Send in your ideas. Deadline October 1, 2024

Software engineering

Software engineering, protocols, interoperability, cryptography, algorithms, proofs

This page contains a concise overview of projects funded by NLnet foundation that belong to Software engineering (see the thematic index). There is more information available on each of the projects listed on this page - all you need to do is click on the title or the link at the bottom of the section on each project to read more. If a description on this page is a bit technical and terse, don't despair — the dedicated page will have a more user-friendly description that should be intelligible for 'normal' people as well. If you cannot find a specific project you are looking for, please check the alphabetic index or just search for it (or search for a specific keyword).

0KNOW — Group Theoretic Zero-knowledge Proofs (0KNOW)

Zero-knowledge proof (ZKP) systems help principals verify the veracity of a piece of information without sharing the data. The overall goal of 0KNOW is to develop a lightweight group-theoretic zero-knowledge proof (GT-ZKP) system that can be employed as a cryptographic primitive in many security protocols such as identification, authentication, or credential ownership. They are widely used to preserve confidentiality and ownership of data. GT-ZKP can be seen as a reusable building block for making the future internet trustworthy and secure. In 0KNOW, we will focus on NP group-theoretic problems and design GT-ZKP by finding an appropriate platform group based on the selected difficult problem considering its applicability in the post-quantum era and we will develop an open-source implementation of GT-ZKP.

>> Read more about 0KNOW

Accessible security — Integration effort of independent security efforts like Qubes, Heads, coreboot, etc

The "Accessible security" project's initiative was sparked by the need for usable security made available to the average citizen. Several projects are contributing a part of this bigger puzzle: QubesOS, coreboot, Heads, me_cleaner, Whonix and others. Yet the average person does not have the sophistication to integrate these software projects. With some effort we can add some missing parts, help the effected projects usability, and facilitate access to cutting-edge developments, currently only usable by developers and more sophisticated users. Bringing these projects together will reduce the amount of expertise and effort required to benefit from these projects.

>> Read more about Accessible security

Authenticated DNSSEC bootstrapping — Secure in-band announcements of DNSSEC parameters

Turning on DNSSEC for a domain involves (1) signing the domain's DNS zone content and (2) adding the signature public key to the chain of trust. The second step has long posed a problem, as it requires (often manual) transfer of information from the domain's operator to the parent (usually the top-level domain). It is largely due to this "DNSSEC bootstrapping problem" that only about 6% of the Top 1M domains are securely delegated (Tranco, 06/2022).

The project extends commonly used authoritative nameserver software with native support for authenticated DNSSEC bootstrapping (draft-ietf-dnsop-dnssec-bootstrapping). This protocol, a soon-to-be IETF standard, allows DNSSEC parameters to be communicated automatically and securely, enabling DNS operators and parent registries to turn on DNSSEC automatically. To measure the protocol's impact on real-world DNSSEC deployment, measurements of protocol adoption over time will be made available.

>> Read more about Authenticated DNSSEC bootstrapping

Autocrypt for Thunderbird — Make email encryption extremely simple

Autocrypt is a specification that provides guidance for e-mail clients on how to achieve a seamless user experience. It does so by transparently exchanging keys, almost entirely automating public key management. This reduces the UI to "single click for encryption". The project will create an extension for the Thunderbird e-mail client that brings this experience to its users. The goal is to provide a new extension with a streamlined user experience that requires as little user interaction as possible, without "poweruser" features and performing practical user testing to identify open pain points. The extension will be based on OpenPGP.js, since this can be packaged directly. This will simplify installation and maintenance a great deal.

>> Read more about Autocrypt for Thunderbird

Bertie — Formally verified TLS 1.3 implementation

The security of the Web ecosystem relies crucially on Transport Layer Security (TLS) protocol, but despite years of study, cryptographic weaknesses and implementation bugs in TLS implementations continue to be found on a regular basis. Bertie is a high-assurance TLS 1.3 implementation written in a subset of Rust called hacspec. Bertie uses the formally verified HACL* cryptographic library and its protocol code can be verified using the F* framework. Hence, it offers strong guarantees from the crypto layer up to the protocol API. The funding from NLnet will be used to stabilise Bertie, add documentation and tests, improve its performance, maintain its proofs, and set it up as an open source project with best practices and long-term software support.

>> Read more about Bertie

Betrusted Storage — Plausably deniable encrypted storage

Betrusted aims to be a secure communications device that is suitable for everyday use by non-technical users of diverse backgrounds. We believe users shouldn’t have to be experts in supply chain or cryptography to gain access to our ultimate goal: privacy and security one can count on. Today’s “private key only” secure enclave chips are vulnerable to I/O manipulation. This means there is no essential correlation between what a user is told, and what is actually going on. Betrusted will build a full technology stack, including silicon, device, OS, and UX that is open for inspection and verification. We've passed the first hurdle of creating an FPGA-based device, which we have spun out into a development platform we call Precursor. We are now advancing deeper into the technology stack to improve FPGA, drivers, OS, and UX elements, all driving toward the common goal of making Betrusted a simple, secure, and strong device that aims to advance Internet freedom.

>> Read more about Betrusted Storage

Blink Qt Messaging — Add modern encryption to SIP softphone

Blink is a mature open source real-time communication application that can be used on different operating systems, based on the IETF SIP standard. It offers audio, video, instant messaging and desktop sharing. This project will extend its capability to support end-to-end asynchronous messaging and end-to-end encription that works both online (OTR) and offline (OpenPGP). Additional features to be developed include end-to-end delivery and read notifications, and a searchable history database.

>> Read more about Blink Qt Messaging

Coko Docs — A modern, open source replacement for Google Docs and Drive

Coko Docs is an open source solution for storing and editing documents using Coko’s publishing technologies. It is the first part of an Open Suite, which will be integrated with professional Open Publishing products. Coko Docs will have a modern collaborative environment for creating, sharing and hosting files in various formats. We aim to build inclusive tools as powerful as Google Drive and Docs, our initial target audience ranges from individuals to small organisations. Our primary goal is an Open Source product with strong Privacy and Security protocols and elegant accessible design. We will utilize the NLnet funding for the first phase of development where we are adding collaborative editing to the integrated document editor, with offline support (for low-bandwidth scenario's).

>> Read more about Coko Docs

CryptoLyzer — Cryptographic settings analyzer library

CryptoLyzer is a cybersecurity tool that can analyze the cryptography-related settings of clients and servers in the case of several different protocols. The tool’s primary purpose is to support end users as well as system administrators, security engineers, auditors, etc., in their work by telling them the details of the currently applied setting and informing them about the potential weaknesses and vulnerabilities.

Unlike many other notable free software projects that focus on just one protocol family, CryptoLyzer wants to be as comprehensive as possible. On the one hand, users can analyze several cryptographic mechanisms (e.g., SSH, HTTP security headers, JA3 tag, and later OpenVPN), not just the most popular TLS protocol. On the other hand, it is possible to test both the standard and special or corner cases. Latter means the tool can test hardly supported, experimental, obsoleted, or even deprecated mechanisms or algorithms, which may carry significant risks. The project intends to learn from the existing projects and integrate their solutions to lower the barrier to good cryptographic settings making communication on private and public networks more secure.

>> Read more about CryptoLyzer

GNU Guix - Cuirass — Continuous integration system for GNU Guix/Linux + Hurd

GNU Guix is a universal functional package manager and operating system which respects the freedom of computer users. The number of supported packages, almost 15.000 on 5 different architectures, is constantly increasing. With the recent efforts adding support for the GNU Hurd operating system, and the ongoing work to easily provide Guix System images for various boards, the need for a strong continuous integration system is critical.

This project aims to improve Cuirass, the GNU Guix continuous integration software to provide binary substitutes for every package or system image within the shortest time. This way, the user won't have to allocate important time and computation power resources into package building. The plan is to add to Cuirass an efficient offloading and work-balancing mechanism between build machines, an improved web interface allowing to monitor machine loads and other build related metrics. A user account section to setup customized monitoring dashboards and subscribe to build failures notifications will also be developed.

>> Read more about GNU Guix - Cuirass

DCnets — Implementation of Dining Cryptographers Network

The aim of the proposed project is to design and implement an open source library that implements the so-called Dining Cryptographer's network or DCnet (first proposed by David Chaum in 1998). Existing implementations suffer from poor efficiency (e.g. high computation and/or communication cost) or limited security (e.g. when a malicious participant can disrupt the communication). The project will produce cryptographic primitives and protocols that help to bring untraceable communication (e.g. untraceable instant messaging, file transfer, IP telephony) closer to practice. We will implement the most recent advances in cryptographic research (e.g. zero-knowledge proofs) and engineering (e.g. highly optimized arithmetic on elliptic curves and finite fields) into account to maximize both security and efficiency.

>> Read more about DCnets

Securing Internet protocols with DIDs — Bridge Decentralized Identifiers with standardised authorisation mechanisms

Many Internet protocols require authentication, e.g. when we check our email account with a username and password, when we authenticate to SSH hosts with public keys, or when we log in to websites using OpenID Connect.

Decentralized Identifiers (DIDs) are a new type of identifier that have associated private keys and can be used for authentication purposes. DIDs are in practice mostly used for exchanging Verifiable Credentials (VCs) between Issuers, Holders, and Verifiers. However, on a more basic level, DIDs can also simply be used as a replacement for usernames/passwords or static public keys, to authenticate by proving control over one's DID. Unlike other identifiers such as usernames or domain names, DIDs do not require a central authority for creating and using them.

In this project, we will work on integrating DIDs with existing Internet protocols that require authentication by developing a new SASL mechanism. The idea is that for example you could log in to your SSH host, email account, IRC server, XMPP server, etc. using your DID, which can improve both usability and security.

>> Read more about Securing Internet protocols with DIDs

Dat Private Network — Private storage in DAT

The dat private network is a self-hosted server that is easy to deploy on cloud or home infrastructure. Key features include a web-based control panel for administration by non-developers, as well as on-disk encryption. These no-knowledge storage services will ensure backup and high availability of distributed datasets, while also providing trust that unauthorized third-parties won’t have access to content.

By creating a turnkey backup solution, we’ll be able to address two of our users’ most pressing questions about dat: who serves my data when I’m offline, and how do I archive and secure important files? The idea for this module came from the community, and reflects a dire need in the storage space -- no-knowledge backup and sync across devices. A properly-designed backup service will provide solutions to both of these questions, and will do so in a privacy-preserving way.

This deliverable will put resources into bringing this work to a production-ready state, primarily through development towards updates that make use of the latest performance and security updates from the dat ecosystem, such as NOISE support. We plan to maintain the socio-technical infrastructure through an open working group that creates updates for the network as it matures.

