Announcing securebit_core: A Platform-Agnostic Cryptographic Kernel for Secure P2P Communication

Today, I'm excited to announce the public release of securebit_core — a pure Rust cryptographic kernel designed for secure peer-to-peer communication. After months of development and security auditing, we're opening it up to the community for review, collaboration, and adoption.

What is securebit_core?
securebit_core is a platform-agnostic cryptographic library that provides the security-critical primitives for building secure WebRTC-based peer-to-peer applications. Think of it as the cryptographic "engine" that powers secure communication — completely independent of UI frameworks, desktop environments, or mobile platforms.

Key Characteristics

• Zero Platform Dependencies: No Tauri, no UI frameworks, no OS-specific APIs
• Cross-Platform: Works on Windows, macOS, Linux, Android, iOS
• Headless: Can be used in CLI tools, daemons, and background services
• Thread-Safe: Built with Arc<Mutex<>> for concurrent access
• Security-First: All security-critical code is public and auditable

Security Features

Cryptographic Primitives
The core implements industry-standard cryptographic algorithms:

• ECDH Key Exchange (P-384): Ephemeral key exchange with perfect forward secrecy
• ECDSA Signatures (P-384): Cryptographic authentication of protocol messages
• HKDF Key Derivation (SHA-256): Deterministic key derivation from shared secrets
• AES-256-GCM Encryption: Authenticated encryption for message confidentiality and integrity
• HMAC-SHA-256: Message authentication codes for integrity verification
• SAS (Short Authentication String): MITM detection via DTLS fingerprint verification

Protocol Security

• Protocol Version Enforcement: Strict validation of protocol version (v4.0)
• Message Structure Validation: All protocol messages are validated before processing
• State Machine Integrity: Connection state transitions are enforced
• Replay Protection: Sequence numbers prevent message replay attacks
• Metadata Protection: Message metadata (timestamps, IDs) are encrypted separately

Architecture
The core is designed as a single source of truth for all security-critical operations. This means:

1. All cryptographic logic is in the public core — no hidden security code
2. Adapters are thin wrappers — they cannot weaken security guarantees
3. Platform-independent — same security behavior across all platforms

Quick Start

Installation

Add to your Cargo.toml:

[dependencies]
securebit_core = { git = "https://github.com/SecureBitChat/securebit-core" }
# Or when published to crates.io:
# securebit_core = "0.1.0"

Basic Usage

use securebit_core::Core;

// Create a new Core instance
let core = Core::new();

// Create a secure offer (for initiator)
let offer = core.create_secure_offer(Some(web_rtc_sdp))?;
println!("Offer: {}", offer);

// Join a connection (for responder)
let answer = core.join_secure_connection(offer_data, Some(web_rtc_answer_sdp))?;

// Handle answer (for initiator)
let result = core.handle_secure_answer(answer_data)?;

// Encrypt a message
let encrypted = core.encrypt_enhanced_message(
    "Hello, world!".to_string(),
    "msg-123".to_string(),
    1
)?;

// Decrypt a message
let decrypted = core.decrypt_enhanced_message(encrypted)?;

Integration with Tauri

use securebit_core::Core;
use std::sync::Arc;
use tauri::{State, Manager};

#[tauri::command]
fn create_secure_offer(
    core: State<Arc<Core>>,
    offer_sdp: Option<String>
) -> Result<String, String> {
    core.create_secure_offer(offer_sdp)
}

Use Cases

Desktop Applications (Tauri)

Perfect for building secure desktop chat applications with Tauri. The core handles all cryptographic operations, while your UI focuses on user experience.

Mobile Applications

Use the core in native mobile apps (iOS, Android) via FFI bindings. The same security guarantees apply across all platforms.

CLI Tools

Build secure command-line tools for peer-to-peer communication, file sharing, or secure messaging.

Background Services

Run the core in headless daemons or background services where security is critical but UI is not needed.

Why Platform-Agnostic?

Traditional security libraries are often tied to specific platforms or frameworks. This creates several problems:

1. Code Duplication: Security logic must be reimplemented for each platform
2. Inconsistency: Different platforms may have subtle security differences
3. Maintenance Burden: Security fixes must be applied to multiple codebases
4. Audit Complexity: Security researchers must review multiple implementations

securebit_core solves this by providing a single, platform-independent implementation that can be used everywhere. This means:

• One codebase to audit — security researchers can review everything in one place
• Consistent security — same cryptographic behavior across all platforms
• Easier maintenance — security fixes apply to all platforms automatically
• White-label ready — partners can verify security independently