# Encryption Layers

KayakNet uses multiple layers of encryption to protect your data.

## Overview

```
┌─────────────────────────────────────────────────┐
│  Layer 4: Application E2E Encryption            │
│  (Chat messages, delivery info, etc.)           │
├─────────────────────────────────────────────────┤
│  Layer 3: Onion Routing Encryption              │
│  (3 nested layers, one per hop)                 │
├─────────────────────────────────────────────────┤
│  Layer 2: Transport Encryption (TLS 1.3)        │
│  (Per-connection encryption)                    │
├─────────────────────────────────────────────────┤
│  Layer 1: Physical Transport                    │
│  (TCP/UDP packets)                              │
└─────────────────────────────────────────────────┘
```

## Layer 1: Transport Encryption

Every connection between nodes uses TLS 1.3:

* **Cipher Suite**: TLS\_CHACHA20\_POLY1305\_SHA256
* **Key Exchange**: X25519
* **Certificate**: Self-signed Ed25519

### What It Protects

* Content of packets between directly connected peers
* Node identity (certificate includes public key)

### What It Doesn't Protect

* Traffic patterns (timing, size)
* Metadata (who's talking to whom)

## Layer 2: Onion Routing

Messages are wrapped in 3 layers of encryption:

```
Sender encrypts:
  Layer 3 key → for Exit Node
    Layer 2 key → for Middle Node
      Layer 1 key → for Entry Node
        Message
```

### Key Exchange

Each hop gets its own ephemeral key:

1. Sender generates X25519 keypair
2. ECDH with hop's public key
3. HKDF to derive symmetric key
4. ChaCha20-Poly1305 encryption

### Header Format

```
┌──────────────────────────────────┐
│ Ephemeral Public Key (32 bytes)  │
├──────────────────────────────────┤
│ Next Hop (encrypted)             │
├──────────────────────────────────┤
│ Payload (encrypted)              │
└──────────────────────────────────┘
```

## Layer 3: Application E2E

Chat messages and sensitive data have additional encryption:

### Chat Room Keys

* Symmetric key shared by room members
* Rotated when membership changes
* ChaCha20-Poly1305

### Direct Messages

* X25519 key exchange with recipient
* Per-message key derivation (forward secrecy)
* Ed25519 signature for authentication

### Escrow Data

* Delivery info encrypted to seller's key
* Only seller can decrypt

## Cryptographic Primitives

| Purpose              | Algorithm         | Standard |
| -------------------- | ----------------- | -------- |
| Signatures           | Ed25519           | RFC 8032 |
| Key Exchange         | X25519            | RFC 7748 |
| Symmetric Encryption | ChaCha20-Poly1305 | RFC 8439 |
| Key Derivation       | HKDF-SHA256       | RFC 5869 |
| Hashing              | BLAKE2b-256       | RFC 7693 |

## Key Management

### Node Identity Key

* Ed25519 keypair
* Generated on first run
* Stored in `identity.key`
* Never transmitted

### Session Keys

* Ephemeral per-connection
* X25519 exchange
* Destroyed after use

### Room Keys

* Generated by room creator
* Encrypted to each member
* Rotated on membership change

## Forward Secrecy

KayakNet provides forward secrecy through:

1. **Ephemeral Keys** - New keys per session
2. **Key Rotation** - Regular key changes
3. **Key Destruction** - Old keys deleted

If your long-term key is compromised:

* Past messages remain encrypted
* Only future messages affected

## Quantum Resistance

Current algorithms are NOT quantum-resistant. Planned upgrades:

* **CRYSTALS-Kyber** - Post-quantum key exchange
* **CRYSTALS-Dilithium** - Post-quantum signatures
* **Hybrid Mode** - Classical + PQ for transition

## Implementation Details

### Random Number Generation

```go
// Using crypto/rand for all randomness
import "crypto/rand"

key := make([]byte, 32)
rand.Read(key)
```

### Constant-Time Operations

All cryptographic comparisons use constant-time functions:

```go
import "crypto/subtle"

if subtle.ConstantTimeCompare(a, b) == 1 {
    // Equal
}
```

### Memory Security

Sensitive data is:

* Zeroed after use
* Not logged or printed
* Stored in secure memory where possible

## Verification

You can verify encryption using packet captures:

```bash
# Capture KayakNet traffic
tcpdump -i any port 4242 -w capture.pcap

# Analyze with Wireshark
# All payloads should appear as random data
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.kayaknet.io/security/encryption.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.