Up-to-date cryptography

1.Curve25519: Strong Foundations for Secure Encryption

At the core of NymVPN’s protocols lies Curve25519, an industry-standard elliptic curve recognized for its robust security and optimal performance. We utilize the advanced algorithms X25519 and Ed25519, which are built on Curve25519, to ensure robust key generation and management.

• Securely Exchange Keys: With X25519, only your device and designated proxy server can create the shared encryption key, effectively blocking unauthorized access.
• Verify Authenticity: With Ed25519 digital signatures, we verify connections, ensuring that only trusted, authentic connections are established.
• Optimal Speed and Performance: Our cryptographic choices minimize performance impact, providing you with a quick, seamless experience.

Curve25519 is an elliptic curve widely adopted by leading companies in cybersecurity and privacy. It provides 256-bit security and is designed to resist sophisticated attacks, including side-channel vulnerabilities like timing attacks, making it inherently safe and resilient. Optimized for efficient computation, Curve25519 ensures fast performance without compromising strength, which is essential for real-time applications like VPNs. Developed by cryptography expert Daniel J. Bernstein, it is trusted and utilized by leading tech companies and security organizations worldwide.

X25519: Advanced Key Agreement for Optimal Security

X25519 is an implementation of the Curve25519 key agreement protocol, specifically designed for Elliptic-Curve Diffie-Hellman (ECDH) key exchanges. It allows for fast and secure session establishment, enabling devices to agree on shared secrets even over insecure channels, which is essential for VPNs as it ensures that only you and the designated NymVPN proxy node have the encryption keys for your session. X25519 is recognized as a cryptographic standard and is widely adopted in both open-source projects and commercial products.

Ed25519: Digital Signatures You Can Trust

Ed25519 is a public-key signing system based on Curve25519, specifically designed for digital signatures that verify authenticity and integrity. Within the NymVPN, Ed25519 is utilized to sign secondary connection with the network, such as handshake requests or zk-Nyms requests. This ensures that your connection is genuine and not compromised by imposters or intermediaries. Offering security equivalent to 128-bit symmetric encryption, Ed25519 is highly resistant to cryptographic attacks. Its computational efficiency allows for quick signature generation and verification, preventing forgery and ensuring that connections are authentic and originate from trusted sources.

2.AES, ChaCha-Poly and BLAKE: Strong Data Encryption with NymVPN

Connections through NymVPN that choose the anonymous mixnet protocol are secured with AES and ChaCha20 encryption. If you select the WireGuard VPN mode, your connection will be protected with ChaCha20.

Advanced Encryption Standard (AES)

AES is a widely trusted encryption standard known for its exceptional security and performance, making it the gold standard for protecting sensitive data across various applications. NymVPN uses it in two modes—AES-GCM-SIV and AES-CTR—to effectively safeguard your sensitive data.

AES-GCM-SIV: Powerful Authenticated Encryption with Replay Protection

AES-GCM-SIV is an advanced version of AES that combines encryption and authentication, utilizing 256-bit keys for enhanced security. It ensures data integrity by protecting and authenticating messages, allowing only the intended recipient to decrypt them and detecting any tampering. The use of Synthetic Initialization Vector (SIV) prevents replay attacks, making it secure against intercepted messages. AES-GCM-SIV delivers high performance and is ideal for real-time applications like VPNs. Its design also mitigates key reuse vulnerabilities, enhancing security in scenarios with key rotation challenges.

AES-CTR: Fast and Flexible Encryption

AES-CTR transforms AES into a stream cipher, enabling fast encryption and decryption through a continuously incrementing counter. This makes it suitable for applications requiring low latency. To ensure integrity, we pair AES-CTR with a robust hash function, which verifies that the data remains unaltered during transmission and safeguards against potential tampering or corruption.

ChaCha20-Poly1305

ChaCha20-Poly1305 is a cutting-edge encryption scheme that combines the high-speed ChaCha20 cipher with the Poly1305 authentication mechanism. This approach ensures both encryption and authentication, providing a secure and lightweight solution. This means it not only protects your data but also ensures it hasn’t been tampered with. ChaCha20 is widely regarded for its resistance to cryptographic attacks. It was developed by Daniel J. Bernstein, a leading cryptographer, and has been proven secure in both performance and practical applications.