>> Read more about Dat Private Network

DATALISP — Universal data interchange format using canonical S-expressions

As society moves digital the need for thorough fundamentals becomes more prominent. Datalisp is a laboratory for decentralized collaboration built on a few well understood ideas which imply a certain architecture. The central thesis of datalisp is: "If we agree to use a theoretically sound data interchange format then we will be able to efficiently express increasingly complicated coordination problems", but in order to move the web to a different encoding we will need incentives on our side. A substantial improvement in user experience is needed and we aim to provide it. Ultimately our goal is to give peers the tools they need to protect themselves, and others, by collaboratively measuring the legitimacy of information and locally; by assessing whether data can be trusted as code or whether it requires user attention. Datalisp is the convergence point for all these tools (none of which is named "datalisp") rather than a language, join us in figuring out how to reach it!

>> Read more about DATALISP

Structuring the System Layer with Dataspaces — Implementing a secure and scalable system layer on mobile

The system layer is an essential but often-ignored part of an operating system, mediating between user-facing programs and the kernel. Despite its importance, the concept has only been recently recognised and has not received a great deal of attention. The novel Dataspace Model of concurrency and communication combines a small number of concepts to yield succinct expression of ubiquitous system-layer features such as service naming, presence, discovery and activation; security mechanism and policy; subsystem isolation; and robust handling of partial failure. This project will evaluate the hypothesis that the Dataspace Model provides a suitable theoretical and practical foundation for system layers, since a well-founded system layer is a necessary part of any vision of secure, securable, resilient networked personal computing.

>> Read more about Structuring the System Layer with Dataspaces

dream2nix — Automate reproducible packaging for various language ecosystems

Dream2nix is part of the overal effort to create more technical assurances, transparency and robustness within the software supply chain. Dream2nix as a framework allows more open source projects to achieve reproducible builds easier, and helps to create an auditable toolchain across different technical dependencies. The ability to reproduce software builds is of major importance when it comes to verifying if a given binary is the product of a given source code. Reproducibility also increases the maintainability and reliability of small and large software deployments. The nix build system allows for such reproducibility even for complex software systems. dream2nix integrates existing well known programming language specific package managers like npm, yarn or cargo with the nix build system, which will allow many open source projects to benefit from nix' unique properties.

>> Read more about dream2nix

Encoding for Robust Immutable Storage (ERIS) — Encrypted and content-addressable data blocks

The Encoding for Robust Immutable Storage (ERIS) is an encoding of content into a set of uniformly sized, encrypted and content-addressed blocks as well as a short identifier (a URN). The content can be reassembled from the encrypted blocks only with this identifier (the read capability). ERIS is a form of content-addressing. The identifier of some encoded content depends on the content itself and is independent of the physical location of where the content is stored (unlike content addressed by URLs). This enables content to be replicated and cached, making systems relying on the content more robust.

Unlike other forms of content-addressing (e.g. IPFS), ERIS encrypts content into uniformly sized blocks for storage and transport. This allows peers without access to the read capability to transport and cache content without being able to read the content. ERIS is defined independent of any specific protocol or application and decouples content from transport and storage layers.

The project will release version 1.0.0 after handling feedback from security audit, provide implementations in popular languages to facilitate wider usage (e.g. C library, JS library on NPM), perform a number of core integrations into various transport and storage layers (e.g. GNUNet, HTTP, CoAP, S3), and deliver Block Storage Management (quotas, garbage collection and synchronization for caching peers).

>> Read more about Encoding for Robust Immutable Storage (ERIS)

Edalize ASIC backend — Create open hardware silicon with a fully free software toolchain

Affordable Open Source ASIC development and custom silicon has been a long-standing goal in the community. This will unlock innovation that has previously only been possible for the largest tech companies, allowing for the creation of deployable, trusted Open Source based hardware.

Step by step, this goal has come closer in the last few years as individuals, companies and academic institutions have filled in the missing pieces. Today we have a fully open source end-to-end flow for building open source ASIC - but the effort of on-boarding existing designs remains high. This project aims to provide an easy way to onboard existing gateware and full designs to an open source ASIC flow by creating a FuseSoC backend that targets this toolchain. This will enable a smoother transition from projects already running on FPGAs to also be targeting ASIC flows. It will also allow easier switching between different open source ASIC flows at the point when there are several alternatives to choose from.

In addition to the backend itself, a reference design containing SERV, the world’s smallest RISC-V CPU, will be run through the flow and committed to actual silicon. This will provide a way to guarantee a working flow and provide a simple but usable reference for everyone else looking to onboard their designs. Enabling and demonstrating this path will allow a fully trustworthy path for the fabrication of system-on-a-chip ICs, with no proprietary or closed tools as part of the flow and hence completely inspectable at all stages. This paves the road for other more complex FuseSoC-based open source silicon projects such as OpenTitan and SweRVolf.

>> Read more about Edalize ASIC backend

FOSS Code Supply Chain Assurance — Mitigate attacks through software dependencies

It is of the utmost importance to ensure that FOSS packages from public repositories have not been tampered with by malicious actors. This type of compromise is described as an open source "supply chain attack" and these have been increasing significantly. This project is building a new system (which is FOSS itself) to help verify the integrity of deployed code packages and validate their origin with external data sources, with the potential to mitigate attacks on open source packages supply chains such as: detecting if a package in use is matching verified code by matching source and binaries exactly and approximately. Or detecting abnormal code changes that may be signs of malicious modifications and possible attacks on a package.

The key components of this open code and data solution are a Package and File Fingerprints Database, a Code Similarity and Changes Detection Engine, utilities to detect possibly malicious changes in upstream projects, and integration in build system(s). While existing approaches may require a tight control of the whole code supply chain, the approach of this project is designed for practical usage with limited changes to a build and CI/CD pipeline.

>> Read more about FOSS Code Supply Chain Assurance

FemtoStar Project — Open Hardware Communications Satellite

The FemtoStar Project is developing a low-cost communications satellite, intended for use as part of a scalable, decentralized network enabling verifiably anonymous, geolocation-resistant communications on a global scale. While many anonymizer services are currently available to users of existing communications systems, these serve simply to separate knowledge of identity (which still lies with the communications service provider) from knowledge of activity (which lies at the exit of the anonymizer service). All current wide-area communications networks are fundamentally identifying (users and their hardware are, at minimum, pseudonymous to the network) and no two-way communications system offers any meaningful degree of resistance to geolocation of the user. The FemtoStar Project intends to use a constellation of FemtoStar satellites to provide global, space-based open communications infrastructure linking users to services (which can be operated by anyone, and require no special ground station installation beyond a regular FemtoStar user terminal) or directly to other users, and requiring no identification or geolocation of user terminals. We are seeking funding for the development of a prototype satellite and user terminal, implementation and testing of the FemtoStar protocol on this hardware, and, dependent on funding amount and regulatory approval, the licensing and launch of one FemtoStar satellite to low earth orbit for system testing and, possibly, for use in a limited open beta service. With prototype hardware and, ideally, with one production satellite in orbit, the FemtoStar Project will be able to validate the FemtoStar system and move towards our goal of operating a scalable constellation for global, verifiably-private communications service - a world-first in privacy technology.

>> Read more about FemtoStar Project

GNU Mes — Help create an operating system we can trust

GNU Mes was created to address the security concerns that arise from bootstrapping an operating system using large, unauditable binary blobs, which is common practice for all software distributions. Mes is a Scheme interpreter written in a simple subset of C and a C compiler written in Scheme and comes with a small, bootstrappable C library. The Mes bootstrap has halved the size of opaque binaries that were needed to bootstrap GNU Guix, a functional GNU/Linux distribution that focusses on user freedom, reproducibility and security. That reduction was achieved by replacing GNU Binutils, GNU GCC and the GNU C Library with Mes. The final goal is to help create a full source bootstrap for any interested UNIX-like operating system. After three years of volunteer work this funding will enable us to take another big step forward and reach an important new milestone in creating more auditable secure software distributions.

>> Read more about GNU Mes

Full-source GNU Mes on ARM and RISC-V — Expand full-source bootstrap to other CPU platforms

GNU Mes was created to address the security concerns that arise from bootstrapping an operating system using large binary blobs of several 100s of megabytes, which (incredibly so!) is common practice for the software supply chains in use today. While these days users can reproducibly build software with modern functional package managers like Guix and Nix, the presence of potentially toxic code in these unauditable blobs or the propagation into binaries cannot be excluded. Users have no technical assurance that the executable they use corresponds with the source code - or whether the tool chain which compiled the source code introduce weaknesses or undefined behaviour. By making the toolchain 'bootstrappable' (as per, users can verify themselves for every step what happens - in the case of GNU Mes from one tiny (and orders of magnitude more easily verifiable) 357-byte file upwards. The final goal is to help create a "full source" bootstrap for any interested UNIX-like operating system and any type of architectures. In this project the project will add ARM and RISC-V, with other architectures on the roadmap.

>> Read more about Full-source GNU Mes on ARM and RISC-V

GNU Mes RISC-V — Bringing the trustworthy bootstrap to RISC-V

GNU Mes was created to address the security concerns that arise from bootstrapping an operating system using large, unauditable binary blobs, which is common practice for all software distributions. Mes is a Scheme interpreter written in a simple subset of C and a C compiler written in Scheme that comes with a small, bootstrappable C library. The final goal is to help create a full source bootstrap for any interested UNIX-like operating system. This funding will enable GNU Mes to work on the RISC-V platform, an instruction set architecture (ISA) that is provided under open licenses. Combining GNU Mes with an open ISA will provide an extra level of security and trust by extending the auditability of the system from the software to also the hardware.

RISC-V is a relatively new architecture so this effort requires the backport of many tools that were already available for GNU Mes in other architectures. Also the modular nature of RISC-V makes it an specially complex bootstrap target, because it needs to support all the possible RISC-V implementations. This project aims to overcome the current limitations to prepare GNU Mes and all the associated projects for a full RISC-V port.

>> Read more about GNU Mes RISC-V

GNU Mes: Full Source bootstrap

GNU Mes was created to address the security concerns that arise from bootstrapping an operating system using large, unauditable binary blobs, which is common practice for all software distributions.

Mes is a Scheme interpreter written in a simple subset of C and a C compiler written in Scheme and comes with a small, bootstrappable C library.

The Mes bootstrap has greatly reduced the size of opaque binaries that were needed to bootstrap GNU Guix, a functional GNU/Linux distribution that focusses on user freedom, reproducibility and security.

That reduction (from ~250MB to ~60MB) was achieved by first replacing GNU Binutils, GNU GCC and the GNU C Library with Mes. The second step was funded by NLnet ( and replaced GNU Awk, GNU Bash, the GNU Core Utilities, GNU Grep, GNU Gzip, GNU SED, and GNU Tar with a more mature Mes, Gash and Gash-Utils.

The final goal is to help create a full source bootstrap for any interested UNIX-like operating system and non-intel architectures (see This funding will enable us to take another big step forward and reach an important new milestone in creating more auditable secure software distributions.

