Saorsa Core

Core P2P networking library for Saorsa platform with DHT, QUIC transport, dual-stack endpoints (IPv6+IPv4), and four-word endpoint encoding.

Documentation

API Reference: see docs/API.md - Comprehensive API documentation with examples
Architecture Decision Records: see docs/adr/ - Design decisions and rationale
Security Model: see docs/SECURITY_MODEL.md - Network security and anti-Sybil protections
Auto-Upgrade System: see docs/AUTO_UPGRADE.md - Cross-platform binary updates
Architecture overview: see ARCHITECTURE.md
Contributor guide: see AGENTS.md

Architecture Decision Records (ADRs)

Key design decisions are documented in docs/adr/:

ADR	Title	Description
ADR-001	Multi-Layer P2P Architecture	Layered design separating transport, DHT, identity, and application concerns
ADR-002	Delegated Transport	Using ant-quic for QUIC transport, NAT traversal, and bootstrap cache
ADR-003	Pure Post-Quantum Cryptography	ML-DSA-65 and ML-KEM-768 without classical fallbacks
ADR-004	Four-Word Addresses	Human-readable addressing via word encoding
ADR-006	EigenTrust Reputation	Iterative trust computation for Sybil resistance
ADR-007	Adaptive Networking	Machine learning for dynamic routing optimization
ADR-008	Bootstrap Cache Delegation	Delegating bootstrap to ant-quic with Sybil protection
ADR-009	Sybil Protection	Multi-layered defense against identity attacks
ADR-011	Geographic Placement	Region-aware storage for regulatory compliance
ADR-012	Identity without PoW	Pure cryptographic identity using ML-DSA

Features

P2P NAT Traversal: True peer-to-peer connectivity with automatic NAT traversal (ant-quic 0.21.x)
DHT (Distributed Hash Table): Peer phonebook and routing with adaptive scoring and geographic awareness
Placement System: Intelligent shard placement with EigenTrust integration
QUIC Transport: High-performance networking with ant-quic
Four-Word Endpoints: Human‑readable network endpoints via four-word-networking (IPv4+port encodes to 4 words; decoding returns both IP and port; IPv6 word count decided by the crate).
Post-Quantum Cryptography: Future-ready cryptographic algorithms
Geographic Routing: Location-aware networking
Identity Management: Post-quantum ML-DSA-65 signatures (NIST Level 3). No PoW; identities hold only required keys (no embedded word address).
Auto-Upgrade System: Cross-platform binary updates with ML-DSA-65 signatures, rollback support, and configurable policies
Persistence: Database-backed internal state (telemetry, caches, coordination)
Monitoring: Prometheus metrics integration

Quick Start

Add this to your Cargo.toml:

[dependencies]
saorsa-core = "0.11.0"

Basic P2P Node

use saorsa_core::{NodeConfig, P2PNode};
use tokio;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Create and start a P2P node
    let config = NodeConfig::default();
    let node = P2PNode::new(config).await?;
    node.run().await?;
    
    Ok(())
}

P2P NAT Traversal

saorsa-core includes full NAT traversal support in the transport and network layers, enabling direct peer-to-peer connections. User-facing messaging examples live in saorsa-node, while this crate provides the transport and DHT primitives.

Data Replication (saorsa-node)

saorsa-core does not replicate application data. saorsa-node:

Stores chunks locally and tracks replica sets.
Selects target peers using saorsa-core’s adaptive routing outputs.
Replicates via send_message and reports success/failure back to EigenTrust.
Reacts to churn events from DhtNetworkManager::subscribe_events() and re‑replicates.

Minimal wiring helper:

use saorsa_core::adaptive::ReplicaPlanner;
use saorsa_core::DhtNetworkEvent;

let planner = ReplicaPlanner::new(adaptive_dht, dht_manager);
let mut events = planner.subscribe_churn();
tokio::spawn(async move {
    while let Ok(DhtNetworkEvent::PeerDisconnected { peer_id }) = events.recv().await {
        // re-replicate any data that had replicas on peer_id
    }
});

Four-Word Endpoints

Endpoints are encoded/decoded using the four-word-networking crate's adaptive API.
IPv4+port → 4 words; decoding returns both IP and port. IPv6 → word count is crate‑defined.
Four‑words are reserved strictly for network endpoints.

