Sovereign Peer-to-Peer Communication System
Version 2.0 — Alpha Architecture | March 2026
"In 2026, privacy is not a feature — it is infrastructure."
Ghost Protocol is a decentralised, serverless mobile messaging architecture engineered for Android 16 and beyond. It eliminates central servers entirely, binds identity to tamper-resistant hardware, and makes the act of communicating indistinguishable from normal device activity.
This repository contains the v2.0 alpha Android implementation. Read the full design rationale in docs/whitepaper-v2.0.md.
MasterKeyManager.kt— AES-256 key generated inside StrongBox Secure Element. Non-exportable, biometric-bound, self-destructs on fingerprint/face change. (§4.1.1, §5.4)XWingHybridKem.kt— X-Wing hybrid KEM: X25519 + ML-KEM-1024 (NIST FIPS 203). Secure if either primitive is unbroken. Defeats harvest-now-decrypt-later attacks. (§4.1.2)DoubleRatchetSession.kt— Signal Double Ratchet with HKDF-SHA3. Forward secrecy + break-in recovery. Ephemeral identity derivation per §4.1.3. (§4.1.2)MLDSASigning.kt— ML-DSA-65 (Dilithium, NIST FIPS 204). Replaces ECDSA entirely; quantum-resistant signatures. (§4.1.2)DeviceContinuityBundle.kt— DCB: AES-256-GCM encrypted backup of contact shared secrets, protected by 24-word BIP-39 mnemonic. Never includes the master key. (§4.1.4)
GhostVpnService.kt— Android VpnService intercepts all traffic and routes through Ghost Mesh. No packets reach central servers. IncludesProtocolMorpher: pads to TLS record sizes, DTLS/SRTP framing for DPI evasion. (§4.2.1, §4.2.4)OnionRouter.kt— Formal 3-hop circuit builder. X-Wing encrypted onion per hop. Guard node pinned per contact, rotated every 24h. Circuit TTL: 10 minutes. (§4.2.2)PeerTable.kt— Stake-weighted relay selection. Relay credit system with 48-hour Sybil resistance lockout for new peers. (§4.2.2, §4.4.1)DiscoveryManager.kt— All five discovery channels: BLE (±30% interval jitter), Wi-Fi Direct (MAC randomisation), Kademlia DHT (ZKP lookups), ambient fingerprinting (Groth16 commitment), ultrasonic 18–20kHz FSK emergency fallback. (§4.2.3)
DeadDropStorage.kt— Shamir Secret Sharing (n=20, k=11) + Reed-Solomon error correction GF(2⁸). Any 11 of 20 fragments reconstruct. Fragment TTL: 72h. Max message: 2 MB. Blinded Pedersen commitment retrieval queries. Storage proofs (Groth16 in Q3 2026). (§4.3)
- Stage 1: On-device LSTM (PyTorch Mobile) predicts message probability per 5-minute window.
- Stage 2: Sender and recipient derive identical wake epochs from shared HKDF secret — both wake in a 5–10 second window, exchange messages, sleep. No always-on connection.
- Fallback: FCM delivers a single encrypted byte ping. FCM never carries message content.
- Target: 60–70% battery reduction vs always-on (§4.4.2).
| Tier | Trigger | Action |
|---|---|---|
| 1 | Panic PIN (6-digit, memorised) | 7-pass DoD 5220.22-M overwrite + StrongBox key deletion + launcher removal |
| 2 | New biometric enrolled | Automatic master key invalidation (setInvalidatedByBiometricEnrollment) |
| 3 | Remote wipe signal from trusted contact | Triggers Tier 1 remotely — disabled by default |
Ghost Protocol's security depends on out-of-band key verification. Skipping degrades to TOFU, which is insufficient in adversarial environments.
- Meet in person or via authenticated video.
- Each party displays their ephemeral public key as a QR code in the app.
- Scan the other party's QR code.
- App confirms cryptographic fingerprint match.
- Both parties verbally confirm the last 6 characters of the fingerprint.
- Session established only after both confirmations succeed.
QR payload: Base64(version(1B) | x25519_pub(32B) | ML-KEM-1024_pub(1568B) | ML-DSA-65_pub(2420B) | fingerprint(3B))
| Primitive | Algorithm | Standard |
|---|---|---|
| Hybrid KEM | X-Wing (X25519 + ML-KEM-1024) | IETF draft-connolly-cfrg-xwing |
| Symmetric | AES-256-GCM | NIST FIPS 197 |
| Session ratchet | Double Ratchet + X3DH | Signal Protocol |
| Signing | ML-DSA-65 (Dilithium) | NIST FIPS 204 |
| Hash | SHA-3 (512-bit) | NIST FIPS 202 |
| KDF | HKDF-SHA3 | RFC 5869 + SHA-3 |
| ZKP | Groth16 | snarkjs WASM (Q3 2026) |
| Secret sharing | Shamir (n=20, k=11) | GF(2⁸) |
| Error correction | Reed-Solomon (n=20, k=11) | ISO 18004 |
| DCB encryption | AES-256-GCM + BIP-39 | BIP-0039 |
- Minimum: Android 9 (API 28) — StrongBox KeyStore
- Target: Android 16 (API 36)
- AVF isolation: Android 14+ (API 34), Tensor G3 or equivalent
- No root required. No Google Play Services required.
./gradlew assembleDebugSideload the APK or install via F-Droid (production target — Q3 2026).
| Quarter | Milestone |
|---|---|
| Q1 2026 | Foundation — StrongBox, wipe, VpnService, DCB ✓ |
| Q2 2026 | Mesh Alpha — libp2p, 3-hop onion, BLE + Kademlia, dead-drop |
| Q3 2026 | Hardening — X-Wing, ML-DSA, Groth16 ZKP, AVF isolation |
| Q3 2026 | Alpha release — F-Droid / sideload; Cure53 engagement |
| Q4 2026 | Beta — community audit, bug bounty (HackerOne) |
| Q1 2027 | Protocol stability — v1.0 spec freeze |
| H2 2027 | Quantum Upgrade — full FIPS 203/204 production deployment |
- Pre-alpha: internal crypto review of X-Wing and Groth16 circuits (≥2 external cryptographers)
- Alpha: Cure53 penetration test — StrongBox, VPN intercept, kill-switch reliability
- Beta: HackerOne bug bounty — 90-day disclosure window
- Post-quantum: separate ML-KEM/ML-DSA FIPS 203/204 compliance review
Ghost Protocol does not protect against:
- Endpoint compromise (screen-recording malware, accessibility service abuse)
- User error (voluntary key disclosure, social engineering)
- Side-channel attacks against StrongBox hardware (nation-state fault injection)
- Multi-device synchronisation (single-device model; AVF extension planned)
Designed against a Dolev-Yao network adversary combined with a physically capable adversary. See whitepaper §3 for full scenario walkthroughs including DPI evasion, physical seizure, harvest-now-decrypt-later, and Sybil attacks.
GNU General Public License v3.0 (GPLv3).
All contributions to the core protocol must remain GPLv3.
Cryptographic libraries retain their upstream licences (MIT/Apache 2.0).
- NIST FIPS 203: ML-KEM (Kyber) — 2024
- NIST FIPS 204: ML-DSA (Dilithium) — 2024
- Connolly et al., X-Wing Hybrid KEM — IETF draft-connolly-cfrg-xwing-01
- Perrin & Marlinspike, The Double Ratchet Algorithm — signal.org
- Briar Project — briarproject.org
- Session Protocol Whitepaper — getsession.org
- Android StrongBox KeyStore — developer.android.com
- Android Virtualization Framework — developer.android.com