Authenticated,
metadata-private messaging.
An open-source privacy protocol that lets a sender prove identity to a recipient using zero-knowledge proofs, without revealing who is talking to whom. No central authority. Pairwise local enrolment.
pip install tessera5-line SDK integration
Install via pip, generate a keypair, produce a blinded proof, verify it. Python SDK with cross-platform clients for iOS, Android, Web, and Flutter.
Quickstart →Threat-modeled privacy
Formal security properties, measured benchmarks, decentralized relay overlay with DP cover traffic. No central authority to compromise or subpoena.
Threat model →Self-hosted relays
Run a WebSocket node with one command. Multi-node mesh or ring clusters with runtime churn support. SQLite-backed persistent storage.
Deploy a node →Four privacy mechanisms, one protocol
ZK Sender Authentication
Schnorr / Fiat–Shamir zero-knowledge proofs over SECP256k1. The recipient learns the sender knows the secret key — nothing more. Unforgeability reduces to the discrete logarithm assumption. 0.85ms proof generation, 0% forgery rate.
PrivacyPer-Recipient Blinded Pseudonyms
Each delivery uses Y' = Y + t·G where t = H(seed ‖ session_id). The recipient recomputes t from a per-contact shared_seed. Anyone without the seed sees a uniform Y' — cross-recipient unlinkability.
DP(ε,δ)-DP Cover Traffic
Load-independent shifted-Laplace noise on per-bucket counts. The published count C_b = R_b + D_b is (ε,δ)-differentially private. An adversary cannot determine whether a specific delivery occurred.
NetworkDecentralized Routing
Bucketed broadcast network with Bloom filter matching. Peer-to-peer WebSocket gossip, mesh or ring topology. No central authority. 100% delivery under 50% node churn.
How it works
Prove: π=(R,s)
Commit: H(Y'‖…)
Routing key from commit
Bloom filter matching
DP cover traffic
Mesh / ring
Proof dedup
Decrypt → verify π
Authenticate Y'
Get started in 5 lines
from tessera.crypto.crypto_utils import CryptoUtils
from tessera.crypto.blinding import BlindedSender, BlindedVerifier
x, Y, _ = CryptoUtils.generate_keypair()
seed = b"shared-with-this-recipient"
sender = BlindedSender(x, Y)
proof = sender.prove(seed, session_id="msg-001", metadata="channel": "message")
verifier = BlindedVerifier()
assert verifier.authenticate(proof, contact_public_key=Y,
shared_seed=seed, session_id="msg-001") # TrueThe gap Tessera closes
Existing secure-messaging systems force a trade-off between authentication and metadata privacy. Tessera is the first protocol to provide both simultaneously.
| Scheme | Routing observer | Network eavesdropper | Recipient | Colluding recipients | Sender auth |
|---|---|---|---|---|---|
| Signed messaging (Signal) | 5 leaks | timing | intended | none | yes |
| Metadata-private (Vuvuzela) | none | none | none | none | missing |
| Tessera | none | none | intended | none | yes |
Performance
Measured on a single laptop, single node. Seeresearchfor full experiment details.
| Metric | Value |
|---|---|
| ZK proof generation | ~0.85 ms |
| ZK proof verification | ~13 ms |
| Subscribe throughput | 326 ops/s4.5× naive |
| Route throughput (~75 subs/bucket) | 440 ops/s |
| FAR / FRR (tamper, swap-key, forge, replay) | 0 / 0 |
| Adversary linking AUC (DP cover, ε=0.1) | 0.526≤ 0.548 ceiling |
| Churn delivery (mesh, 50% offline) | 100% |
Use cases
Secure Messaging
Metadata-private 1:1 messaging with cryptographic sender authentication.
Compliant Communications
GDPR/ePrivacy/HIPAA-adjacent privacy for regulated industries.
Whistleblowing
Anonymous tip lines with cryptographic identity proofs for journalists and NGOs.
Healthcare
HIPAA-adjacent secure messaging with metadata protection for patient communications.
Decentralized Orgs
Privacy-preserving notifications for DAOs, cooperatives, and decentralized organizations.
AI Agent Identity
Verifiable AI-agent identity with cross-service unlinkability for autonomous systems.
How Tessera compares
vs Signal
Signal encrypts content; Tessera hides metadata + proves identity.
vs Nym
Nym is a mixnet for transport; Tessera is a protocol for authenticated messaging.
vs Tor
Tor anonymizes network path; Tessera authenticates identity + hides metadata.
vs Matrix
Matrix is federated E2EE; Tessera adds metadata privacy + ZK authentication.
vs Wire
Wire is B2B E2EE SaaS; Tessera is a decentralized protocol with DP cover traffic.
FAQ
What is Tessera?
Tessera is an open-source privacy protocol for authenticated, metadata-private one-to-one messaging. A sender proves identity to a recipient using a Schnorr zero-knowledge proof under a per-recipient blinded pseudonym, with AES-GCM encrypted delivery over a bucketed broadcast network whose cover traffic is (ε,δ)-differentially-private. No central authority is required.
How does Tessera protect metadata privacy?
Tessera uses a bucketed broadcast network with (ε,δ)-differentially-private cover traffic and per-recipient blinded pseudonyms Y' = Y + tG, so that the recipient identity is hidden from network observers and the routing infrastructure.
How is Tessera different from Signal?
Signal encrypts message content but the Signal server sees who messages whom, when, and how often — the full social graph metadata. Tessera hides this metadata using per-recipient blinded pseudonyms and (ε,δ)-DP cover traffic, while simultaneously authenticating the sender via a Schnorr zero-knowledge proof. Tessera provides both authentication and metadata privacy; Signal provides only content encryption.
How is Tessera different from Tor or Nym?
Tor and Nym are transport-anonymizing networks — they hide your IP address and network path. Tessera operates at the protocol level: it hides who is communicating with whom (metadata privacy) while proving the sender's identity (authentication). Tor and Nym do not provide sender authentication or per-recipient unlinkability.
Is Tessera ready for production?
Tessera is beta-quality with 151 passing tests, measured performance (0.85ms proof generation, 326 ops/s subscribe throughput, 0% false accept rate), and a PBKDF2-encrypted keystore. The Flask web service is dev-grade and should be behind a real WSGI server for production.
Can I use Tessera in my application?
Yes. Tessera is MIT-licensed and installable via pip. The Python SDK provides BlindedSender and BlindedVerifier classes for producing and verifying zero-knowledge proofs. Cross-platform SDKs (iOS, Android, Web, Flutter) are also available as auxiliary packages.
Start building with Tessera
Open-source privacy protocol for authenticated, metadata-private messaging.
pip install tessera