Skip to content
v0.2.0 · 151 tests passing · MIT License

Authenticated,
metadata-private messaging.

An open-source privacy protocol that lets a sender prove identity to a recipient using zero-knowledge proofs, without revealing who is talking to whom. No central authority. Pairwise local enrolment.

pip install tessera
For Developers

5-line SDK integration

Install via pip, generate a keypair, produce a blinded proof, verify it. Python SDK with cross-platform clients for iOS, Android, Web, and Flutter.

Quickstart →
For Architects

Threat-modeled privacy

Formal security properties, measured benchmarks, decentralized relay overlay with DP cover traffic. No central authority to compromise or subpoena.

Threat model →
For Operators

Self-hosted relays

Run a WebSocket node with one command. Multi-node mesh or ring clusters with runtime churn support. SQLite-backed persistent storage.

Deploy a node →

Four privacy mechanisms, one protocol

How it works

Sender
Blind: Y'=Y+tG
Prove: π=(R,s)
Commit: H(Y'‖…)
Encrypt
AES-256-GCM
Routing key from commit
Bucketed Broadcast
64 buckets
Bloom filter matching
DP cover traffic
Relays Gossip
WebSocket P2P
Mesh / ring
Proof dedup
Recipient
Match (bucket+bloom)
Decrypt → verify π
Authenticate Y'

Get started in 5 lines

from tessera.crypto.crypto_utils import CryptoUtils
from tessera.crypto.blinding import BlindedSender, BlindedVerifier

x, Y, _ = CryptoUtils.generate_keypair()
seed = b"shared-with-this-recipient"

sender = BlindedSender(x, Y)
proof = sender.prove(seed, session_id="msg-001", metadata="channel": "message")

verifier = BlindedVerifier()
assert verifier.authenticate(proof, contact_public_key=Y,
                           shared_seed=seed, session_id="msg-001")  # True

The gap Tessera closes

Existing secure-messaging systems force a trade-off between authentication and metadata privacy. Tessera is the first protocol to provide both simultaneously.

SchemeRouting observerNetwork eavesdropperRecipientColluding recipientsSender auth
Signed messaging (Signal)5 leakstimingintendednoneyes
Metadata-private (Vuvuzela)nonenonenonenonemissing
Tesseranonenoneintendednoneyes

Performance

Measured on a single laptop, single node. Seeresearchfor full experiment details.

MetricValue
ZK proof generation~0.85 ms
ZK proof verification~13 ms
Subscribe throughput326 ops/s4.5× naive
Route throughput (~75 subs/bucket)440 ops/s
FAR / FRR (tamper, swap-key, forge, replay)0 / 0
Adversary linking AUC (DP cover, ε=0.1)0.526≤ 0.548 ceiling
Churn delivery (mesh, 50% offline)100%

Use cases

How Tessera compares

FAQ

What is Tessera?

Tessera is an open-source privacy protocol for authenticated, metadata-private one-to-one messaging. A sender proves identity to a recipient using a Schnorr zero-knowledge proof under a per-recipient blinded pseudonym, with AES-GCM encrypted delivery over a bucketed broadcast network whose cover traffic is (ε,δ)-differentially-private. No central authority is required.

How does Tessera protect metadata privacy?

Tessera uses a bucketed broadcast network with (ε,δ)-differentially-private cover traffic and per-recipient blinded pseudonyms Y' = Y + tG, so that the recipient identity is hidden from network observers and the routing infrastructure.

How is Tessera different from Signal?

Signal encrypts message content but the Signal server sees who messages whom, when, and how often — the full social graph metadata. Tessera hides this metadata using per-recipient blinded pseudonyms and (ε,δ)-DP cover traffic, while simultaneously authenticating the sender via a Schnorr zero-knowledge proof. Tessera provides both authentication and metadata privacy; Signal provides only content encryption.

How is Tessera different from Tor or Nym?

Tor and Nym are transport-anonymizing networks — they hide your IP address and network path. Tessera operates at the protocol level: it hides who is communicating with whom (metadata privacy) while proving the sender's identity (authentication). Tor and Nym do not provide sender authentication or per-recipient unlinkability.

Is Tessera ready for production?

Tessera is beta-quality with 151 passing tests, measured performance (0.85ms proof generation, 326 ops/s subscribe throughput, 0% false accept rate), and a PBKDF2-encrypted keystore. The Flask web service is dev-grade and should be behind a real WSGI server for production.

Can I use Tessera in my application?

Yes. Tessera is MIT-licensed and installable via pip. The Python SDK provides BlindedSender and BlindedVerifier classes for producing and verifying zero-knowledge proofs. Cross-platform SDKs (iOS, Android, Web, Flutter) are also available as auxiliary packages.

Start building with Tessera

Open-source privacy protocol for authenticated, metadata-private messaging.

pip install tessera