Tessera vs Nym Mixnet
Nym and Tessera both hide traffic patterns, but at different layers. Nym is a transport-level mixnet that mixes packets so an observer cannot link sender to recipient. Tessera is a protocol-level messaging primitive that adds ZK sender authentication, per-recipient unlinkability, and a formal (ε,δ)-differential-privacy bound on top of a bucketed broadcast topology.
TL;DR
| Feature | Tessera | Nym |
|---|---|---|
| Layer | Protocol (messaging primitive) | Transport (mixnet) |
| Authentication | ZK Schnorr / Fiat–Shamir | None |
| Metadata privacy | (ε,δ)-DP cover traffic + blinding | Mixing (Sphinx) |
| Topology | Bucketed broadcast | Layered mixnet |
| Latency | Sub-second | Seconds to minutes |
| Central authority | None | None (mix nodes are decentralized) |
| Per-recipient unlinkability | Yes (per-recipient blinding) | Partial (mix-dependent) |
| License | MIT | Apache 2.0 |
| Language | Python | Rust |
What Nym does well
Nym is a serious transport-anonymity system. It uses the Sphinx packet format to make packets indistinguishable and routes them through a layered mixnet where each mix node shuffles and re-encrypts traffic, defeating timing and linkability attacks at the network level. The design is well-studied and the project is actively developed with a funded ecosystem and a shipping VPN product.
Because Nym operates at the transport layer, it can anonymize arbitrary traffic — not just messaging. If you want a VPN-like product that hides your IP and traffic patterns from observers, Nym is a strong choice and benefits from a mature Rust codebase.
Where Nym falls short
- No sender authentication. Nym hides who sent a packet but does not let a recipient verify the sender's identity with a proof. Authentication is out of scope for a transport mixnet.
- No per-recipient unlinkability at the protocol level. Unlinkability depends on mix integrity; if mixes collude or are compromised, the anonymity set shrinks. Tessera's blinding gives unlinkability as a cryptographic property per recipient.
- Mixing adds latency. Each mix layer delays packets to defeat timing correlation. Nym's latency is measured in seconds to minutes; Tessera's bucketed broadcast is sub-second.
- No formal differential-privacy guarantee. Nym's privacy depends on the mixnet's integrity and the volume of honest cover traffic. There is no tunable (ε,δ) bound on what an observer can infer.
- Transport-level, not protocol-level. Nym anonymizes bytes on the wire. It does not give you authenticated, metadata-private messaging primitives out of the box.
How Tessera differs
Tessera is a messaging protocol, not a transport. Where Nym mixes packets, Tessera:
- Authenticates senders with ZK proofs. A sender proves knowledge of a secret key under a blinded pseudonym, so the recipient can verify identity without learning the sender's long-term identity.
- Hides metadata with formal DP. Cover traffic is calibrated to an (ε,δ)-differential-privacy budget. An observer's inference advantage is bounded by a number, not by trust in mix nodes.
- Gives per-recipient unlinkability cryptographically. Y′ = Y + t·G with t = H(seed ‖ session_id) means the same sender appears under different, unlinkable pseudonyms to different recipients.
- Routes via bucketed broadcast. Low-latency P2P gossip with Bloom fingerprints; no layered mixing delay.
In short: Nym hides the wire; Tessera hides the protocol semantics.
Detailed feature comparison
| Capability | Tessera | Nym |
|---|---|---|
| Primary layer | Protocol | Transport |
| Sender authentication | ZK Schnorr proof | None |
| Packet format | AES-GCM ciphertext + commitment | Sphinx |
| Mixing delay | None | Per-layer (seconds–minutes) |
| Privacy mechanism | DP cover traffic + blinding | Mixing + cover traffic |
| Formal privacy bound | (ε,δ)-DP | No formal bound |
| Topology | P2P bucketed broadcast | Layered mixnet |
| Per-recipient unlinkability | Cryptographic (blinding) | Mix-dependent |
| Use case | Authenticated messaging | General transport anonymity |
| License | MIT | Apache 2.0 |
| Primary language | Python | Rust |
When to choose which
Choose Nym when
- You need transport-level anonymity for arbitrary traffic (VPN-like).
- You can tolerate seconds-to-minutes of latency.
- You want to anonymize traffic without authentication at the mix layer.
Choose Tessera when
- You need authenticated, metadata-private messaging at the protocol level.
- You need sub-second delivery latency.
- You need per-recipient unlinkability as a cryptographic property.
- You want a formal (ε,δ)-differential-privacy bound on traffic analysis.
Frequently asked questions
Is Tessera a mixnet?
No. Tessera uses a bucketed broadcast topology with P2P gossip rather than layered mix nodes. Its privacy comes from (ε,δ)-differentially-private cover traffic and per-recipient blinding, not from repeated mixing of Sphinx packets.
Why is Tessera lower latency than a mixnet?
A mixnet delays each packet at every hop to defeat timing correlation; latency grows with the number of mix layers. Tessera broadcasts into buckets with calibrated DP cover traffic, so delivery is sub-second — the privacy budget is spent on noise, not on waiting.
Can Tessera and Nym be used together?
In principle yes. Nym provides transport-level anonymity and Tessera provides protocol-level authentication and metadata privacy. A deployment could route Tessera traffic over a Nym mixnet, though Tessera itself does not require it.