strong-pass' ./zig-out/bin/toph up --port 51820
TOPH_PASSPHRASE='strong-pass' ./zig-out/bin/toph invite --cap relay
# (paste the printed token to your laptop)

# On your laptop:
TOPH_PASSPHRASE='laptop-pass' ./zig-out/bin/toph join <token>
TOPH_PASSPHRASE='laptop-pass' ./zig-out/bin/toph up

# Anywhere:
toph status
toph peers
toph exit vps.toph     # route default gateway through the VPS
toph panic             # zeroize all key material, irreversible

NixOS

{
  imports = [ inputs.toph.nixosModules.default ];
  services.toph = {
    enable = true;
    mode = "anchor";
    port = 51820;
    peers = {
      kyoshi = {
        publicKey = "<64 hex chars>";
        capabilities = [ "relay" ];
      };
    };
  };
}

See nix/README.md for the full module reference.

Documentation

• PROJECT.md — module layout and constraints
• docs/WIRE.md — every byte of every packet shape
• /Users/june/Downloads/toph_spec.docx — full design doc

Build

zig build                                      # debug
zig build -Doptimize=ReleaseSafe               # production
zig build -Dtarget=x86_64-linux-musl           # static Linux binary
zig build test                                 # 95+ tests

Depends on zig-mlkem at sibling path. Zero C dependencies beyond libc.

Status

v0.4 covers spec §3–§8 end-to-end with 95/95 tests across hybrid KEX, Double Ratchet, bucket-aligned wire, hole-punch, anchor relay, mDNS, invitation-and-countersign, persistence, revocation, IPv6, multi-anchor failover, and a fuzz harness.

Threats explicitly out of scope: endpoint compromise, browser fingerprinting, and nation-state active interdiction at scale. See spec §2 for the full threat model.