Skip to content

Tessera vs Nym Mixnet

Nym and Tessera both hide traffic patterns, but at different layers. Nym is a transport-level mixnet that mixes packets so an observer cannot link sender to recipient. Tessera is a protocol-level messaging primitive that adds ZK sender authentication, per-recipient unlinkability, and a formal (ε,δ)-differential-privacy bound on top of a bucketed broadcast topology.

TL;DR

FeatureTesseraNym
LayerProtocol (messaging primitive)Transport (mixnet)
AuthenticationZK Schnorr / Fiat–ShamirNone
Metadata privacy(ε,δ)-DP cover traffic + blindingMixing (Sphinx)
TopologyBucketed broadcastLayered mixnet
LatencySub-secondSeconds to minutes
Central authorityNoneNone (mix nodes are decentralized)
Per-recipient unlinkabilityYes (per-recipient blinding)Partial (mix-dependent)
LicenseMITApache 2.0
LanguagePythonRust

What Nym does well

Nym is a serious transport-anonymity system. It uses the Sphinx packet format to make packets indistinguishable and routes them through a layered mixnet where each mix node shuffles and re-encrypts traffic, defeating timing and linkability attacks at the network level. The design is well-studied and the project is actively developed with a funded ecosystem and a shipping VPN product.

Because Nym operates at the transport layer, it can anonymize arbitrary traffic — not just messaging. If you want a VPN-like product that hides your IP and traffic patterns from observers, Nym is a strong choice and benefits from a mature Rust codebase.

Where Nym falls short

  • No sender authentication. Nym hides who sent a packet but does not let a recipient verify the sender's identity with a proof. Authentication is out of scope for a transport mixnet.
  • No per-recipient unlinkability at the protocol level. Unlinkability depends on mix integrity; if mixes collude or are compromised, the anonymity set shrinks. Tessera's blinding gives unlinkability as a cryptographic property per recipient.
  • Mixing adds latency. Each mix layer delays packets to defeat timing correlation. Nym's latency is measured in seconds to minutes; Tessera's bucketed broadcast is sub-second.
  • No formal differential-privacy guarantee. Nym's privacy depends on the mixnet's integrity and the volume of honest cover traffic. There is no tunable (ε,δ) bound on what an observer can infer.
  • Transport-level, not protocol-level. Nym anonymizes bytes on the wire. It does not give you authenticated, metadata-private messaging primitives out of the box.

How Tessera differs

Tessera is a messaging protocol, not a transport. Where Nym mixes packets, Tessera:

  • Authenticates senders with ZK proofs. A sender proves knowledge of a secret key under a blinded pseudonym, so the recipient can verify identity without learning the sender's long-term identity.
  • Hides metadata with formal DP. Cover traffic is calibrated to an (ε,δ)-differential-privacy budget. An observer's inference advantage is bounded by a number, not by trust in mix nodes.
  • Gives per-recipient unlinkability cryptographically. Y′ = Y + t·G with t = H(seed ‖ session_id) means the same sender appears under different, unlinkable pseudonyms to different recipients.
  • Routes via bucketed broadcast. Low-latency P2P gossip with Bloom fingerprints; no layered mixing delay.

In short: Nym hides the wire; Tessera hides the protocol semantics.

Detailed feature comparison

CapabilityTesseraNym
Primary layerProtocolTransport
Sender authenticationZK Schnorr proofNone
Packet formatAES-GCM ciphertext + commitmentSphinx
Mixing delayNonePer-layer (seconds–minutes)
Privacy mechanismDP cover traffic + blindingMixing + cover traffic
Formal privacy bound(ε,δ)-DPNo formal bound
TopologyP2P bucketed broadcastLayered mixnet
Per-recipient unlinkabilityCryptographic (blinding)Mix-dependent
Use caseAuthenticated messagingGeneral transport anonymity
LicenseMITApache 2.0
Primary languagePythonRust

When to choose which

Choose Nym when

  • You need transport-level anonymity for arbitrary traffic (VPN-like).
  • You can tolerate seconds-to-minutes of latency.
  • You want to anonymize traffic without authentication at the mix layer.

Choose Tessera when

  • You need authenticated, metadata-private messaging at the protocol level.
  • You need sub-second delivery latency.
  • You need per-recipient unlinkability as a cryptographic property.
  • You want a formal (ε,δ)-differential-privacy bound on traffic analysis.

Frequently asked questions

Is Tessera a mixnet?

No. Tessera uses a bucketed broadcast topology with P2P gossip rather than layered mix nodes. Its privacy comes from (ε,δ)-differentially-private cover traffic and per-recipient blinding, not from repeated mixing of Sphinx packets.

Why is Tessera lower latency than a mixnet?

A mixnet delays each packet at every hop to defeat timing correlation; latency grows with the number of mix layers. Tessera broadcasts into buckets with calibrated DP cover traffic, so delivery is sub-second — the privacy budget is spent on noise, not on waiting.

Can Tessera and Nym be used together?

In principle yes. Nym provides transport-level anonymity and Tessera provides protocol-level authentication and metadata privacy. A deployment could route Tessera traffic over a Nym mixnet, though Tessera itself does not require it.

Need authentication + metadata privacy, not just mixing?

Tessera gives you ZK sender authentication, per-recipient blinding, and an (ε,δ)-DP cover-traffic bound in a low-latency protocol.

pip install tessera