Architecture

Core Components

Network Layer: QUIC-based P2P networking with automatic NAT traversal (ant-quic 0.21.x)
DHT: S/Kademlia-based peer phonebook with adaptive routing and geographic awareness
Placement System: Intelligent shard placement with weighted selection algorithms
Identity: Post‑quantum cryptographic identities with ML‑DSA‑65 signatures (no PoW; no embedded four‑word address)
Application Storage: Implemented in saorsa-node; saorsa-core tracks trust signals
Geographic Routing: Location-aware message routing

Cryptographic Architecture

Saorsa Core implements a pure post-quantum cryptographic approach for maximum security:

Post‑quantum signatures: ML‑DSA‑65 (FIPS 204) for quantum‑resistant digital signatures (~128‑bit quantum security)
PQC Encryption: saorsa-pqc primitives for key encapsulation and signatures
Key Exchange: ML-KEM-768 (FIPS 203) for quantum-resistant key encapsulation (~128-bit quantum security)
Hashing: BLAKE3 for fast, secure content addressing
Transport Security: QUIC with TLS 1.3 and PQC cipher suites
No Legacy Support: Pure PQC implementation with no classical cryptographic fallbacks

Recent Changes

Removed all Proof‑of‑Work (PoW) usage (identity, adaptive, placement/DHT, error types, CLI).
Adopted four-word-networking adaptive API; four‑words reserved for endpoints only.
Implemented dual‑stack listeners (IPv6 + IPv4) and Happy Eyeballs dialing.

Data Flow

Application
    ↓
Network API
    ↓
Placement Engine → DHT + Geographic Routing
    ↓              ↓
    ↓         Audit & Repair
    ↓              ↓
QUIC Transport (ant-quic)
    ↓
Internet

Placement System

Saorsa Core includes an advanced placement system for optimal distribution of erasure-coded shards across the network:

use saorsa_core::placement::{
    PlacementEngine, PlacementConfig, GeographicLocation, NetworkRegion
};

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Configure placement system
    let config = PlacementConfig {
        replication_factor: (3, 8).into(), // Min 3, target 8 replicas
        byzantine_tolerance: 2.into(),      // Tolerate up to 2 Byzantine nodes
        placement_timeout: Duration::from_secs(30),
        geographic_diversity: true,
        weights: OptimizationWeights {
            trust_weight: 0.4,        // EigenTrust reputation
            performance_weight: 0.3,   // Node performance metrics
            capacity_weight: 0.2,      // Available storage capacity
            diversity_bonus: 0.1,      // Geographic/network diversity
        },
    };
    
    // Create placement engine
    let mut engine = PlacementEngine::new(config);
    
    // Place data with optimal shard distribution
    let data = b"important data to store";
    let decision = placement_orchestrator.place_data(
        data.to_vec(),
        8, // replication factor
        Some(NetworkRegion::NorthAmerica),
    ).await?;
    
    println!("Placed {} shards across {} nodes", 
             decision.shard_count, 
             decision.selected_nodes.len());
    
    Ok(())
}

Key Features

EigenTrust Integration: Uses reputation scores for node selection
Weighted Selection: Balances trust, performance, capacity, and diversity
Byzantine Fault Tolerance: Configurable f-out-of-3f+1 security model
Geographic Diversity: Ensures shards are distributed across regions
Continuous Monitoring: Audit system with automatic repair
DHT Record Types: Efficient ≤512B records with cryptographic validation
Hysteresis Control: Prevents repair storms with smart cooldown

Configuration

use saorsa_core::NetworkConfig;

let config = NetworkConfig {
    listen_port: 9000,
    bootstrap_nodes: vec![
        "bootstrap1.example.com:9000".parse()?,
        "bootstrap2.example.com:9000".parse()?,
    ],
    enable_four_word_addresses: true,
    dht_replication: 20,
    storage_capacity: 1024 * 1024 * 1024, // 1GB
    ..Default::default()
};

Feature Flags

default - Metrics and Prometheus integration
metrics - Prometheus metrics and monitoring
mocks - Test/dummy helpers for development (off by default)
h2_greedy - Hyperbolic greedy routing helpers in API
test-utils - Test utilities including mock DHT for integration tests

Note: DHT, ant-quic QUIC transport, and post-quantum cryptography are always enabled. Four-word networking is a core feature.

Performance

Saorsa Core is designed for high performance:

Concurrent Operations: Tokio-based async runtime
Memory Efficiency: Zero-copy operations where possible
Network Optimization: QUIC with congestion control
Caching: Multi-level caching with Q-learning optimization

Benchmarks

Run benchmarks with:

cargo bench

Key benchmarks:

DHT operations: ~10,000 ops/sec
Storage throughput: ~100 MB/sec
Geographic routing: <10ms latency
Placement decisions: <1s for 8-node selection
Shard repair: Automatic with <1h detection
Cryptographic operations: Hardware-accelerated

Security

Saorsa Core implements defense-in-depth security designed for adversarial decentralized environments.

For complete security documentation, see docs/SECURITY_MODEL.md.

