Labyrinth-Mesh is a cutting-edge, post-quantum resilient multi-path tunneling solution designed for secure data transmission. It employs a hybrid Key Encapsulation Mechanism (KEM) utilizing both X25519 and Kyber-1024, integrating advanced security features that effectively safeguard against both classical and quantum adversaries. This innovative project includes the following key functionalities:

Key Features

• Payload Splitting and Sharing: Labyrinth-Mesh segments any payload into 5 shares using Shamir Secret Sharing over GF(2⁸). This ensures that only 3 out of 5 shares are necessary for reconstructing the original data, enhancing security.
• Authentication and Key Management: Each share is authenticated with the BLAKE3 hashing algorithm. The session key is derived through a combination of X25519 and Kyber-1024, which provides robust encryption against potential threats.
• Adaptive Multi-Path Transmission: The shares are dispatched over multiple user datagram protocol (UDP) paths with variable jitter and independent timing for each share, which complicates traffic analysis and enhances privacy.
• Replay Protection: A 128-bit sliding window protects against replay attacks, tolerating potential out-of-order delivery commonly associated with UDP protocols.
• Optional Constant Bit Rate (CBR): An optional CBR engine is available for Linux systems (Kernel ≥ 5.15) to maintain a steady bitrate during data transmission, further concealing the traffic pattern.

Quick Start

To demonstrate the functionality of Labyrinth-Mesh, here is a quick setup using three terminal windows:

# Terminal 1 — Receiver
labyrinth recv --ctrl 0.0.0.0:8199 --udp 0.0.0.0:8200 --mgmt 0.0.0.0:9090

# Terminal 2 — Live TUI
labyrinth-tui --mgmt 127.0.0.1:9090

# Terminal 3 — Sender (Ctrl+D to close)
labyrinth send --to 127.0.0.1:8199

Command Line Interface (CLI)

Labyrinth-Mesh features a comprehensive CLI that includes commands for sending, receiving, and monitoring status:

# Command to send a file
labyrinth send --to <address> --file <path>

# Command to receive data
labyrinth recv --output <output_path>

# View the current status
labyrinth status

Security Stack Overview

The security architecture of Labyrinth-Mesh is designed to combat various attacks, including:

• On-path Deep Packet Inspection (DPI)
• Temporal traffic analysis using constant bitrate techniques
• Timing correlation attacks between shares
• Replay and quantum computer threats

The design integrates several advanced cryptographic techniques:

• Shamir’s Secret Sharing for data partitioning
• Hybrid KEM that securely combines X25519 and Kyber-1024 for key exchange
• BLAKE3 for authentication and key derivation
• UDP Multi-Path transmission to enhance resilience against interception and analysis

Management Plane and Web GUI

The management plane includes a RESTful API allowing users to monitor health, manage metrics, and control paths dynamically. A SvelteKit-based web GUI is accessible via Docker, providing real-time metrics, logs, and management functionalities.

Labyrinth-Mesh represents the forefront of post-quantum networking technology, ensuring secure and resilient data communication for the future.