>> Read more about GNU Mes: Full Source bootstrap

GNU Mes Tower — GNU Mes with alternative scheme implementations and WASM

GNU Mes was created to provide transparency and strong technical assurances when bootstrapping an operating system - instead of using large, unauditable binary blobs that bring the risk of "reproducibly malicious" behaviour within the software toolchain. GNU Mes provides a transparent alternative: starting from a Scheme implementation of a C compiler, and a minimal Scheme interpreter written in C, to bootstrap the full GNU toolchain capable of building the rest of all open-source software.

The GNU Mes Tower projects will add the option to stay on the "Scheme" path without having to resort to C, starting from either same minimal Scheme interpreter with a specializer as a Scheme compiler capable of generating native binaries. To achieve self-hosting, a series of bootstrapping steps will be implemented to add features to each interpretation level one-by-one, maintaining specialization to native code. The sequence of more and more capable Scheme compilers will allow operating systems like Guix to be bootstrapped without C, and move from a minimal Scheme interpreter to full-blown modern scheme dialects to allow much more advanced features and optimisations during the bootstrap.

>> Read more about GNU Mes Tower

GPG Lacre project — Best effort encryption of mail flows with OpenPGP

This project is the continuation of the work on providing open source, GnuPG based email encryption for emails at rest. All incoming emails are automatically encrypted with user's public key before they are saved on the server. It is a server side encryption solution while the control of the encryption keys are fully at the hands of the end-user and private keys are never stored on the server.

The scope of the project is to improve on the already existing code, provide easy to use key upload system (standalone as well as Roundcube plugin) and key discoverability. Beside providing a solution that is easy to use we will also provide easy to digest material about encryption, how it works and how to make use of it in situations other the just mailbox encryption. Understanding how encryption works is the key to self-determination and is therefore an important part of the project.

GPG Mailgate will be battle tested on the email infrastructure of (an ethical non-profit service provider).

>> Read more about GPG Lacre project

Gash — Port Gash to GNU Mes for auditable bootstrap

For several years, the GNU Guix project has been reducing the amount of unauditable binary blobs used in bootstrapping its operating system, through efforts such as GNU Mes. This is needed to avoid "reproducibly malicious" behaviour within the software toolchain.

Gash is a POSIX-compatible shell written in Guile Scheme. Gash provides both the traditional shell interface, as well as a Guile library for parsing shell scripts. Once this project is completed, Guix (and other operating systems) can be bootstrapped from legible source, without depending on already compiled compilers or C standard libraries. This will allow to move step by step from a minimal Scheme interpreter to full-blown modern scheme dialects to subsequently much more advanced features and optimisations required during the bootstrap.

>> Read more about Gash

Real time graph database search engine — Live filtering on graph database streams

Based is the world's first open source pub/sub real time graph database. It allows for millions of concurrent connections to changes in data or relationships, and offers built-in features such as authentication, internationalisation, server-side scripts for automation, time-series data, and user management. This saves money, complexity, and maintenance. In this project we will work on a full text indexing engine, that will give developers and end users the ability to query text in real time – and get back any updates in text instantly. The search engine is geared toward working with our database, but is applicable to any database in which users are interested in text search that updates in real time and indexes dynamically.

>> Read more about Real time graph database search engine

Himalaya — End-to-end encryption capable scriptable email

Himalaya is a cross platform and open source toolsuite for managing emails. Its aim is to extract the email business logic into a safe and secure Rust library, so it can be consumed by any compatible client. This architecture makes the tool very flexible and versatile: move batch of emails from the command-line input, automatically sign or decrypt emails levering OpenPGP's web of trust, view HTML version of emails from the terminal, write emails with your favourite text editor, set up a new message notifier in a systemd daemon, view emails from a graphical user interface alla Thunderbird… possibilities are endless! The funding from NLnet will be used to release the first production-ready version of the library and to release few compatible clients like a CLI, a TUI, a GUI, a Vim plugin and an Emacs plugin. Himalaya also plans to extend the concept to other email-related domains, like contact management, events/calendar management, tasks management etc.

>> Read more about Himalaya

A proof of concept of identity-based encryption — Make encryption simpler

The project aims to extend the existing attribute-based identity platform IRMA with easy-to-use encryption. The kind of encryption is called Identity-Based. Its main advantage is that key management is simple, so that encryption becomes easy to use, via a plugin to an email client (only Thunderbird in this proof of concept project). The plugin computes the public key of the recipient of a message, from some uniquely identifying attribute of the recipient (typically an email address, but phone number, or citizen registration number could work as well). The receiver of the message will have to prove, via IRMA, possession of the uniquely identifying attribute to some Trusted Third Party (TTP), which will then provide the corresponding private key. Within this project a working set-up will be built. Turning it into a widely usable product will require more work, in follow-up projects.

>> Read more about A proof of concept of identity-based encryption

IPDL — Equational Proofs for Distributed Cryptographic Protocols

In cryptography, interactive, distributed cryptographic protocols are most often proved secure using the simulation paradigm, wherein the protocol of interest is proved (approximately) equivalent to an idealization. The simulation paradigm is extremely powerful, as it allows a wide range of security properties to be captured under one definition. On the other hand, while expressive, the simulation paradigm presents extra complications for formally verifying security proofs. Proving equivalences between distributed protocols in general requires heavyweight techniques based on manually constructing so-called bisimulations (suitable relational invariants), which creates a barrier to entry for formal methods. We lower this barrier to entry with IPDL, or Interactive Probabilistic Dependency Logic, a new process calculus for cryptographic protocols. IPDL includes an approximate equational logic that allows computationally sound reasoning about protocols in a manner both close to the simulation paradigm and amenable for formal verification. Using IPDL, we deliver short, simulation-based proofs of variety of cryptographic protocols. Our most complex and very general case study verifies the n-party GMW protocol for secure function evaluation.

>> Read more about IPDL

Standardizing KEMTLS — Post-quantum TLS without handshake signatures

KEMTLS is a recent academic proposal for an alternative way of adding authentication to the Transport Layer Security (TLS) protocol. The project is motivated by the need to migrate public key cryptography to new algorithms that resist attacks by quantum computers. Compared to traditional cryptography, post-quantum signature schemes generally have larger public keys and/or signatures, and need more computational effort. KEMTLS, published at the ACM Computer and Communications Security Conference in 2020, replaces signature-based authentication for web servers with a post-quantum key exchange (called a KEM) in a way that saves communication and computation.

In this project we aim to prepare KEMTLS for standardization by the Internet Engineering Task Force (IETF). To that end we will implement KEMTLS in a few different open source TLS software libraries and demonstrate the viability and interoperability of these implementations. This software will assist later implementers of KEMTLS by allowing to validate their implementations against our reference. We will also investigate optimizations for using KEMTLS in specialized environments like IoT, and will investigate issues involving certification of KEM keys.

>> Read more about Standardizing KEMTLS

Kazarma — Bridge ActivityPub and Matrix realms

Matrix-Appservice-CommonsPub is a bridge between two decentralized protocols: Matrix and ActivityPub. The development includes polishing CommonsPub, an Elixir generic ActivityPub implementation, and creating an Elixir library to build Matrix bridges. We will first focus on private messages between Matrix users and users of an ActivityPub-enabled platform, like PeerTube or Funkwhale, then explore the possibilities of synchronizing ActivityPub feeds (e.g. "toots" feeds) in Matrix. The bridge comes as an easy-to-deploy, secure and scalable solution.

>> Read more about Kazarma

Private Key Operations for Keyoxide — Implement Private Key Store design in Keyoxide

Keyoxide is one of the open-source success stories when it comes to providing an alternative to the proprietary product (Keybase). The UI is straightforward so that the interaction with the site is available to all kinds of users. Unfortunately there is one critical part that differentiates Keyoxide from Keybase - no support for private key operations. Adding proofs requires a complex maze of command line invocations. This project will implement best of both worlds: simple, UI centric way of interaction without technical knowledge required and the strong security of Keyoxide.

>> Read more about Private Key Operations for Keyoxide

Keyoxide v2 — Add cryptographic signature based to Keyoxide

How do you discover which other online accounts across different services and service providers actually belong to the same person? Keyoxide is a secure, privacy-friendly and decentralized platform to manage online identities, uncompromisingly driven by what the user herself wants to share.

Keyoxide is a new type of service to allow proving linked account ownership on a variety of platforms. Keyoxide levers existing and battle-tested cryptographic primitives. The goal is to give users more control over their online presence, independent from dominant internet actors - without in fact having to depend on any centralised services or third parties. The project will build on top of the existing OpenPGP Identity Proofs to add other types of profiles based on various cryptographic signature mechanisms from a variety of new tools. To maintain linkable profiles, a new signature-hosting infrastructure needs to be designed and developed. Other improvements are aimed at safeguarding privacy and achieving plausible deniability.

>> Read more about Keyoxide v2

Kiwi IRC — Self-hosted web IRC environment

Kiwi IRC is an open messaging platform that any online organisation or community can use. We do not believe that any community should be locked into a single vendor for their communication tools as this restricts how the community grows and develops - the community itself should dictate how they develop over time. Working with other open source projects in the IRC world, we are expanding the generally available privacy tools and making them usable for mainstream use. This will see tools such as end-to-end encryption and mobile applications being brought to users taking advantage of open messaging, improving the privacy of millions of existing IRC users and pushing for open platforms.

>> Read more about Kiwi IRC

Improve Email Encryption in KMail — Adopt improvements in Email Encryption in KMail

The goal of this project is to make it more simple for inexperienced users to just use encrypted mails, at the click of a button. Autocrypt is a new method for email encryption, that needs nearly no user interaction. It performs the needed key exchange transparently in the background, and does key management automatically. Encrypted Headers is a protocol to send mail headers in the encrypted mail part. Traditional encryption methods leaked meta-data, which could be used for mass surveillance purposes. The result will be part of the KDEPIM codebase, so you don't have to install anything else than KMail to use these improvements.

>> Read more about Improve Email Encryption in KMail

ARPA2 LDAP Middleware — Privacy enhancing middleware

Some protocols are far better known than others. Everyone will recognise the HTTP protocol we use to transfer web pages. LDAP is not as well known, but it is also a key technology we use on a daily basis - in fact it shapes how most organisations are organised online. LDAP is a proven technology but can be cumbersome to work with, and as a result it has seen little innovation in recent years.

This project develops a number of innovatie middleware components from the ARPA2 project. This includes a privacy enhancing middleware for LDAP (LEAF), which allows to do attribute filtering and selectively transforming of LDAP; SteamWorks, which allows for responsive large scale configuration and trust delegation; and Lillydap, a library that can be used to easily add LDAP to any application. The project also delivers on (broad)er deployability of these building blocks, by providing tools for distropackaging the innovative solutions produced by the project.

>> Read more about ARPA2 LDAP Middleware

XMPP-ActivityPub gateway — XMPP, ActivityPub and E2EE Pubsub

XMPP (aka Jabber) is the vendor-netural internet standard for instant messaging. ActivityPub is a web standard for federated social networking, used in software like Mastodon, Pleroma, PeerTube, Pixelfed and Funkwhale. The project consists of two components: an ActivityPub-XMPP gateway, which will be a component bridging these protocols - enabling ActivityPub users to access XMPP blogs, comments and other features, and vice versa. And adding state of the art end-to-end encryption (E2EE) for PubSub and filesharing, which entails proposing a new XMPP standard which can provide a secure way to publish, retrieve and subscribe to all sorts of data over XMPP.

