1  # Abzu Technical Whitepaper v0.4 (Jan 2026)
 2  
 3  > **The Sovereign Mesh Network**
 4  > *Censorship-resistant communication with statistical invisibility.*
 5  
 6  ---
 7  
 8  ## 1. Architecture Overview
 9  
10  Abzu is a **zero-trust overlay network** that treats the internet as an untrusted transport layer. It assumes ISP surveillance, state-level DPI (Deep Packet Inspection), and active interference.
11  
12  ### The Stack
13  
14  1. **Application**: Circles (Group Chat), Drops (Marketplace), Storage.
15  2. **Routing**: Spanning Tree (Yggdrasil-inspired) + DHT.
16  3. **Transport**: FakeTLS + Ghost Mode (Cover Traffic).
17  4. **Physical**: TCP / WebSocket / QUIC.
18  
19  ---
20  
21  ## 2. Cryptographic Foundations
22  
23  Security relies on standard, high-performance primitives. **No custom crypto.**
24  
25  - **Identity**: Ed25519 (Signatures).
26  - **Key Agreement**: X25519 (Ephemeral ECDH).
27  - **Encryption**: ChaCha20-Poly1305 (AEAD).
28  - **Hashing**: BLAKE3 (Content Addressing).
29  - **Derivation**: HKDF-SHA256.
30  
31  **Perfect Forward Secrecy (PFS)** is enforced for every session. Long-term keys verify identity; ephemeral keys protect data.
32  
33  ---
34  
35  ## 3. Censorship Resistance
36  
37  ### 3.1 FakeTLS
38  
39  The handshake mimics a standard TLS 1.3 ClientHello.
40  
41  - **Randomized Session IDs**.
42  - **SNI Rotation**: Mimics traffic to common domains (e.g., `www.google.com`).
43  - **Record Framing**: Data is wrapped in TLS Application Data records (`0x17...`).
44  
45  ### 3.2 Ghost Mode
46  
47  Adaptive cover traffic makes the *shape* of the traffic indistinguishable from noise.
48  
49  - **Pattern Mimicry**: Emulates the inter-arrival times of real traffic.
50  - **Padding**: Compensates for protocol headers to prevent size fingerprinting.
51  - **Silent Discard**: Cover frames are decrypted and dropped without side effects.
52  
53  ---
54  
55  ## 4. Routing & Resilience
56  
57  ### 4.1 Geometric Routing
58  
59  Nodes arrange themselves in a valid spanning tree. Addresses are coordinates: `[Port 1, Port 5, Port 2]`. Packet forwarding is stateless: "Am I the target? If no, which neighbor is closer?"
60  
61  ### 4.2 Repair
62  
63  - **Self-Healing**: If a link breaks, the tree re-converges automatically.
64  - **Multi-Root**: Nodes track redundant roots to survive partition events.
65  
66  ---
67  
68  ## 5. Storage (Drops)
69  
70  Abzu includes a content-addressed storage layer.
71  
72  - **CIDs**: BLAKE3 hashes of content.
73  - **Privacy**: "I have the chunk" ≠ "I know what the chunk is".
74  - **Marketplace**: Nodes can swap storage for reputation or tokens.
75  
76  ---
77  
78  ## 6. Conclusion
79  
80  Abzu is not just a chat app; it is a **Sovereign OS** for the network. It provides the primitives—identity, routing, storage, and privacy—necessary to build truly decentralized applications.
81  
82  > *"The system should not depend on secrecy, and it should be possible for it to fall into enemy hands without inconvenience."* — Kerckhoffs