# vula: automatic local network encryption
With zero configuration, vula automatically encrypts IP communication between
hosts on a local area network in a forward-secret and transitionally
post-quantum manner to protect against passive eavesdropping.
With manual key verification and/or automatic key pinning and manual resolution
of IP or hostname conflicts, vula will additionally protect against
interception by active adversaries.
When the local gateway to the internet is also vula peer, internet-destined
traffic will also be encrypted on the LAN.
### How does it work?
Automatically.
Vula combines [WireGuard](https://www.wireguard.com/papers/wireguard.pdf) for
forward-secret point-to-point tunnels with
[mDNS](https://tools.ietf.org/html/rfc6762) and
[DNS-SD](https://tools.ietf.org/html/rfc6763) for local service announcements,
and enhances the confidentiality of WireGuard tunnels by using
[CTIDH](https://ctidh.isogeny.org/software.html) implemented by
[highctidh](https://codeberg.org/vula/highctidh), a post-quantum
non-interactive key exchange primitive, to generate a peer-wise pre-shared key
for each tunnel configuration.
Vula's advantages over some other solutions include:
* design is absent of single points of failure (SPOFs)
* uses existing IP addresses inside and outside of the tunnels, allowing
seamless integration into existing LAN environments using DHCP and/or manual
addressing
* avoids needing to attempt handshakes with non-participating hosts
* does not require any configuration to disrupt passive surveillance
adversaries
* simple verification with QR codes to disrupt active surveillance adversaries
See [`NOTES.md`](https://codeberg.org/vula/vula/src/branch/main/NOTES.md) for
some discussion of the threat model and other technical details, and
[`COMPARISON.md`](https://codeberg.org/vula/vula/src/branch/main/COMPARISON.md)
for a comparison of Vula to some related projects.
### Current status
[](https://ci.codeberg.org/vula/vula)
Vula is functional today, although it has some known issues documented in
[`STATUS.md`](https://codeberg.org/vula/vula/src/branch/main/STATUS.md). It is
ready for daily use by people who are proficient with Linux networking and the
command line, but we do not yet recommend it for people who are not.
See [`INSTALL.md`](https://codeberg.org/vula/vula/src/branch/main/INSTALL.md) for
installation and usage instructions.
See [`HACKING.md`](https://codeberg.org/vula/vula/src/branch/main/HACKING.md) for
some tips on opening the hood.
See [`DEPENDENCY.md`](DEPENDENCY.md) for diagrams illustrating the different
dependecy relationships between internal and external python modules.
### Security contact
We consider this project to currently be alpha pre-release, experimental,
research quality code. It is not yet suitable for widespread deployment. It
has not yet been audited by an independent third party and it should be treated
with caution.
If you or someone you know finds a security issue - please [open an
issue](https://codeberg.org/vula/vula/issues/new) or feel free to send an email
to `security at vula dot link`.
Our current bug bounty for security issues is humble. We will treat qualifying
reporters to a beverage after the COVID-19 crisis has ended; ojalá. Locations
limited to qualifying CCC events such as the yearly Congress.
### Authors
The authors of vula are anonymous for now, while our paper is undergoing peer
review.
### Acknowledgements
[`OPERATION_VULA.md`](https://codeberg.org/vula/vula/src/branch/main/OPERATION_VULA.md)
has some history about the name Vula.
Vula is not associated with or endorsed by the
[WireGuard](https://www.wireguard.com/) project. WireGuard is a registered
trademark of [Jason A. Donenfeld](https://www.zx2c4.com/).
This project is funded through the [NGI Assure Fund](https://nlnet.nl/assure),
a fund established by [NLnet](https://nlnet.nl) with financial support from the
European Commission's [Next Generation Internet](https://ngi.eu) program. Learn
more on the [NLnet project page](https://nlnet.nl/project/Vula#ack).
Raw data
{
"_id": null,
"home_page": "https://codeberg.org/vula/vula",
"name": "vula",
"maintainer": "Vula Authors",
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": "git@vula.link",
"keywords": "post-quantum cryptography,cryptography,csidh,ctidh,WireGuard,mDNS,encryption,post-quantum,local-area network,privacy,security",
"author": "Vula Authors",
"author_email": "git@vula.link",
"download_url": "https://files.pythonhosted.org/packages/ae/91/3f087d99f9331994b6321f0ea686468312095a1ac026c75d3f342ef3b5a8/vula-0.2.2023112801.tar.gz",
"platform": null,