BLAKE2 and BLAKE3: Advanced Hashing

Hash functions play a crucial role in securing your data online. At NymVPN, we leverage several secure hash functions, including BLAKE2 and BLAKE3 hashing algorithms—cutting-edge solutions designed to provide fast, secure hashing while minimizing computational load. By leveraging BLAKE2 and BLAKE3 our service is equipped with some of the fastest, most secure hashing algorithms available.

For key derivation, we also employ HKDF (HMAC-based Key Derivation Function), which works alongside these hashes to create secure, unique session keys for each connection. HKDF ensures that session keys remain unique and isolated for each connection, enhancing overall security and preventing key reuse.

3.WireGuard and Our Anonymous Mixnet Protocols: Secure Connections, Unmatched Privacy

When you activate VPN mode, your connection benefits from the robust WireGuard protocol—an open-source, lightweight solution known for its exceptional speed and efficiency compared to traditional VPN protocols. WireGuard utilizes cutting-edge cryptographic tools to establish a secure connection: Curve25519 ensures secure key exchanges through Elliptic-Curve Diffie-Hellman (ECDH), while ChaCha20 cipher paired with Poly1305 offers reliable protection for your data in transit. To enhance integrity, it employs BLAKE2b for efficient hashing and HKDF (HMAC-based Key Derivation Function) to securely generate session keys from initial key material.

For those seeking advanced anonymity, our custom Anonymous Mixnet mode elevates your security against sophisticated traffic analysis. In terms of building blocks, this protocol also employs Curve25519 for secure key exchange and utilizes the innovative Sphinx cryptographic packet format to protect your data. With AES-CTR encrypting headers and the Lioness wide block cipher (utilizing ChaCha20 and BLAKE2) for payload encryption, your information remains safeguarded. Additionally, HKDF is utilized to derive essential keys—including header, blinding, integrity, and payload keys—ensuring robust protection within the Sphinx format. Furthermore, communication between the client and entry node is fortified with AES-GCM-SIV, adding another layer of confidentiality and authentication.

But our Anonymous Mixnet mode goes beyond simple encryption to tackle advanced traffic analysis. Our mixnet mode employs various strategies to obscure your traffic and prevent sophisticated AI-driven techniques from examining the patterns in your encrypted communication. By maintaining constant packet sizes and altering data patterns—generating random background cover traffic, along with reordering packets and obscuring their timing—we effectively protect your communication from even the most advanced traffic analysis algorithms.

With NymVPN, you can enjoy fast, secure, and truly anonymous communication without compromise.

4.Pointcheval-Sanders signatures, Pedersen commitments, and Non-Interactive Zero-Knowledge (NIZK) proofs: Cryptographic Foundations Behind zk-Nyms

zk-Nyms are proofs of access, enabling users to prove they have access to NymVPN services without linking their payment information to their online activity. This is achieved through a custom anonymous e-cash scheme with threshold issuance, allowing users to verify their rights without compromising privacy. The scheme leverages three main cryptographic building blocks: Pointcheval-Sanders signatures, Pedersen commitments, and Non-Interactive Zero-Knowledge (NIZK) proofs.

Pointcheval-Sanders Signatures

These privacy-preserving signatures ensure that users can confirm their access without linking it to identifiable information, empowering users with complete privacy. Plus, their efficiency allows for quick validation, enhancing the overall user experience.

Pedersen Commitments

Pedersen commitments provide confidentiality while ensuring verifiability. Users can securely "lock" information in a way that prevents unauthorised disclosure while allowing verification, enabling trustworthy transactions that protect sensitive information. This means access rights can be confirmed without revealing any details that could link back to the user, preserving privacy. Their computational efficiency makes them ideal for applications requiring robust security without sacrificing performance.

Non-Interactive Zero-Knowledge Proofs (NIZK)

NIZK proofs offer a powerful way to demonstrate knowledge of a secret without revealing any information about the secret itself. This zero-knowledge property guarantees that users can validate their claims while maintaining absolute confidentiality. NIZK proofs are also designed for high efficiency, enabling rapid verification without the need for interaction between parties, making them ideal for secure and scalable applications.

At the core of these cryptographic techniques lies the BLS12-381 elliptic curve, providing the underlying security and efficiency required for zk-Nyms.