docs.waku.org/learn/security-features/index.html

<!doctype html>
<html lang="en-GB" dir="ltr" class="docs-wrapper plugin-docs plugin-id-default docs-version-current docs-doc-page docs-doc-id-undefined" data-has-hydrated="false">
<head>
<meta charset="UTF-8">
<meta name="generator" content="Docusaurus v3.8.1">
<title data-rh="true">Security Features | Waku Documentation</title><meta data-rh="true" name="viewport" content="width=device-width,initial-scale=1"><meta data-rh="true" name="twitter:card" content="summary_large_image"><meta data-rh="true" property="og:url" content="https://docs.waku.org/learn/security-features"><meta data-rh="true" property="og:locale" content="en_GB"><meta data-rh="true" name="docusaurus_locale" content="en-GB"><meta data-rh="true" name="docsearch:language" content="en-GB"><meta data-rh="true" name="keywords" content="waku, web3"><meta data-rh="true" name="image" content="https://docs.waku.org/_og/a81037ca1d330b0a5fc0e436222129078f088aa4.png"><meta data-rh="true" name="docusaurus_version" content="current"><meta data-rh="true" name="docusaurus_tag" content="docs-default-current"><meta data-rh="true" name="docsearch:version" content="current"><meta data-rh="true" name="docsearch:docusaurus_tag" content="docs-default-current"><meta data-rh="true" property="og:title" content="Security Features | Waku Documentation"><meta data-rh="true" name="description" content="Waku&#x27;s protocol layers offer different services and security considerations, shaping the overall security of Waku. We document the security models in the RFCs of the protocols, aiming to provide transparent and open-source references. This empowers Waku users to understand each protocol&#x27;s security guarantees and limitations."><meta data-rh="true" property="og:description" content="Waku&#x27;s protocol layers offer different services and security considerations, shaping the overall security of Waku. We document the security models in the RFCs of the protocols, aiming to provide transparent and open-source references. This empowers Waku users to understand each protocol&#x27;s security guarantees and limitations."><link data-rh="true" rel="icon" href="/theme/image/favicon.ico"><link data-rh="true" rel="canonical" href="https://docs.waku.org/learn/security-features"><link data-rh="true" rel="alternate" href="https://docs.waku.org/learn/security-features" hreflang="en-GB"><link data-rh="true" rel="alternate" href="https://docs.waku.org/learn/security-features" hreflang="x-default"><link rel="alternate icon" type="image/png" href="/theme/image/favicon.png">
<link rel="icon" type="image/svg+xml" href="/theme/image/favicon.svg"><link rel="stylesheet" href="/assets/css/styles.f0961b96.css">
<script src="/assets/js/runtime~main.fc0a4924.js" defer="defer"></script>
<script src="/assets/js/main.be9ec88b.js" defer="defer"></script>
<meta property="og:image" content="https://docs.waku.org/_og/a81037ca1d330b0a5fc0e436222129078f088aa4.png"><meta name="twitter:image" content="https://docs.waku.org/_og/a81037ca1d330b0a5fc0e436222129078f088aa4.png"></head>
<body class="navigation-with-keyboard">
<svg xmlns="http://www.w3.org/2000/svg" style="display: none;"><defs>
<symbol id="theme-svg-external-link" viewBox="0 0 24 24"><path fill="currentColor" d="M21 13v10h-21v-19h12v2h-10v15h17v-8h2zm3-12h-10.988l4.035 4-6.977 7.07 2.828 2.828 6.977-7.07 4.125 4.172v-11z"></path></symbol>
</defs></svg>
<script>!function(){var t=function(){try{return new URLSearchParams(window.location.search).get("docusaurus-theme")}catch(t){}}()||function(){try{return window.localStorage.getItem("theme")}catch(t){}}();document.documentElement.setAttribute("data-theme",t||(window.matchMedia("(prefers-color-scheme: dark)").matches?"dark":"light")),document.documentElement.setAttribute("data-theme-choice",t||"system")}(),function(){try{const c=new URLSearchParams(window.location.search).entries();for(var[t,e]of c)if(t.startsWith("docusaurus-data-")){var a=t.replace("docusaurus-data-","data-");document.documentElement.setAttribute(a,e)}}catch(t){}}()</script><div id="__docusaurus"><link rel="preload" as="image" href="/theme/image/logo-black.svg"><link rel="preload" as="image" href="/theme/image/logo.svg"><style data-emotion="css-global 3rtehh">.lsd-button{width:auto;cursor:pointer;padding:6px 24px;}.lsd-button--disabled{cursor:default;opacity:0.34;}.lsd-button--large{padding:10px 40px;}.lsd-button--medium{padding:6px 24px;}.lsd-button--small{padding:6px 12px;}.lsd-button:hover:not(.lsd-button--disabled) .lsd-button__text{-webkit-text-decoration:underline;text-decoration:underline;}.lsd-button--with-icon{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}.lsd-button__icon{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:center;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;height:100%;}.lsd-button--large.lsd-button--with-icon{padding:10px 0px 10px 18px;}.lsd-button--large.lsd-button--with-icon .lsd-button__icon{width:42px;}.lsd-button--medium.lsd-button--with-icon{padding:6px 0px 6px 14px;}.lsd-button--medium.lsd-button--with-icon .lsd-button__icon{width:38px;}.lsd-button--small.lsd-button--with-icon{padding:6px 