The project is built on Libervia (previously known as "Salut à Toi"), a communication ecosystem based on XMPP. Libervia offers several interfaces (web, desktop, mobile, command line, text UI) and explores the XMPP protocol beyond instant messaging. Libervia features chat, blogging, file sharing, photo albums, events, forums, etc. Libervia's goal is to develop an all-in-one, easy to use "familial and personal social network", i.e. a tool to communicate with the people close to you securely - and that lets your personal data stay within your control (as it should be).

>> Read more about XMPP-ActivityPub gateway

The Libre-SOC Gigabit Router — Native Open Hardware chip implementation of crypto primitives

The Libre-SOC Project is developing a Libre System-on-a-Chip in a transparent fashion to engender end-user trust. Based on the OpenPOWER ISA, the next logical step is to extend and modernise OpenPOWER into the cryptographic and blockchain realm, and to do so in a practical way: design a Router ASIC. Whilst many commercial ASICs would do this using hard-coded non-transparent blocks or instructions, true transparency really only exists if the ISA has general-purpose primitives that can be Formally (mathematically) validated. The Libre-SOC Crypto-router Project therefore goes back to mathematical "first principles" to provide general-purpose Galois-Field, Matrix abstraction and more, on top of Simple-V Vectorisation. This provides flexibility for future cryptographic and blockchain algorithms on a firm transparent foundation.

>> Read more about The Libre-SOC Gigabit Router

Libre-SOC Formal Correctness Proofs — Mathematical unit tests for open hardware System-on-Chip

Hardware projects like the Libre-SOC Project involve writing an inordinate amount of comprehensive unit tests to make sure everything functions the way it should. This is a critical and expensive part of the overall design process. Formal Mathematical Proofs (already quite popular in secure software development) provide an interesting alternative for several reasons: they're mathematically inviolate, which we believe makes them more trustworthy. And they are simpler to read and much more comprehensive (100% coverage), saving hugely on development and maintenance. From a security and trust perspective, both aspects are extremely important. Security mistakes are often accidental due to complexity: a reduction in complexity helps avoid mistakes. Secondly: independent auditing of the processor is a matter of running the formal proofs. The project aims to provide proofs for every module of the Libre RISC-V SoC, and therefore contributes significantly with the larger goal of developing a privacy-respecting processor in a way that is independently verifiable.

>> Read more about Libre-SOC Formal Correctness Proofs

Librecast Live — Live streaming with multicast

The Librecast Live project contributes to decentralizing the Internet by enabling multicast. Multicast is a major network capability for a secure, decentralized and private by default Next Generation Internet. The original design goals of the Internet do not match today's privacy and security needs, and this is evident in the technologies in use today. There are many situations where multicast can already be deployed on the Internet, but also some that are not. This project will build transitional protocols and software to extend the reach of multicast and enable easy deployment by software developers. Amongst others it will produce a C library and POC code using a tunneling method to make multicast available to the entire Internet, regardless of upstream support. We will then use these multicast libraries, WebRTC and the W3C-approved ActivityPub protocol to build a live streaming video service similar to This will be a complement to the existing decentralised Mastodon and Peertube projects, and will integrate with these services using ActivePub. By doing so we can bring live video streaming services to these existing decentralised userbases and demonstrate the power of multicast at the same time. Users will be able to chat and comment in realtime during streaming (similar to YouTube live streaming). This fills an important gap in the Open Source decentralised space. All video and chat messages will be transmitted over encrypted channels.

>> Read more about Librecast Live

Lizard — E2E Rendez-vous and discovery

The Lizard project aims to develop a common protocol for end-to-end encrypted social applications using Tor as underlying transport mechanism, with the addition of store-and-forward servers discovered through the Tor hidden service directory. The protocol takes care of confidentiality and anonymity concerns, and adds mechanisms for easily synchronising application-level state on top. All communications are done "off the grid" using Tor, but identities can be publicly attested to using existing social media profiles. Using a small marker in your social profiles, you can signal to other Lizard users that they can transparently message you over Lizard instead. By taking care of these common discovery and privacy concerns in one easy-to-use software suite, we hope that more applications will opt for end-to-end encryption by default without compromising on anonymity.

>> Read more about Lizard

LumoSQL — Create more reliable, distributed embedded databases

The most widely-used database (SQLite) is not as reliable as it could be, and is missing essential features like encryption and safe usage in networked environments. Billions of people unknowingly depend on SQLite in their applications for critical tasks throughout the day, and this embedded database is used in many internet applications - including in some core internet and technology infrastructure. This project wants to create a viable alternative ('rip and replace'), using the battle tested LMDB produced by the LDAP community. This effort allow to address a number of other shortcomings, and make many applications more trustworthy and by means of adding cryptography also more private. Given the wide range of use cases and heavy operational demands of this class of embedded databases, a serious effort is needed to execute this plan in a way where users can massively switch. The project will extensively test, and will validate its efforts with a number of critical applications.

>> Read more about LumoSQL

LumoSQL at-rest data security — Modern embedded database with encryption and signed data

LumoSQL is an embedded database that combines various modern database technologies into a single powerful abstraction while remaining a drop-in replacement for the most-used database worldwide, SQLite. LumoSQL brings to embedded databases features including built-in encryption, per-row checksum verifiability of all data (without the overhead of e.g. a blockchain), and a choice of storage backends.

In this project the LumoSQL community works towards the 1.0 version which will add a slew of attractive features such as encrypted embedded data at-rest (which can be unlocked either through role based access control or even outside of unmodified apps with a hardware token like Nitrokey), signed data rows and data tables (so users can cryptographically verify the integrity of data), as well as improved documentation and cross-platform availability. In addition the project is producing valuable tools such as the not-forking project, which addresses the root cause of many real-world security issues as customisation without such a tool requires hard-to-maintain forking.

>> Read more about LumoSQL at-rest data security

Distributed Trust for Web Servers — Establishing a Distributed Trust Authority

The M-Pin protocol, and its implementation in the Milagro project currently incubating at Apache, provides cryptographic security using a distributed trust model. In place of the single point of failure (and high-value target for social engineering attacks) of today's Certificate Authorities (CAs), cryptographic verification is assembled from two or more mutually independent authorities, all of which would need to be subverted at once to break security. This project helps bring distributed trust to the Web, by implementing M-Pin support via Milagro's libraries in leading Open Source web servers. This will pave the way both to a distributed trust alternative to monolithic CAs and browser trust lists, and to a distributed trust alternative to protocols such as OpenID for user identification.

>> Read more about Distributed Trust for Web Servers

Monal IM — Free Jabber/XMPP client for iOS and macOS

Monal is a open source XMPP instant messaging client for MacOS and iOS which strives to be the go-to client for these platforms just like the app Conversations is for Android. XMPP in general is an open and standardized protocol for real time communication. Anyone can host their own server and communicate freely with each other, just like with email and just like email the used addresses are of the form "user@domain.tld". In this project, Monal will among others add end-to-end encryption to its chat interface, in this case the OMEMO XEP which uses a so call double ratchet mechanism to provide strong protection of the confidentiality of messages.Within the project, the team will also implement various other XEPs such as audio and Video (A/V calls), adding modern functionality and improving interoperability with other clients.

>> Read more about Monal IM

Movim — Add OMEMO encryption to Movim XMPP client

Movim is a web platform that delivers social and IM features on top of the mature XMPP standard (aka Jabber). Unlike other chat apps, with XMPP you have a choice of both servers and clients - and the ability to add any features you want, and restrict your trust to those that deserve it. Movim is a user-friendly communication platform aimed at small and medium structures (up to a hundred simultaneous users), and sports a number of unique social features beyond instant messaging. And because it sits on XMPP, Movim users can explore the whole global instant messaging network from a single account.

In this project, Movim will add end-to-end encryption to its chat interface, in this case the OMEMO XEP. Since Movim is browser based, the implementation will be have to put the encryption layer client-side - or in other words, inside the browser. Because users can connect simultaneously on the same XMPP account using different browsers with Movim, each browsers will be seen as a different "device". Decrypted messages will be saved in a browser database, using IndexedDB. The web server will just take care of handling public keys to the XMPP network and store the encrypted messages, same as the user's XMPP server does when using archiving methods. The project will deal with both the one-to-one chat implementation and the Multi-User Chat part of Movim. This is part of a concerted effort to create reliable end-to-end encryption for XMPP based real time communications. At present growth of the wider network is hampered by lack of interoperability.

>> Read more about Movim

SecSync — Efficiently combine end-to-end encryption with CRDTs

While popular CRDT implementations like Yjs or Automerge offer several designs and even implementations on how to asynchronously exchange data using servers, there is no plug & play implementation serving end-to-end encrypted systems. Focus of the first version of SecSync is to provide a protocol to efficiently exchange and resolve e2e encrypted CRDTs. It comes with a plug and play reference implementation on top of Yjs and should be well documented. By leveraging snapshots as well as operations logs referencing snapshots the load times should reduced while still offering real-time collaboration.

>> Read more about SecSync

NeoChat — Native Matrix encrypted instant messaging client

NeoChat is a client for Matrix, an open and decentralized chat protocol. NeoChat is using Qt and KDE technologies to run on many platforms: Linux, Windows, macOS, Plasma Mobile and Android. One of the biggest missing features for NeoChat is support for end-to-end encryption. Currently, all the messages are sent unencrypted and encrypted conversation can't be read in NeoChat. This is not a problem for public rooms since they are usually not encrypted, but it makes NeoChat unsuitable for usage in a private or professional context. The goal of this project is to enable support for encryption in NeoChat. Since NeoChat uses libQuotient, a client library for the matrix protocol, most of the work will take place in libQuotient. This means that the work done in the project will also help other Matrix clients and bots built with Quotient, in particular Spectral and Quaternion.

>> Read more about NeoChat

neuropil — Privacy by design P2P search including IoT

Neuropil is an open-source de-centralized messaging layer that focuses on security and privacy by design. Persons, machines, and applications first have to identify their respective partners and/or content before real information can be sent. The discovery is handled internally and is based on so called "intent messages" that are secured by cryptographic primitives. This project aims to create distributed search engine capabilities based on neuropil, that enable the discovery and sharing of information with significantly higher levels of trust and privacy and with more control over the search content for data owners than today's standard.

As of now large search engines have implemented "crawlers", that constantly visit webpages and categorize their content. The only way to somehow influence the information that is used by search engines is by using a file called „robots.txt“. Other algorithms are only known to the search engine provider. By using a highly standardized "intents" format that protects the real content of users, this model is reversed: data owners define the searchable public content. As an example we seek to implement the neuropil messaging layer with its extended search capabilities into a standard web server to become one actor and to handle and maintain the search index contents of participating data owners. By using the Neuropil messaging layer it is thus possible to build a distributed search engine database that is able to contain and reveal any kind of information in a distributed, concise and privacy preserving manner, without the need for any central search engine provider.

