Security at
Blackhole
WireGuard cryptography, CRDT state, Ed25519 capability tokens, and evidence-gated proof checks give every deployment a security model operators can inspect before rollout.
Evidence-Gated Proof Checks
Posture proof targets promoted only after reproducible evidence
Blackhole's security roadmap includes Schnorr P-256 proof checks for posture-sensitive workflows. In assisted launch, those claims stay evidence-gated: we validate nonce handling, replay behavior, and timing before promoting numerical guarantees.
Nonce Replay Protection Flow
WireGuard Cryptographic Suite
Authenticated encryption for all WireGuard data packets. 256-bit key, 96-bit nonce. Constant-time implementation prevents timing attacks.
Elliptic-curve Diffie-Hellman for WireGuard handshake. 128-bit security level. Forward secrecy: compromise of long-term keys does not expose past sessions.
Used for key derivation and MAC computation in WireGuard. Faster than SHA-2 on software, no length-extension vulnerability.
Schnorr-based signatures for capability token issuance. Delegatable, time-scoped, revocable without revocation lists.
Assisted-launch proof target. Nonce replay controls and timing claims are published only after reproducible benchmark evidence is linked.
Ed25519 Capability Tokens
Every Blackhole device holds an Ed25519 keypair. Access rights are expressed as cryptographically-signed capability tokens that can be delegated down a chain of trust, time-scoped to expire automatically, and revoked without maintaining revocation lists.
A token holder can issue sub-tokens with equal or lesser permissions. The entire chain is verifiable on-device.
Every token carries a NotBefore and Expires field. Expired tokens are automatically rejected — no coordination required.
Revocation is embedded in the token's time scope. Short-lived tokens need no revocation list — they simply expire.
CRDT Split-Brain Protection
Traditional distributed systems lose data during network partitions — nodes diverge and must reconcile manually. Blackhole uses a three-layer CRDT stack: LWW-Map for last-write-wins scalar values, OR-Set for set membership (add/remove without conflict), and VectorClock for causal ordering.
Last-Write-Wins map for scalar values. Timestamps break ties deterministically. No coordinator required.
Observed-Remove Set prevents the "add after remove" anomaly. Concurrent adds and removes merge correctly.
Tracks causal history across all nodes. Detects concurrent vs. sequential writes. Enables eventual consistency.
Security Comparison
| Feature | Blackhole | Traditional VPN | Zero Trust | SASE |
|---|---|---|---|---|
| Encryption | ChaCha20-Poly1305 | AES-256-CBC (often) | TLS 1.3 | TLS 1.3 |
| Key Exchange | Curve25519 | RSA-2048 | ECDHE | ECDHE |
| Proof-based posture checks | Evidence-gated target | None | None | None |
| CRDT Conflict Resolution | LWW-Map + OR-Set | None | None | None |
| Forward Secrecy | Yes (per-session) | Optional | Yes | Yes |
| Capability Tokens | Ed25519 delegatable | Username/password | PKI certs | SAML/OIDC |
| Replay Protection | Nonce + monotonic counter | Sequence number | TLS replay | TLS replay |
| Key Compromise Impact | Session only (FS) | All past traffic | Session only | Session only |
| Audit Logs | Immutable flow logs | Varies | Yes | Yes |
| Self-hosted | Yes | Yes | Partial | No |
Threat Model
Curve25519 key exchange with forward secrecy. Each session uses ephemeral keys. MITM requires breaking Curve25519 discrete log.
ZK-STARK nonce replay protection. Each proof includes a monotonic counter bound to the session. Replayed proofs are rejected at verify time.
Ed25519 capability tokens are unforgeable without the private key. Token delegation chains are cryptographically bound to issuer identity.
CRDT OR-Set semantics prevent data loss during network partitions. Concurrent writes merge deterministically — no coordinator required.
Private keys never leave the device. ZK proofs prove possession without revealing secrets. Revocation is time-scoped, not list-based.
Responsible Disclosure
We welcome responsible security researchers. Report vulnerabilities privately before public disclosure. We commit to a 24-hour initial response SLA for critical issues and publish public post-mortems for significant findings.