All Projects
NetworksDefence

Compeer: Decentralised P2P Secure Messaging

Fully decentralised peer-to-peer messaging with no central server at any layer. Gossip-based peer discovery, end-to-end forward secrecy with ephemeral keys, and store-and-forward routing that maintains communication under network partition.

Compeer peer-to-peer mesh network
// The Challenge

Centralised messaging infrastructure is a single point of failure, interception, and denial of service. In tactical and operational contexts, an adversary who can take down or monitor a central server can silence communications across an entire network. Existing encrypted messaging applications address confidentiality but retain central dependency for peer discovery, message routing, and key exchange, leaving them vulnerable to infrastructure-targeted attacks.

// Our Approach

Built a fully decentralised peer-to-peer messaging system where no central server exists at any layer of the architecture. Peers discover each other through a distributed gossip mechanism that requires no pre-existing directory. All messages are encrypted end-to-end with forward secrecy before leaving the originating device. The system maintains communication under network partition conditions and is resilient to selective node failures without requiring reconnection to a central authority.

Module 01

Peer Discovery Without Central Directory

Distributed peer location in contested network environments

Peers locate each other without consulting a central registry. The discovery mechanism operates across local networks and wide-area topologies using gossip-based announcement that degrades gracefully when portions of the network are unavailable. New peers joining a network segment find existing participants within seconds without pre-configuration.

Peer A(origin)Peer BPeer CPeer DPeer EPeer F(new)No central server — all routes are peer-to-peer. Peer F joins via gossip from Peer E or D.
P2P mesh topology with six peers and no central hub. Peer F (new) joins by announcing via gossip to any reachable existing peer. All paths are direct.
  • Gossip-based peer announcement with configurable TTL
  • LAN broadcast discovery for co-located deployment
  • Wide-area peer exchange via optional relay addresses (not required)
  • Peer table with last-seen timestamps and reachability scoring
  • Automatic pruning of unreachable peers from routing table
  • No central directory or registration server required at any point
Module 02

End-to-End Encryption with Forward Secrecy

Cryptographic guarantees that survive key compromise

Every message is encrypted between originating and recipient peers using a key exchange that produces a unique session key per conversation. Even if a session key is later extracted from a device, past messages cannot be decrypted: each key is discarded after use. The system implements forward secrecy at the session and message level.

AliceBob1. DH Public Key (ephemeral)2. DH Public Key (ephemeral)3. Shared Secret derived independently — never transmitted4. Encrypted Msg (ChaCha20-Poly1305)Session key discarded after use — forward secrecy maintained
DH key exchange: Alice and Bob exchange ephemeral public keys, each derives the shared secret independently without transmitting it. The session key is discarded after use, so past messages remain protected even if a future key is compromised.
  • Diffie-Hellman based key exchange: no long-term keys transmitted
  • Per-session ephemeral keys discarded after use
  • ChaCha20-Poly1305 authenticated encryption for payloads
  • Key fingerprint verification for out-of-band identity confirmation
  • Message authentication code on every payload: tampering detectable
  • No key escrow: no third party can compel decryption
Module 03

Partition-Resilient Message Routing

Message delivery under network partition and selective node failure

When a direct path between two peers is unavailable, the system routes delivery through intermediate peers in the mesh. Messages are queued locally when no path exists and retried as connectivity restores. The routing layer detects network partitions and adapts path selection without requiring a global view of network state.

  • Store-and-forward queuing for temporarily unreachable peers
  • Multi-hop routing through intermediate trusted peers
  • Delivery confirmation with end-to-end acknowledgement
  • Automatic route re-selection on intermediate node failure
  • Configurable message TTL to prevent indefinite queue growth
  • Partition detection with graceful degradation to local-only mode
// Technical Complexity

Peer discovery without a central directory in adversarial environments requires the gossip mechanism to remain functional when a subset of peers is actively being removed, meaning the algorithm must be robust to targeted disruption rather than merely random node failure.

End-to-end forward secrecy requires careful ephemeral key lifecycle management: keys must be generated, exchanged, used, and discarded without touching persistent storage.

Partition-resilient routing in a mesh where topology changes rapidly requires a routing table that converges quickly without oscillating under frequent topology changes.

// Stack and Methods
P2PCryptographyGoChaCha20Gossip ProtocolDistributed Systems
Back to PortfolioDiscuss this capability →