"description": "# vula: automatic local network encryption\n\nWith zero configuration, vula automatically encrypts IP communication between\nhosts on a local area network in a forward-secret and transitionally\npost-quantum manner to protect against passive eavesdropping.\n\nWith manual key verification and/or automatic key pinning and manual resolution\nof IP or hostname conflicts, vula will additionally protect against\ninterception by active adversaries.\n\nWhen the local gateway to the internet is also vula peer, internet-destined\ntraffic will also be encrypted on the LAN.\n\n### How does it work?\n\nAutomatically.\n\nVula combines [WireGuard](https://www.wireguard.com/papers/wireguard.pdf) for\nforward-secret point-to-point tunnels with\n[mDNS](https://tools.ietf.org/html/rfc6762) and\n[DNS-SD](https://tools.ietf.org/html/rfc6763) for local service announcements,\nand enhances the confidentiality of WireGuard tunnels by using\n[CTIDH](https://ctidh.isogeny.org/software.html) implemented by\n[highctidh](https://codeberg.org/vula/highctidh), a post-quantum\nnon-interactive key exchange primitive, to generate a peer-wise pre-shared key\nfor each tunnel configuration.\n\nVula's advantages over some other solutions include:\n\n* design is absent of single points of failure (SPOFs)\n* uses existing IP addresses inside and outside of the tunnels, allowing\n seamless integration into existing LAN environments using DHCP and/or manual\n addressing\n* avoids needing to attempt handshakes with non-participating hosts\n* does not require any configuration to disrupt passive surveillance\n adversaries\n* simple verification with QR codes to disrupt active surveillance adversaries\n\nSee [`NOTES.md`](https://codeberg.org/vula/vula/src/branch/main/NOTES.md) for\nsome discussion of the threat model and other technical details, and\n[`COMPARISON.md`](https://codeberg.org/vula/vula/src/branch/main/COMPARISON.md)\nfor a comparison of Vula to some related projects.\n\n### Current status\n\n[](https://ci.codeberg.org/vula/vula)\n\nVula is functional today, although it has some known issues documented in\n[`STATUS.md`](https://codeberg.org/vula/vula/src/branch/main/STATUS.md). It is\nready for daily use by people who are proficient with Linux networking and the\ncommand line, but we do not yet recommend it for people who are not.\n\nSee [`INSTALL.md`](https://codeberg.org/vula/vula/src/branch/main/INSTALL.md) for\ninstallation and usage instructions.\n\nSee [`HACKING.md`](https://codeberg.org/vula/vula/src/branch/main/HACKING.md) for\nsome tips on opening the hood.\n\nSee [`DEPENDENCY.md`](DEPENDENCY.md) for diagrams illustrating the different\ndependecy relationships between internal and external python modules.\n\n### Security contact\n\nWe consider this project to currently be alpha pre-release, experimental,\nresearch quality code. It is not yet suitable for widespread deployment. It\nhas not yet been audited by an independent third party and it should be treated\nwith caution.\n\nIf you or someone you know finds a security issue - please [open an\nissue](https://codeberg.org/vula/vula/issues/new) or feel free to send an email\nto `security at vula dot link`.\n\nOur current bug bounty for security issues is humble. We will treat qualifying\nreporters to a beverage after the COVID-19 crisis has ended; ojal\u00e1. Locations\nlimited to qualifying CCC events such as the yearly Congress.\n\n### Authors\n\nThe authors of vula are anonymous for now, while our paper is undergoing peer\nreview.\n\n### Acknowledgements\n\n[`OPERATION_VULA.md`](https://codeberg.org/vula/vula/src/branch/main/OPERATION_VULA.md)\nhas some history about the name Vula.\n\nVula is not associated with or endorsed by the\n[WireGuard](https://www.wireguard.com/) project. WireGuard is a registered\ntrademark of [Jason A. Donenfeld](https://www.zx2c4.com/).\n\nThis project is funded through the [NGI Assure Fund](https://nlnet.nl/assure),\na fund established by [NLnet](https://nlnet.nl) with financial support from the\nEuropean Commission's [Next Generation Internet](https://ngi.eu) program. Learn\nmore on the [NLnet project page](https://nlnet.nl/project/Vula#ack).\n",
"bugtrack_url": null,
"license": "GPLv3",
"summary": "Automatic local network encryption",
"version": "0.2.2023112801",
"project_urls": {
"Documentation": "https://codeberg.org/vula/vula",
"Homepage": "https://codeberg.org/vula/vula",
"Source": "https://codeberg.org/vula/vula"
},
"split_keywords": [
"post-quantum cryptography",
"cryptography",
"csidh",
"ctidh",
"wireguard",
"mdns",
"encryption",
"post-quantum",
"local-area network",
"privacy",
"security"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "1134aec1af0c221a0878dec7f714926e3a09b53afbc1b79c0b66c129c822b9b9",
"md5": "0523b6972d1a2f11e77ac2d96fb895f0",
"sha256": "5b7ade2f6d25c289c357a311ac285ac8967d73e5e9fe2a3c6a97a86c08184570"
},
"downloads": -1,
"filename": "vula-0.2.2023112801-py3-none-any.whl",
"has_sig": false,
"md5_digest": "0523b6972d1a2f11e77ac2d96fb895f0",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 188232,
"upload_time": "2023-11-28T22:16:42",
"upload_time_iso_8601": "2023-11-28T22:16:42.162326Z",
"url": "https://files.pythonhosted.org/packages/11/34/aec1af0c221a0878dec7f714926e3a09b53afbc1b79c0b66c129c822b9b9/vula-0.2.2023112801-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "ae913f087d99f9331994b6321f0ea686468312095a1ac026c75d3f342ef3b5a8",
"md5": "cc267cea5837e6a33cfc2020cdd92d78",
"sha256": "982109d022236d70d7b79d424276e6340b72e7af943971d8866fbee50afa35d2"
},
"downloads": -1,
"filename": "vula-0.2.2023112801.tar.gz",
"has_sig": false,
"md5_digest": "cc267cea5837e6a33cfc2020cdd92d78",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.10",
"size": 168872,
"upload_time": "2023-11-28T22:16:44",
"upload_time_iso_8601": "2023-11-28T22:16:44.286328Z",
"url": "https://files.pythonhosted.org/packages/ae/91/3f087d99f9331994b6321f0ea686468312095a1ac026c75d3f342ef3b5a8/vula-0.2.2023112801.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-11-28 22:16:44",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": true,
"codeberg_user": "vula",
"codeberg_project": "vula",
"lcname": "vula"
}
JSON