Skip to content

Security

Tessera is an open-source privacy protocol for authenticated, metadata-private, one-to-one delivery. This page summarises the threat model, security properties, formal guarantees, assumptions, scope, and responsible disclosure policy. For the full threat-model write-up, seeThreat Model.

Threat model

Tessera assumes a global passive network observer that can see every packet on every link, plus an honest-but-curious recipient, plus the possibility of colluding recipients. The following table lists the adversaries the protocol is designed to resist and the mechanism that defeats each.

AdversaryDefence
Malicious sender (impersonation)Unforgeability ⇐ Discrete Logarithm + forking lemma
Honest-but-curious recipientPer-recipient blinding — Y' uniform per delivery
Colluding recipientsDistinct shared_seed → independent Y' distributions
Global passive network observer(ε,δ)-differentially-private cover traffic
Replay attackerPer-delivery commitment freshness + dedup
Tagging / malleability attackerAES-GCM authenticated encryption + commitment binding

Security properties

Each property below is backed by a named mechanism and a formal reduction or empirical benchmark. The benchmark harnesses (experiments E1–E7) are reproducible; see theresearch page for the harness table.

PropertyMechanismFormal basis
UnforgeabilitySchnorr binds (R, s, Y, m)EUF-CMA ⇐ DLog (forking lemma)
HVZK / NIZKFiat–Shamir transform in the ROMStandard Schnorr ZK
Cross-recipient unlinkabilityPer-recipient blinded pseudonym Y'Blinding lemma
Replay resistancePer-delivery commitment + dedupFreshness theorem
Metadata privacy(ε,δ)-DP cover traffic, load-independentShifted-Laplace mechanism
Content confidentialityAES-GCM (256-bit)IND-CCA2 AE

Empirical security validation

The bench_security.py harness (experiment E6) runs the verifier against four attack classes — tamper, swap-key, forge, and replay — with 5000 trials each. The result: false-accept rate (FAR) and false-reject rate (FRR) both 0 / 0 across all classes. The adversary linking AUC under (ε,δ)-DP cover traffic at ε=0.1 (experiment E3, linkability_sim.py) is 0.526 — statistically indistinguishable from random guessing.

Assumptions and scope

What Tessera protects:

ProtectedHow
Sender identity (on the wire)Blinded pseudonyms — observer sees uniform random Y'
Sender–recipient linking (routing)Bucketed broadcast + Bloom fingerprints
Per-bucket delivery counts(ε,δ)-DP cover traffic, load-independent Laplace noise
Message contentAES-GCM authenticated encryption
Sender authenticationSchnorr / Fiat–Shamir NIZK, EUF-CMA

Out of scope:

Responsible disclosure

If you find a security issue in Tessera, please report it responsibly. Email security issues tocontact@skelfresearch.comwith Tessera Security in the subject. Please do not open a public GitHub issue for security vulnerabilities. We will acknowledge receipt within 72 hours and aim to publish a fix and advisory within 90 days.

Cryptographic primitives

Further reading

Want the formal specification?

The protocol spec, API reference, and benchmark harnesses live in the full documentation.

pip install tessera