>> Read more about neuropil

Nitrokey — Open hardware for encryption and authentication

Nitrokey is an open source hardware USB key for data encryption and two-factor authentication with FIDO. While FIDO is supported by web browsers, using Nitrokey as a secure key store for email and (arbitrary) data encryption requires a native software. Therefore email encryption in webmail isn’t possible with Nitrokey. At the same time strong end-to-end encryption in web applications all share the same challenge: To store users' private keys securely and conveniently. Therefore secure end-to-end encryption usually requires native software too (e.g. instant messenger app) or - less secure - store the user keys password-encrypted on servers. Nitrokey aims to solve these issues by developing a way to use Nitrokey with web applications. To avoid the necessity of device driver, browser add-on or separate software this project is going to utilize the FIDO (CTAP) protocol. As a result the solution will work with any modern browser (which all support WebAuthn), on any operating system even on Android. This will give any web application the option to store private keys on ones own Nitrokey devices.

>> Read more about Nitrokey

Trussed — Open hardware for encryption and authentication

The project summary for this project is not yet available. Please come back soon!

>> Read more about Trussed

UEFI Secure Boot support for NixOS — Add a self-sovereign root of trust as part of supply chain security

This project combines the power of the reproducible package manager Nix with the cryptographic protections of UEFI Secure Boot to provide concrete assurances about the authenticity of the software being booted into. Supply chain security works upward from a root of trust, which has to be in place before the very first bytes of code are even executed by a host’s CPU. UEFI Secure Boot helps provide this root of trust. Using UEFI Secure Boot, the host’s firmware will only boot the operating system if it is signed by a key stored in the firmware. This key may be issued by Microsoft, or in this project’s case, be generated by the user. This can help resist attacks from malware or other attacks against the system’s integrity. Obviously, when people use a commodity operating system commercially available to everyone (like Microsoft Windows) the security protection is far less and the risks are far greater than when someone generates a custom operating system with a reproducible tool like Nix. The Host and signing service will use TPM-backed attestation keys to mutually attest the authenticity of the requests.

This tool will initially support systemd-boot and uboot, however the project will be specifically designed with the intention of supporting additional bootloaders.

>> Read more about UEFI Secure Boot support for NixOS

Nyxt — A programmable browser with advanced search integration

Nyxt is a new type of web browser designed to empower users to find and filter information on the Internet. Web browsers today, largely compete on performance in rendering, all whilst maintaining similar UIs. The common UI they employ is easy to learn, though unfortunately it is not effective for traversing the internet due to its limited capabilities. This presents itself as a problem when a user is trying to navigate the large amounts of data on the Internet and in their open tabs. To deal with this problem, Nyxt offers a set of powerful tools to index and jump around one's open tabs, through search results and the wider Internet. For example, Nyxt offers the ability for the user to filter and process their open tabs by semantic content search. Because each workflow and discipline is unique, the real advantage of Nyxt is in its fully programmable and open API. The user is free to modify Nyxt in any way they wish, even whilst it is running.

>> Read more about Nyxt

Off-the-Record messaging version 4 — Advanced protocol for secure messaging

OTRv4 is the newest version of the Off-The-Record messaging protocol. It is a protocol where the newest academic research intertwines with real-world implementations. It's aim is to give end-to-end encryption, deniability, authentication, forward secrecy and post-compromise security for any kind of messaging (online or offline). The goal of this new version is to give the most secure privacy and security properties that have a real impact on the world. This new version aims to be available in different desktop clients (that use XMPP or other messaging protocol) and in mobile clients.

>> Read more about Off-the-Record messaging version 4

Improve Okular digital signature support — Improve open source tooling for digital signatures

Okular is a Free Software document viewer that supports multiple file formats such as PDF and OpenDocument Format, and besides viewing allows for annotation and digital signatures. It was initially created for desktop Linux and UNIX operating systems but meanwhile has grown into a universal, vendor-neutral document tool for all platforms - including an increasing amount of mobile operating systems such as Android, postmarketOS and pureOS. Digital signatures allow people to establish the source of documents, but can also be used to enter into legally binding agreements or contracts - so having a reliable and transparent solution is important. The aim of this project is to improve the support of PDF digital signatures in Okular both from the point of view of features and usability, making it easier for users to interact with this crucial privacy and security functionality.

>> Read more about Improve Okular digital signature support

Opaque Sphinx Server and Clients — Server and tools for modern authentication

Passwords are probably the most common way to remotely use private services, which makes them a major liability - humans on average find it very hard to memorize strong passwords. Luckily, passwords - or more particularly tools to work with passwords more safely - are evolving as well. SPHINX is a novel approach to password storage that is information theoretically secure. And unlike most online password managers, the user does not even have to trust the server. OPAQUE is a novel protocol that can be used to eliminate phishing as an attack vector when authenticating to servers. The combination of SPHINX and OPAQUE provides some very strong guarantees while still allowing users to only need to remember one or just a few passwords. This project will develop a SPHINX server in a safe, compiled language, with ample tests. It will also further develop and refine a protocol above SPHINX, handling creation, deletion, backup and changing of data. In addition it will add the OPAQUE protocol to various free software ecosystems such as PHP, java, nodejs, ruby, golang, erlang and rust, as well as to the two most used webservers: nginx and apache2.

>> Read more about Opaque Sphinx Server and Clients

OpenCryptoHW — CGRA- based reconfigurable open-source cryptographic IP cores

OpenCryptoHW aims to develop reconfigurable open-source cryptographic hardware IP cores for Next Generation Internet. With the Internet of Things (IoT) upon us, security and privacy are more important than ever. On the one hand, if the security and privacy features are exclusively implemented in software, the risk of breaches is high. On the other hand, if implemented solely in hardware, it is impossible to fix bugs or deploy critical updates, which is also a threat to security and privacy. Hence, we propose to use reconfigurable hardware, providing the flexibility of software and the trustworthiness of hardware. Hacking into it requires first hacking the device’s configuration infrastructure and then hacking the algorithm itself, which is way more complicated. There have been proposals to implement cryptographic IP cores using Field Programmable Gate Array (FPGAs). However, the FPGA configuration infrastructure is cumbersome and proprietary, increasing device cost and compromising safety. Therefore, we propose to use open-source Coarse-Grained Reconfigurable Arrays (CGRAs) instead of FPGAs. CGRAs have much lighter configuration circuits and are not controlled by any private entity. With OpenCryptoHW, hardware and system designers will be able to download CGRA-based cryptography IP cores for free and under a permissive license, ready to integrate into their silicon designs.

>> Read more about OpenCryptoHW

OpenCryptoLinux — Make Linux run on OpenCryptoHW

OpenCryptoLinux aims to develop an open, secure, and user-friendly SoC template capable of running the Linux operating system, with cryptography functions running on a RISC-V processor. The processor will control a low-cost Coarse-Grained Reconfigurable Arrays (CGRAS) for enhanced security, performance, and energy efficiency. Running Linux on this SoC allows non-hardware experts to use this platform, democratizing it. This project will help build an Internet of Things (IoT) that does not compromise security and privacy. The project will be fully open-source, which guarantees public scrutiny and quality. It will use other open-source solutions funded by the NLnet Foundation, such as the RISC-V processors from SpinalHDL and the OpenCryptoHW project.

>> Read more about OpenCryptoLinux

DRTM implementation for AMD processors — Unified framework for dynamic RTM

The Trenchboot project aims to create a unified framework for dynamic RTM (DRTM) implementation for all platforms. (D)RTM is used to verify if bugs or vulnerabilities have compromised a system, and as such is an important component to get to advanced stages of trustworthiness for our hardware.

>> Read more about DRTM implementation for AMD processors

Open MLS Infrastructure — End-to-end encrypted group messaging

The Open MLS infrastructure project aims at designing and implementing infrastructure components for the MLS (Messaging Layer Security) protocol currently under development by the IETF ( While it is theoretically possible to run MLS peer-to-peer, most use-cases will require central components that take care of ordering and queueing messages, as well as managing group state. Our goal is to create components that are secure, metadata-minimizing, modular, and that allow for federation. This lays a foundation for improving existing and future messaging applications, and will allow to validate a potential future application-layer specification.

>> Read more about Open MLS Infrastructure

Improving OpenSSH's Authentication and PKI — Improving SSH Authentication with OpenPGP transitive trust

It would not be a stretch to say that ssh secures the Internet - it is the protocol most relied on to log into servers of any type. Yet, its authentication model is inflexible, rarely used properly, and inadequate. OpenPGP's transitive trust (aka "web of trust") mechanisms and revocation certificates can help to provided additional automated assurances. By publishing and certifying OpenPGP keys for servers, an ssh client may be able to automatically check whether an encrypted connection is not only encrypted, but also authenticated. Similarly, server administrators can automatically find the right public key for users. And when a server key or user key is compromised, using OpenPGP, it is straightforward to ensure that it won't be trusted: just publish a revocation certificate. This project will add OpenPGP support to OpenSSH to improve and simplify these workflows.

>> Read more about Improving OpenSSH's Authentication and PKI

Interoperable Certificate Store for OpenPGP — Standardisation effort for shared OpenPGP certificate storage

This project will build a public cert store for OpenPGP keys, with well defined data structures and access mechanisms to facilitate interoperability between OpenPGP implementations. It builds on pgp-cert.d, which stores certs, and has an API to access them. Beyond the common format and API, the project will also add Sequoia-specific indices, where standardization doesn't make sense. sq, Sequoia's command line tool, will be adapted to use the cert store. In addition the project aims to develop a privacy-preserving way to update the certs from keyservers.

>> Read more about Interoperable Certificate Store for OpenPGP

Hardening OpenPGP CA deployments — HSM support for OpenPGP key infrastructure

OpenPGP CA is a tool for managing and certifying OpenPGP keys in organizations. Today, the private key material of OpenPGP CA instances is stored and used locally. This project will add support for two hardened modes of operation: 1) Using a hardware-token OpenPGP Card) based key for the CA, and 2) Split OpenPGP CA deployments, in which critical operations are performed on a highly protected machine (e.g. air-gapped), while regular operation can take place conveniently on an online CA instance.

In addition the project will build an OpenPGP CA based tool for version control signing workflows (e.g. git), with a focus on providing a smooth user experience for signing with OpenPGP card devices.

>> Read more about Hardening OpenPGP CA deployments

Adding Web-of-Trust Support to PGPainless — Web-of-Trust specification support for Java

Reliable authentication of public key certificates is a hard requirement for strong and effective end-to-end encryption. The "Web-of-Trust" (WoT) serves as an example of a decentralized authentication mechanism for OpenPGP. While there are some existing implementations of the WoT in applications such as GnuPG, their algorithms are often poorly documented. As a result, WoT support in client applications is often missing or inadequate.