Cryptographic Foundation

Post-Quantum Signatures: ML-DSA-65 (FIPS 204) for quantum-resistant digital signatures (~128-bit quantum security)
Key Exchange: ML-KEM-768 (FIPS 203) for quantum-resistant key encapsulation
Symmetric Encryption: Provided by upper layers; saorsa-core focuses on PQC key exchange and signatures
Hashing: BLAKE3 for fast, secure content addressing
Pure PQC: No classical cryptographic fallbacks - quantum-resistant from the ground up

Network Protection

Protection	Implementation
Node Monitoring	Automatic eviction after 3 consecutive failures
Reputation System	EigenTrust++ with multi-factor trust scoring
Sybil Resistance	IP diversity limits (/64: 1, /48: 3, /32: 10, ASN: 20)
Geographic Diversity	Regional diversity in routing and placement
Routing Validation	Close-group validation and security coordinator checks

Anti-Centralization

The network enforces geographic and infrastructure diversity to prevent centralization:

┌───────────────────────────────────────────────────┐
│           Geographic Diversity Distribution        │
├───────────────────────────────────────────────────┤
│  Region A      Region B      Region C      ...    │
│  (max 2)       (max 2)       (max 2)              │
│     │             │             │                 │
│     └─────────────┼─────────────┘                 │
│                   ▼                               │
│    Selection prefers 3+ regions                   │
│    (prevents regional collusion)                  │
└───────────────────────────────────────────────────┘

ASN Diversity: Max 20 nodes per autonomous system
Hosting Provider Limits: Stricter limits (halved) for known VPS/cloud providers
Eclipse Detection: Continuous routing table diversity monitoring

Persistence

Persistence lives in src/persistence/ with pluggable backends and configuration-driven storage policies. See src/persistence/SPECIFICATION.md for current settings.

Geographic Features

Location-aware networking:

Geographic distance calculations
Location-based routing
Regional content distribution
Privacy-preserving location services

Development

Building

# Standard build
cargo build --release

# With all features
cargo build --all-features

# Feature-specific build
cargo build --features "dht,quantum-resistant"

Testing

# Unit tests
cargo test

# Integration tests
cargo test --test '*'

# Property-based tests
cargo test --features "proptest"

Linting

cargo clippy --all-features -- -D warnings
cargo fmt --all

Contributing

Fork the repository
Create a feature branch
Make your changes
Add tests for new functionality
Ensure all tests pass
Submit a pull request

Code Style

Follow Rust 2024 idioms
Use cargo fmt for formatting
Ensure cargo clippy passes
Add documentation for public APIs
Include tests for all new features

License

This project is dual-licensed:

AGPL-3.0: Open source license for open source projects
Commercial: Commercial license for proprietary projects

For commercial licensing, contact: [email protected]

Dependencies

Core Dependencies

tokio - Async runtime
futures - Future utilities
serde - Serialization
anyhow - Error handling
tracing - Logging

Networking

ant-quic (0.21.x) - QUIC transport with P2P NAT traversal
four-word-networking - Human-readable addresses

Cryptography

saorsa-pqc - Post-quantum cryptography (ML-DSA, ML-KEM)
blake3 - Hashing
rand - Random number generation

Storage & Database

rusqlite - Database operations
lru - LRU caching

See Cargo.toml for complete dependency list.

Changelog

See CHANGELOG.md for version history.

Support

Issues: GitHub Issues
Discussions: GitHub Discussions
Email: [email protected]

Saorsa Labs Limited - Building the decentralized future

Name		Name	Last commit message	Last commit date
Latest commit History 369 Commits
.cache/saorsa		.cache/saorsa
.cargo		.cargo
.claude		.claude
.github/workflows		.github/workflows
.planning		.planning
benches		benches
docs		docs
examples		examples
fuzz		fuzz
saorsa-testnet		saorsa-testnet
src		src
tests		tests
.actrc		.actrc
.clippy.toml		.clippy.toml
.cursorrules		.cursorrules
.cursorules		.cursorules
.gitignore		.gitignore
AGENTS.md		AGENTS.md
ARCHITECTURE.md		ARCHITECTURE.md
CHANGELOG.md		CHANGELOG.md
CLAUDE.md		CLAUDE.md
Cargo.toml		Cargo.toml
README.md		README.md
build.rs		build.rs
clippy_output.txt		clippy_output.txt
fix_let_chains.py		fix_let_chains.py
full_test_output.txt		full_test_output.txt
mutation-testing.toml		mutation-testing.toml
nextest.toml		nextest.toml
sgconfig.yml		sgconfig.yml
temp_auth_fix.rs		temp_auth_fix.rs
test_output.txt		test_output.txt
test_results.txt		test_results.txt
test_timings.json		test_timings.json

saorsa-labs/saorsa-core

Folders and files

Latest commit

History

Repository files navigation