1  # Abzu Security & Cryptography Model
 2  
 3  ## Identity
 4  
 5  - **Keys**: Ed25519 (Edwards-curve Digital Signature Algorithm).
 6  - **Node ID**: SHA-256 hash of the Ed25519 Public Key.
 7  - **Self-Sovereign**: No certificate authority; trust is established via "Trust Circles" (web of trust).
 8  
 9  ## Transport Security
10  
11  - **Protocol**: Noise Protocol Framework (or similar Diffie-Hellman handshake).
12  - **Encryption**: X25519 key exchange + ChaCha20-Poly1305 AEAD.
13  - **Perfect Forward Secrecy (PFS)**: Session keys rotate; compromising a long-term key does not decrypt past traffic.
14  
15  ## Data Integrity
16  
17  - **Content Addressing**: Data (blobs, messages) is identified by its hash (CID).
18  - **Signatures**: All DHT values (Announcements, Offers, Bonds) MUST be signed by the author's private key.
19  - **Validation**: Nodes reject any DHT value with an invalid signature or expired TTL.
20  
21  ## Privacy Features
22  
23  - **Ghost Mode**: Statistical traffic masking.
24    - **Padding**: All packets compliant with standard size buckets.
25    - **Chaff**: Fake background traffic makes traffic analysis difficult.
26  - **Metadata Protection**: The DHT stores minimal metadata. Relations are encrypted within Trust Circle blobs.