PGPainless is an easy-to-use, secure-by-default OpenPGP library for Java and Android. This project will extend PGPainless with an implementation of a recently published, new Web of Trust specification. The goal is to make the Web of Trust more interoperable and accessible to client applications, overall increasing the usability and ergonomics of OpenPGP for the end-user.

>> Read more about Adding Web-of-Trust Support to PGPainless

Post-Quantum Crypto in DNSSEC — Experimental platform for DNSSEC with post-quantum cryptography

PQ-DNSSEC is an open-source tool set for exploring DNSSEC based on post-quantum cryptography. It includes implementations of authoritative DNS servers and DNS resolvers that support various post-quantum signature schemes as well as tools to evaluate performance and the compatibility of these implementations with the existing DNS infrastructure in the global Internet. PQ-DNSSEC also provides a collection of example zones to the general public. This way, the project will help the DNS community to prepare for transitioning to post-quantum secure DNSSEC.

>> Read more about Post-Quantum Crypto in DNSSEC

Statime — Memory-safe high-precision clock synchronization

Of all severe software security bugs, a big chunk (50-70%) has one single source: memory corruption. The underlying cause is that, traditionally, systems software is implemented in languages that are not memory-safe. The way forward is to replace these pieces of software with memory-safe alternatives, one by one. Doing so will not just mitigate, but eliminate this category of bugs entirely. This project picks out one piece: the Precision Time Protocol (PTP). High-precision clock synchronization plays a crucial role in networking, with application areas such as high precision localization, finance, broadcasting, security protocols, smart grids, and cellular base station transmissions. Our proof-of-concept implementation will conform to the IEEE standard for PTP and will focus on the software implementation of a slave-only PTP ordinary clock. In the future, our work is expected to become part of a wider open-source roadmap for reliable and memory-safe keeping of network time, that will seek to expand the feature set of our implementation and work towards growing its adoption.

Statime is part of Project Pendulum.

>> Read more about Statime

Prosody IM — Implement SASL authentication mechanism for XMPP

XMPP is the most widely deployed standard protocol for real-time messaging today, and is a very popular choice among individuals and organizations who wish to manage their own internet communications, instead of submitting to other (e.g. commercial/data-driven) communication platforms. For an XMPP user to log in to their account today, two things are required: a username and a password. This has remained unchanged for many years, while other technologies have been steadily advancing to support security-enhancing features such as multi-factor authentication or even self-sovereign identities.

XMPP uses an authentication umbrella standard known as SASL to authenticate all connections.The way XMPP integrates SASL is defined in RFC 6120 and assumes a very simple challenge-response flow, which has worked well in allowing us to upgrade the network from older SASL mechanisms such as DIGEST-MD5 and onto more modern mechanisms such as SCRAM-SHA-1 and SCRAM-SHA-256.

To gain new authentication features beyond simple password authentication, we need to evolve XMPP’s relationship with SASL. This project will deliver just that, and will be the first complete implementation of a proposed standard (XEP-0388: Extensible SASL Profile) into the popular Prosody XMPP server. It will also implement support for per-session access control throughout Prosody, and support for XEP-0386 (Bind 2.0).

>> Read more about Prosody IM

ProveThis — Prove statements about authenticated API resources

ProveThis allows users to prove statements from websites and APIs using TLS without revealing private information. Although efforts like TLSNotary can currently be used to prove the authenticity and origin of a full HTML page, we extend the capabilities of TLSNotary and allow users to make zk-SNARK based zero knowledge proofs about statements in complexity class NP. More concretely, this can allow users to prove statements about e.g. their banking data (how many transactions did you send in a certain period), social media data (how many friends are you away from knowing Barack Obama) or other data sources. Such proofs can generally be used to reduce fraud without compromising privacy and confidentiality.

>> Read more about ProveThis

rasn — Safe ASN.1 codec framework for Rust

ASN.1 is a suite of protocols and data formats first introduced nearly 40 years ago, and is used extensively throughout the industry, from SIM cards to satellites, from web certificates to 5G radios, all of these are using ASN.1 in their communication stack. However parsing ASN.1 remains a large source of security vulnerabilities due its complexity and needing to be written in traditionally memory unsafe languages for speed and portability.

Rasn is a codec framework for writing safe ASN.1 code in Rust, that encodes ASN.1's data model into Rust's type system, empowering developers to write Rust code that is as safe, portable, and as easy to write as the original ASN.1 module. Rasn supports BER, CER, and DER encoding rules, and can be extended to support custom data formats. Rasn also provides a number standards out of the box including LDAP, PKIX, and SNMP.

>> Read more about rasn

RNP Confium — Distributed trust store enabling threshold encryption

Confium is an open-source distributed trust store framework that enables usage of the new paradigm of threshold encryption, powering new modes such as cryptographic secure multi-factor authentication. It aims to provide a generalized API and an extensible architecture for the usage of trust stores and future cryptographic families, to support standardization efforts of threshold cryptography, and to bridge cryptographers with the practical usage of cryptography. The current project enables implementation of the Confium framework with a 2-out-of-3 threshold RSA signature scheme.

>> Read more about RNP Confium

Reowolf — Rip and replace for BSD socket insecurity

The Reowolf project aims to replace a decades-old application programming interface (BSD-style sockets) for communication on the Internet. In this project, a novel programming interface is implemented at the systems level that is interoperable with existing Internet applications. Currently, to increase quality of service (e.g. intrusion detection, latency and throughput) non-standard techniques are applied. Internet service providers resort to deep packet inspection to guess applications intent, and BSD-style socket programming is error-prone and tweaking is fragile. This project resolves these problems: it provides support to middleware to further improve quality of service without having to give up on privacy, and makes programming of Internet applications easier to do correctly and thus more reliable.

>> Read more about Reowolf

Replicant on Guix — Reproducible build infrastructure for Replicant

The project summary for this project is not yet available. Please come back soon!

>> Read more about Replicant on Guix

Ripple — Safer and faster incremental software builds

As it stands, reproducible builds are not accessible to the average developer. Existing projects tackling this problem come with significant caveats: some rebuild packages from scratch, making them practically useless for interactive development, while discouraging users from hacking on the core parts of their system due to cascading rebuilds; others are drastically more efficient, but come with fewer correctness guarantees, and require build scripts to be re-implemented in custom DSLs, making them costly to adopt. This is further exacerbated by frustrating, flaky tooling, and the proliferation of compatibility issues arising from inherent constraints of these solutions. Ripple is a hermetic, incremental, meta build system. It provides stronger purity guarantees and improved efficiency over existing solutions, while being completely ecosystem-agnostic. In effect, Ripple can memoize arbitrary programs. This lets users migrate gradually, opting into ecosystem-specific optimizations and abstractions at their own pace, and opens up a huge number of creative possibilities. Ripple aims to make reproducible builds not only easy, but fun — encouraging mainstream adoption, so we might together put to rest the ghost of bygone builds.

>> Read more about Ripple

Robotnix — Reproducible Builds of Android with NIX

Robotnix enables a user to easily build Android (AOSP) images using the Nix package manager. AOSP projects often contain long and complicated build instructions requiring a variety of tools for fetching source code and executing the build. This applies not only to Android itself, but also to projects which are to be included in the Android build, such as the Linux kernel, Chromium webview, and others. Robotnix orchestrates the diverse build tools across these multiple projects using Nix, inheriting its reliability and reproducibility benefits, and consequently making the build and signing process very simple for an end-user.

>> Read more about Robotnix

Rust Threadpool — Improve privacy of Rust threading library

ThreadPool is a free and open-source library that provides a simple and intuitive interface for programmers to multi-threaded programming. ThreadPool aims to make parallel programming accessible to the general public. Running tasks in parallel is a vital building block for building efficient solutions on modern hardware. Combined with Rust's type-system this library allows programmers to parallelize their applications without introducing unsafe behaviour while managing the administrative tasks of interacting with the operating system.

>> Read more about Rust Threadpool

SASL XMSS — Make SASL work with XMSS protocol

Simple Authentication and Security Layer (SASL) is an authentication and data security framework. The framework defines a structured interface to which SASL mechanisms must comply. These mechanisms can then be used by application protocols in a uniform manner. XMSS provides cryptographic digital signatures without relying on the conjectured hardness of mathematical problems. Instead, it is proven that it only relies on the properties of cryptographic hash functions. XMSS provides strong security guarantees and is even secure when the collision resistance of the underlying hash function is broken. It is suitable for compact implementations, is relatively simple to implement, and naturally resists side-channel attacks. Unlike most other signature systems, hash-based signatures can so far withstand known attacks using quantum computers. The SASL XMSS project's goal is to implement the XMSS system as a SASL mechanism in one of the publicly available open source SASL libraries.

>> Read more about SASL XMSS

SpinalHDL, VexRiscv, SaxonSoc — Open Hardware System-on-Chip design framework based on SpinalHDL

The goal of SaxonSoc is to design a fully open source SoC, based on RISC-V, capable of running linux and optimized for FPGA to allow its efficient deployment on cheap and already purchasable chips and development boards. This would provide a very accessible platform for individuals and industrials to use directly or to extend with their own specific hardware/software requirements, while providing an answer to hardware trust.

Its hardware technology stack is based on 3 projects. SpinalHDL (which provides an advanced hardware description language), VexRiscv (providing the CPU design) and SaxonSoC (providing the facilities to assemble the SoC).

In this project, we will extend SpinalHDL, VexRiscv and SaxonSoc with USB, I2S audio, AES and Floating point hardware capabilities to extend the SoC applications to new horizons while keeping the hardware and software stack open.

>> Read more about SpinalHDL, VexRiscv, SaxonSoc

A Secret Key Store for Sequoia PGP — Standards-compliant private key store for OpenPGP

This project implements a private key store for Sequoia, a new OpenPGP implementation. Currently, Sequoia-using programs use private keys directly. A private key store mediates applications' access to private keys, and offers three major advantages relative to the status quo. First, a private key store is in a separate address space. This means that private keys that are in memory are in a different address space from the application. This was underlying cause of the Heartbleed vulnerability. Second, a private key store can provide a uniform interface for accessing keys stored on different backends, e.g., an in-memory key, a key on a smart card, or a key on a remote computer, which is accessed via ssh. This simplifies applications. Third, this architecture simplifies sharing private key material among multiple applications. Only the private key store needs to worry about managing the private key material, which improves security. And, when a user unlocks a key in one application, it is potentially unlocked in all applications, which improves usability.

>> Read more about A Secret Key Store for Sequoia PGP

Adding TPM Support to Sequoia PGP — Implement use of TPM 2.0 crypto hardware for OpenPGP

Protecting cryptographic keys is hard. If they are stored in a file, an attacker can exfiltrate them - even if the harddrive is encrypted at rest. A good practical solution is a hardware token like a Nitrokey, which stores keys and exposes a limited API to the host. For most end users, a token is a hassle: one needs to carry it around, it needs to be inserted, and it is not possible to work if it is left at home. And, it needs to be purchased. There is a better solution, which doesn't cost anything. A trusted computing module (TPM) is like an always-connected hardware token only more powerful (the keys can be bound to a particular OS installation, it can store nearly an unlimited number of keys, not just three) and TPMs are already present in most computers. This project will add support for TPMs to Sequoia PGP including comprehensive test suites and in-depth documentation for both software engineers: as an API and end-users as a way to use TPM bound keys through Sequoia's command-line interface (sq) for decryption and signing.

