Networking Reinvented

Cjdns implements an encrypted IPv6 network using public-key cryptography for address allocation and a distributed hash table for routing. This provides near-zero-configuration networking, and prevents many of the security and scalability issues that plague existing networks.

$ cjdroute --genconf | head
    "privateKey": "e3094041068a7cef77432bdd78479ddbacefabe8c32c747832c91db20b083fb0",
    "publicKey": "gh0z4f5lpls3m8zy3gv379r960km9xx3xwjp4n9zfttnpvmf41h0.k",
    "ipv6": "fc90:c619:0109:a629:da6c:9bbc:e64b:65e5", // fingerprint of publicKey

cjdns is using the NaCl crypto library, an easy-to-use high-speed software library for network communication, encryption, decryption, signatures, etc.


Imagine an Internet where every packet is cryptographically protected from source to destination against espionage and forgery, getting an IP address is as simple as generating a cryptographic key, core routers move data without a single memory look up, and denial of service is a term read about in history books. Finally, becoming an ISP is no longer confined to the mighty telecoms, anyone can do it by running some wires or turning on a wireless device.

This is the vision of cjdns.

With built-in security and auto-configuration, everybody can own part of the network

The Internet gives everyone incredible power of expression once reserved for those wealthy enough to own a radio station or newspaper. Still, the Internet's aging protocols have inherent limitations which make them unfavorable toward a network owned by the people.

Recent revelations have triggered public outcry over governments reading of our email but few stop to imagine the implications of an unsecured mesh network, in such a network everybody could read your email.

All over the world we see Internet access markets dominated by a few businesses who charge outrageous rates and have not materially increased Internet speed since crushing the dial-up providers at the beginning of the 21st century. Most agree that we need more competition but few recognize that if we cannot trust the handful of ISPs we have now, how have no hope of trusting the next 10,000 ISP which we will need to bring about meaningful competition.

Indeed the problem of trust extends beyond our private correspondence. The very fabric of the Internet can be torn apart at any moment by a malicious ISP or even an honest mistake as was seen in April 8, 2010 when somebody at China Telecom misconfigured a router causing widespread Internet outages which lasted fifteen minutes.

As governments continue pushing to filter websites, there is an ever increasing risk of back-and-forth retaliatory filtration eventually leaving entire nations isolated and breeding the hate and intolerance which the Internet promised to end.

Cjdns was designed with the understanding that we must securely remove central authority for The Internet to continue spanning the globe without borders and boundaries. It is not just a nice idea, the very future of The Open Web is at stake.


When you receive a packet of information from the Internet, it seems logical to assume that it was meant for you, that it came from the computer which it says it came from and that nobody else has been reading or modifying it on the way. While many popular software applications are designed around these assumptions, the existing Internet does not guarantee any of them and a number of network security exploits come from the cases where these assumptions break down.

Cjdns guarantees confidentiality, authenticity and integrity of data by using modern cryptography in a non-intrusive way. Information transmitted over a cjdns network can't be altered or read en-route. While you can create multiple identities, it's practically impossible to impersonate other nodes on the network and since a node's IPv6 address is the fingerprint of it's key, man-in-the-middle attacks are not possible.


Traditional networks require manual configuration of IP addresses. To get these addresses one must join an Internet Registry and file a lengthy application. Cjdns nodes generate their own addresses along with their keys, when two nodes find each other, they connect. When many nodes find one another, they form a network. General network architecture is of course needed to avoid bottlenecks but once the nodes are put in the right places, they will discover their roles in the network.


Cjdns is built around the bold and unproven assumption that a non-hierarchical network can scale. Cjdns uses a distributed hash table to spread the load of routing among a number of nodes, rather than requiring every node know the exact location of every other node. At the bottom layer, packets are tagged with the exact route they should take, think of it like driving directions. At the upper layer the nodes maintain and test routes to other nodes who have numerically similar IPv6 addresses to their own. Forwarding is achieved by sending a packet to physically nearby nodes who have destinations numerically close to the target address.

cjdns Whitepaper

cipherspace/cjdns.txt ยท Last modified: 2014/05/20 09:29 by 42
Back to top
GNU Free Documentation License 1.3
chimeric.de = chi`s home Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0