>> Read more about Adding TPM Support to Sequoia PGP

Sequoia PGP — Improve interface of Sequoia PGP commandline

Sequoia PGP is a new OpenPGP implementation, which is written in Rust and focuses on ease of use. To date, the main product is a library. This project will focus on sq, Sequoia's command line tool. The project consists of three parts. First, useful functionality will be added to sq making sq comparable to gpg. Second, the human-readable interface will be augmented with a JSON interface. This will make it easier and robuster to use sq from scripts. Finally, this project will add an acceptance test suite to sq thereby strengthen the foundation for future changes.

>> Read more about Sequoia PGP

Sequoia GPG Chameleon — Implement well-known API's for using OpenPGP

Sequoia's GnuPG Chameleon is a drop-in replacement for the widely-used encryption software GnuPG. It offers the same interface, while at the same time replacing the underlying OpenPGP implementation. This approach brings security benefits to everyone directly or indirectly using GnuPG before, while providing a smooth migration path that does not require changes to existing software.

>> Read more about Sequoia GPG Chameleon

Solid Wallet — Authorization reasoning, rule-based controls and fluid integration for Solid

Solid Apps display information collected by following linked data across the World Wide Web, writing changes to Solid Personal Online Data Stores (PODs). Following links can land an App on a protected resource somewhere on the Web, accessible only to a select group of actors specified in an associated Web Access Control Resource. Solid Wallet aims to build core libraries to reason over Solid Access Control Rules, limit access to what clients can request, publish keys and sign transactions. The same libraries will also be useable by servers to verify such claims. Finally, we will use these libraries to build a flexible prototype Wallet for Solid apps that run in the browser or server.

>> Read more about Solid Wallet

Dual-level Specification Inference — Make formal verification more practical with dual-level Specification Inference

While formal verification of smart contracts gains traction, writing formal specifications can be equally if not more costly than writing code. Spec^2 is a specification inference framework that aims to automatically deduce a high-quality set of specs based on the code only. The inferred specs include both per-transaction pre-post conditions (low-level specs) and invariants on the blockchain-backed storage (high-level specs). Furthermore, the inferred specs should be similar to what experts might develop manually and can be easily examined by people without formal verification training. The funding from NLnet and NGI Assure will be used to prototype Spec^2 against the Move language and infer specifications for Move-based smart contracts.

>> Read more about Dual-level Specification Inference

Secure User Interfaces (Spritely) — Usability of decentralised social media

Spritely is a project to advance the federated social network by adding richer communication and privacy/security features to the network. This particular sub-project aims to demonstrate how user interfaces can and should play an important role in user security. The core elements necessary for secure interaction are shown through a simple chat interface which integrates a contact list as an easy-to-use implementation of a "petname interface". Information from this contact list is integrated throughout the implementation in such a way that helps reduce phishing risk, aids discovery of meeting other users, and requires no centralized naming authority. As an additional benefit, this project will demonstrate some of the asynchronous network programming features of the Spritely development stack.

>> Read more about Secure User Interfaces (Spritely)

Suhosin-NG — Harden PHP 7 and PHP 8 applications

The PHP programming language was invented by Danish programmer Rasmus Lerdorf in 1994. The language is actively used by millions of websites through popular tools such as WordPress, Owncloud and Wikimedia. Suhosin-NG (next generation) will significantly improve the security of web applications running with PHP 7, and help thwart popular web attack vectors aimed at PHP based websites. Already existing ideas from the Suhosin project for PHP 5 will be gathered in addition to implementing a number of new ideas to improve the overall security stature of PHP 7. This concerns harnessing new features of the language, mitigating security risks in the default configuration and improvements to the runtime behaviour. In practical terms the project will implement these by extending the PHP extension Snuffleupagus, that already provides a good basis for hardening PHP 7. The project's goal is to provide software and documentation for setting up a PHP 7 environment in the most secure way possible.

>> Read more about Suhosin-NG

Timing-Driven Place-and-Route (TDPR)  — Open hardware tool to synthesize digital silicon circuits

The lack of an open-source timing-driven place-and-route tool is one of the major barriers to creating technically fully transparent digital integrated circuits such as microprocessors. The most popular open-source place-and-route tools available today are not timing-driven, hence the generated layouts are generally not guaranteed to satisfy the timing constraints. This requires tedious and time-consuming manual interventions. This project will combine published algorithms with existing open-source projects to fill this gap. The tool will be released with the free/libre AGPLv3 licence together with extensive documentation and tutorials.

>> Read more about Timing-Driven Place-and-Route (TDPR) 

RETETRA — Security Analysis of Proprietary Cryptography in Terrestrial Trunked Radio

Terrestrial Trunked Radio (TETRA) is a European standard for trunked radio used globally by government agencies, emergency services and critical infrastructure. Apart from most European police agencies (such as BOSNET in Germany or RAKEL in Sweden), military operators and emergency services, TETRA is also widely used for SCADA telecontrol of oil rigs, pipelines, transportation and electric and water utilities. TETRA authentication and encryption are handled by secret, proprietary cryptographic cipher-suites known as TAA1 and TEA which are only available to select parties under strict NDAs which runs counter to both the spirit of open technologies and Kerckhoffs's principle. The latter's potential consequences are illustrated by the fate of A5/1, A5/2 and their GMR variants in cellular and satellite communications, allowing ciphers that can be broken in practice to fester in public and critical infrastructure for far too long. This project aims to reverse-engineer and subsequently perform cryptanalysis on these cipher-suites and finally formulate a hardening roadmap in order to provide a research-oriented FOSS implementation of the cipher-suites and aid affected parties in moving away from unexamined, proprietary security mechanisms towards open standards.

>> Read more about RETETRA

TLS-KDH mbed — Implement TLS-KDH into mbed

TLS-KDH ( is a mechanism that adds Kerberos authentication to the Transport Layer Security (TLS) network protocol. TLS-KDH is developed under the flag of ARPA2 ( and is formalized in the form of a draft Internet specification. Furthermore, a successful prototype implementation has been built and integrated into GnuTLS. Making this prototype code production ready is well underway and in its final stage.

In order for TLS-KDH to become an Internet Standard the IETF requires at least two working implementations. To provide the IETF with two TLS-KDH implementations and to address the embedded world with a TLS-KDH capable TLS library we chose MbedTLS as our second library. The TLS-KDH mbed project's goal is to implement the TLS-KDH functionality in the MbedTLS library.

But why do we want to implement Kerberos authentication in the first place? Well first of all, the Kerberos protocol is quantum computer proof. That means that we can use this mechanism in the (future) presence of quantum computers. Since TLS is one of the most widely used security protocols on the present Internet having such mechanism would be a welcome addition. Secondly, Kerberos employs a centralized architecture as opposed to X.509 which is distributed. Adding TLS-KDH gives the user a choice which architecture (and implied pros and cons) to use. For a more extensive overview of advantages of TLS-KDH we refer to the project's homepage (

>> Read more about TLS-KDH mbed

Great Black Swamp — Decentralized cloud storage with provider-independent security

Tahoe-LAFS is a well-known open source distributed storage solution based on DHT, suited for sharing critical data in production. Currently, Tahoe-LAFS uses the Foolscap protocol for communication between client nodes and storage nodes. Foolscap has a small developer community, is only implemented in Python, and Tahoe-LAFS only uses a small subset of its features. This project will implement an HTTP-based storage node protocol for Tahoe-LAFS (Great Black Swamp, or GBS in short) which will help to eliminate unnecessary complexity, increase the pool of potential contributors, open the door to new implementations and improve runtime performance.

>> Read more about Great Black Swamp

Tauri Apps — A safer run-time for web technology based apps

Tauri is a toolkit that helps developers make more trustworthy applications for the major desktop platforms - using virtually any frontend framework in existence. A popular use case is to create a desktop or mobile version of a web app, rather than wasting effort on creating native clients for each platform. Unlike other solutions (e.g. Microsoft's Electron), it is built in the type-safe language Rust - and the team has a focus on strong isolation, shielding the user from malicious or untrusted code downloaded "live" from the internet. After all, once breached, such an app can for instance siphon off cryptocurrencies or bootstrap other more persistent malware.

In this project, the team works among others on a particularly innovative feature, to prevent JS injection for all application types. In this approach Rust Code Injection is used alongside dependency-free EcmaScript, Object.freeze(), and a filtering iFrame that is the only subsystem permitted to communicate with the API. This will help to create more secure applications,

>> Read more about Tauri Apps

TrustING — Ultrafast AS-level Public-Key Infrastructure

TrustING is a human-transparent and agile Trust Infrastructure for a Next-Generation Internet. This infrastructure enables any two entities to establish secret keys that can be used to encrypt and authenticate data. The foundation of TrustING is the AS-level Public-Key Infrastructure (PKI) of the SCION Internet Architecture that provides sovereignty (ensuring absence of global kill switches), trust transparency, and algorithm agility, among others.

The TrustING service establishes symmetric keys with other domains in advance, and then relies on those keys to derive keys for local hosts. The core novelty of this approach is the ability to derive keys purely locally on both sides of the communication, without even requiring key transport. By making TrustING a control-plane mechanism offered by the network infrastructure, higher-level applications can make use of it without having to worry about complexities such as exchanging key material or establishing trust.

To show the viability of TrustING, we will implement TLS trust bootstrapping using TrustING and additionally demonstrate the efficiency of TrustING by using it to authenticate SCMP (SCION's equivalent of ICMP) messages.

>> Read more about TrustING

Trustix — Make build logs available as publicly verifiable, tamper-proof Merkle trees

Software build infrastructure is vastly underestimated in terms of its potential security impact. When we install a computer program, we usually trust downloaded software binaries. But even in the case of open source software: how do we know that we aren't installing something malicious which is different from the source code we are looking at - for instance to put us in a botnet or siphon away cryptocurrencies? Typically, we have confidence in the binaries we install because we get them from a trusted provider. But once the provider itself is compromised, the binaries can be anything. This makes depending on individual providers a single point of failure in a software supply chain. Trustix is a tool that compares build outputs across a group of providers - it decentralizes trust. Multiple providers independently build the software, each in their own isolated environment, and then can vouch for the content of binaries that are the outcome of reproducible builds - while non-reproducible builds can be automatically detected.

In this project the team will work on further enabling trust delegation, by offloading log verification to trusted third parties - heavily inspired by the Delegated Proof of Stake consensus algorithm. It will bring Trustix into the Nix and the Guix ecosystems that are most amenable to Trustix' approach. The ultimate goal is for Trustix to integrate seamlessly into the entirely decentralized software supply chain so we can securely distribute software without any central corruptible entity.

>> Read more about Trustix

Noise Explorer-VerifPal — Automated proofs and code generation for secure protocols

Noise Explorer is an online engine for reasoning about Noise Protocol Framework (revision 34) Handshake Patterns. Noise Explorer allows you to design Noise Handshake Patterns, and immediately obtain validity checks that verify if your design conforms to the specification. For visually oriented people, it provides a convenient visualisation in your browser. Noise Explorer can also generate Formal Verification Models and Software Implementations. This allows to instantly generate full symbolic models in the applied pi calculus for any Noise Handshake Pattern that you enter. Using ProVerif, these models can be analyzed against passive and active attackers with malicious principals. The model's top-level process and sophisticated queries are specifically generated to be relevant to your Noise Handshake Pattern, including tests for strong vs. weak forward secrecy and resistance to key compromise impersonation Noise Explorer also automatically generates a secure implementation of your chosen Noise Handshake Pattern design, written in Go. In addition the users can explore a Compendium of Formal Verification Results. Since formal verification for complex Noise Handshake Patterns can take time and require fast CPU hardware, Noise Explorer comes with a compendium detailing the full results of all Noise Handshake Patterns described in the original specification. These results are presented with a security model that is even more comprehensive than the original specification, since it includes the participation of a malicious principal.

>> Read more about Noise Explorer-VerifPal

Verifpal — Prove soundness of verification in Verifpal

Verifpal is new software for verifying the security of cryptographic protocols. Building upon contemporary research in symbolic formal verification, Verifpal’s main aim is to appeal more to real-world practitioners, students and engineers without sacrificing comprehensive formal verification features.

In order to achieve this, Verifpal introduces a new, intuitive language for modeling protocols that is much easier to write and understand than the languages employed by existing tools. At the same time, Verifpal is able to model protocols under an active attacker with unbounded sessions and fresh values, and supports queries for advanced security properties such as forward secrecy or key compromise impersonation.

Verifpal has already been used to verify security properties for Signal, Scuttlebutt, TLS 1.3, Telegram and other protocols. It is a community-focused project, and available under a GPLv3 license.

>> Read more about Verifpal

Verified Reowolf — Formal protocol verification with Reowolf

Using formal methods, we rigorously validate and verify functionality and security properties of essential Internet protocols. In this project, we unambiguously specify Internet protocols using Reowolf's Protocol Description Language (PDL). We research and develop validation tools for certifying the compliance of software/hardware implementations of essential Internet protocols with respect to PDL specifications; and, we research and develop a mathematical formalism, using the state-of-the-art theorem prover Coq, for the verification of properties of protocols specified in PDL that identify precisely under what conditions important properties, such as network integrity and service availability, remain to hold or when they break. The results are important for long-term stability of the Internet, and will be published open access & open source.

>> Read more about Verified Reowolf

XWiki — Bring wiki capabilities into the Fediverse

XWiki is a modern and extensible open source wiki platform. Up until now, XWiki had been focusing on providing the best collaboration experience and features to its users. We're now taking this to the next level by having XWiki be part of the larger federation of collaboration and social software (a.k.a. fediverse), thus allowing users to collaborate externally. XWiki is embracing the W3C ActivityPub specification. Specifically we're implementing the server part of the specification, to be able to both view activity and content happening in external services inside XWiki itself and to make XWiki's activity and content available from these other services too. A specific but crucial use case, is to allow content collaboration between different XWiki servers, sharing content and activity.

>> Read more about XWiki

Reinstatement of crypto.signText() — Cryptographic signatures brought back to the browser

Since the 1990s Netscape and Firefox supported the ability to sign an arbitrary piece of text with a digital certificate, and have that signature returned to the webserver. The texts being signed have historically ranged from transaction records, financial declarations, and court documents. This project implements a set of Native Browser Web Extensions that bring the digital signing of text to all modern browsers that support the NMBE standard. The process of choosing the certificates and generating the signatures is performed outside of the browser, using APIs native to each operating system. Web pages communicate with the extensions using the Javascript crypto.signText() function, and the signed documents are returned packaged as a PKCS7 response. The project aims to make digital signing accessible, while being browser agnostic.

>> Read more about Reinstatement of crypto.signText()

imap-codec library — Release version 1.0 of the imap-codec library

With an expected volume of 333 billion messages per day in 2022, email is one of today's most common methods to exchange information on the Internet. For better or worse, email is unlikely to go away soon, meaning that even the latest software needs to support it in a trustworthy and resilient way. imap-codec is a misuse-resistant IMAP parsing and serialization library focusing on correctness and security. It should pave the way for a new generation of email clients, servers, and utilities written in Rust and become a reusable building block for the Next Generation Internet. To archive that, it is essential to stabilize the API, improve testing, provide excellent documentation, and establish a welcoming and sustainable open-source environment for imap-codec.

>> Read more about imap-codec library

Katzenpost — Observation resistant secure messaging layer

Secure messaging is among the most fundamental privacy challenges of today. While there are meanwhile several widely used offerings that can encrypt instant messages you send to others, there are very few reliable options that are able to keep others from finding out who you were communicating with - and when. The most popular end-to-end messaging application do not adequately protect the identities of who-is-talking-to-who from the infrastructure operators. Katzenpost aims to offer a traffic analysis resistant messaging layer that allows all the participants in the network to have significantly more privacy than other mechanisms. It offers a decentralized mixnet architecture that works similarly to onion routing, where message routing information is encrypted, and differs in that each message is a fixed size, has random forwarding delays, and is accompanied by cover traffic messages to frustrate passive traffic analysis. The project aims to be a building block for other to build applications on, lowering the threshold for existing applications to benefit from increased privacy and confidentiality.

>> Read more about Katzenpost

libspng — A fast and safe implementation of Portable Network Graphics

libspng is a platform-independent C library for handling IETF's Portable Network Graphics (PNG) images. The goal of this project is to provide a robust and fast library with an easy to use API. It is designed to be a modern alternative to the reference implementation, written from scratch using secure coding standards. It comes with an extensive test suite and is fuzz tested, it is also fastest decoder overall. The NGI Zero grant will be used to develop complete PNG write support, architecture-specific performance optimizations, including improvements to testing, decoding and documentation.

>> Read more about libspng

lpnTPM — TPM 2.0 compliant open hardware Trusted Platform Module

lpnTPM is Open Source Software (OSS), and Open Source Hardware (OSHW) Trusted Platform Module (TPM, also known as ISO/IEC 11889) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. What makes lpnTPM different from generally available solutions is openness. Software and hardware of lpnTPM can, without limits, be audited, fixed, and customized by communities and businesses. Open design address the lack of trustworthiness of proprietary closed source TPM products, which currently dominate the whole market. lpnTPM in production mode protects software by secure boot technology, and only the lpnTPM owner will update it. TPM modules enable measured boot and support verified boot, Dynamic Root of Trust for Measurement, and other security features. Another benefit of lpnTPM would be physical design, which solves the lack of standardization around pinout and connector. The ultimate goal of lpnTPM is to provide a trustworthy platform for future open evolution of Trusted Platform Module software and its application to various computing devices, resulting in better adoption of platform security.

>> Read more about lpnTPM

oqsprovider — Post-quantum/quantum-safe cryptographic algorithms for OpenSSL

Quantum computers will bring to an end integrity and confidentiality provided by "classic" public key cryptography such as RSA and implemented in security application frameworks such as OpenSSL. Therefore, a new class of "post-quantum" or quantum safe crypto algorithms (QSC) is being standardized by NIST. In order to bring QSC to easy deployment, these algorithms need to be added to existing security installations: oqs-provider is a standalone integration of QSC into the OpenSSL software framework. By simply inserting an oqs-provider binary, any OpenSSL installation as well as all applications built on top of OpenSSL permitting crypto-providers is (to be) automatically enabled to use any QSC algorithm supported by the liboqs open source framework. liboqs in turn provides the QSC algorithms that are either finalists or candidates of the NIST Post-Quantum Cryptography standardization competition. This way, users of oqs-provider-enabled OpenSSL installations can cease to be concerned about the risk that quantum computers create. The Open Source communities working on OpenSSL and OpenQuantumSafe can benefit in turn from mutual validation and re-use of their respective work efforts.

>> Read more about oqsprovider

Reproducible Builds — Make the build processes behind software distributions reproducible

Reproducible builds are a set of software development practices that create an independently-verifiable path from source to binary code.

>> Read more about Reproducible Builds

x86-64 VM Monitor for seL4 verified microkernel — Very restricted virtualized environment for higher security

The security of any software system depends on its underlying Operating System (OS). However, even OSes such as Qubes, which are "reasonably secure" depend on large trusted computing bases (e.g. hypervisors) with hundreds of thousands of lines of code. For example, the Qubes' Xen Security Advisory Tracker reports that 53/283 (18%) of Xen vulnerabilities over the last eight years affected Qubes. As a step towards facilitating the implementation of more secure, Qubes-like systems, we propose to retarget it to the seL4 microkernel. seL4 is an open-source, formally-verified microkernel that has matured and been maintained for over a decade. seL4's small size (10,000 Lines of Code) and formal verification make it an appealing Xen replacement for Qubes, however, its virtualization support is currently limited. As a first step to enabling Qubes on seL4 we will implement a hardened, open-source, x86 64-bit Virtual Machine Monitor (VMM) for the seL4 microkernel capable of hosting the core Qubes OS virtual machines.

>> Read more about x86-64 VM Monitor for seL4 verified microkernel

Virtualizing device firmware — Creating digital twins for auditing and testing appliances

Recent targets of attacks on infrastructure did not come from powerful computers, but instead from consumer electronics devices. The most widely known example of this is the Mirai botnet, where consumer grade IP cameras were infected, added to a botnet and then used in wide scale attacks in a rather devious way: the original functionality of the device was left untouched, meaning that users either didn’t notice that their device had been taken over, or weren’t bothered by it. This projects aims to provide a way to virtualise such an IoT device and integrate it with an existing honeypot framework to see how the malware is inserted and how botnets operate. The goal is to extract a firmware from an existing device and use that as the base for the virtualisation. The same setup can also be used to systematically check for undocumented behaviour of firmware.

>> Read more about Virtualizing device firmware

xqerl — Performant (Erlang) implementation of W3C XQuery and XML database

The xqerl project is an open-source XQuery 3.1 implementation. It attempts to combine the simplicity of the W3C XQuery 3.1 language for querying and building XML and JSON, with the powers of the Erlang language for building massively concurrent, fault-tolerant, distributed applications. Many optional language features have already been added to xqerl, including the RESTXQ specification for building REST endpoints directly from code annotations. To further enhance user experience and the feature-set of xqerl, the "Schema Aware" and "Typed Data Features" will be added. These features will allow for XML Schema documents to be directly referenced from queries and the query statically analyzed at compile time using the schema to either build better query plans or return errors back to the user before running time consuming queries.

>> Read more about xqerl