0px 6px 12px;}.lsd-button--small.lsd-button--with-icon .lsd-button__icon{width:34px;}.lsd-button--outlined{background:none;border:1px solid rgb(var(--lsd-border-primary));}.lsd-button--outlined .lsd-button__text{color:rgb(var(--lsd-text-primary));}.lsd-button--filled{background:rgb(var(--lsd-surface-secondary));border:1px solid rgb(var(--lsd-border-primary));}.lsd-button--filled .lsd-button__text{color:rgb(var(--lsd-text-secondary));}</style><style data-emotion="css-global 10bahxd">.lsd-icon-button{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:center;cursor:pointer;background:none;padding:0;border:1px solid rgb(var(--lsd-border-primary));}.lsd-icon-button--filled{background-color:rgb(var(--lsd-icon-primary));}.lsd-icon-button--filled svg{--lsd-icon-primary:var(--lsd-icon-secondary);}.lsd-icon-button--disabled{opacity:0.34;cursor:default;}.lsd-icon-button--large{width:40px;height:40px;}.lsd-icon-button--medium{width:32px;height:32px;}.lsd-icon-button--small{width:28px;height:28px;}</style><style data-emotion="css-global icqph9">.lsd-icon-button-group{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;}.lsd-icon-button-group--outlined .lsd-icon-button:not(:last-child){border-right:none;}</style><style data-emotion="css-global 1f43ub2">body *{font-family:var(--lsd-typography-generic-font-family);}.lsd-typography{color:rgb(var(--lsd-text-primary));}.lsd-typography--sans-serif,.lsd-typography--sans-serif *{font-family:sans-serif;}.lsd-typography--serif,.lsd-typography--serif *{font-family:serif;}.lsd-typography--monospace,.lsd-typography--monospace *{font-family:monospace;}.lsd-typography--display1{color:rgb(var(--lsd-text-primary));font-weight:var(--lsd-display1-fontWeight);font-size:var(--lsd
      .lsd-dropdown--error
    ) .lsd-dropdown__trigger:hover .lsd-dropdown__option-label,.lsd-dropdown:not(.lsd-dropdown--disabled):not(
      .lsd-dropdown--error
    ) .lsd-dropdown__trigger:focus .lsd-dropdown__option-label{-webkit-text-decoration:underline;text-decoration:underline;}.lsd-dropdown__label{display:block;}.lsd-dropdown__button-container{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-pack:justify;-webkit-justify-content:space-between;justify-content:space-between;}.lsd-dropdown__trigger{width:100%;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:justify;-webkit-justify-content:space-between;justify-content:space-between;border:none;cursor:pointer;background:none;}.lsd-dropdown__trigger:focus{outline:none;}.lsd-dropdown__option-label{cursor:inherit;white-space:nowrap;overflow:hidden;text-overflow:ellipsis;}.lsd-dropdown__icons{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;-webkit-justify-content:center;justify-content:center;gap:8px;}.lsd-dropdown__icon{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;}.lsd-dropdown__supporting-text{margin:6px 14px;}.lsd-dropdown--error .lsd-dropdown__option-label{-webkit-text-decoration:line-through;text-decoration:line-through;}.lsd-dropdown--disabled{opacity:0.34;cursor:initial;}.lsd-dropdown--large{width:208px;}.lsd-dropdown--large.lsd-dropdown--error{width:230px;}.lsd-dropdown--large .lsd-dropdown__label{margin:0 0 6px 18px;}.lsd-dropdown--large .lsd-dropdown__button-container{height:40px;}.lsd-dropdown--large .lsd-dropdown__trigger{padding:10px 0px 10px 18px;}.lsd-dropdown--large .lsd-dropdown__icons{padding:0px 14px;}.lsd-dropdown--medium{width:188px;}.lsd-dropdown--medium.lsd-dropdown--error{width:210px;}.lsd-dropdown--medium .lsd-dropdown__label{margin:0 0 6px 14px;}.lsd-dropdown--medium .lsd-dropdown__button-container{height:32px;}.lsd-dropdown--medium .lsd-dropdown__trigger{padding:6px 0px 6px 14px;}.lsd-dropdown--medium .lsd-dropdown__icons{padding:0px 12px;}.lsd-dropdown--small{width:164px;}.lsd-dropdown--small.lsd-dropdown--error{width:186px;}.lsd-dropdown--small .lsd-dropdown__label{margin:0 0 6px 12px;}.lsd-dropdown--small .lsd-dropdown__button-container{height:28px;}.lsd-dropdown--small .lsd-dropdown__trigger{padding:6px 0px 6px 12px;}.lsd-dropdown--small .lsd-dropdown__icons{padding:0px 10px;}.lsd-dropdown--outlined .lsd-dropdown__button-container{border:1px solid rgb(var(--lsd-border-primary));}.lsd-dropdown--underlined .lsd-dropdown__button-container{border:1px solid transparent;border-bottom:1px solid rgb(var(--lsd-border-primary));}</style><style data-emotion="css-global w2g5fy">.lsd-dropdown-item{width:100%;box-sizing:border-box;display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-flex-direction:row;-ms-flex-direction:row;flex-direction:row;-webkit-align-items:center;-webkit-box-align:center;-ms-flex-align:center;align-items:center;border:1px solid rgb(var(--lsd-border-primary));}.lsd-dropdown-item:not(.lsd-dropdown-item--disabled){cursor:pointer;}.lsd-dropdown-item:not(.lsd-dropdown-item--disabled):hover,.lsd-dropdown-item:not(.lsd-dropdown-item--disabled):focus{outline:none;}.lsd-dropdown-item:not(.lsd-dropdown-item--disabled):hover .lsd-dropdown-item__label,.lsd-dropdown-item:not(.lsd-dropdown-item--disabled):focus .lsd-dropdown-item__label{-webkit-text-decoration:underline;text-decoration:underline;}.lsd-dropdown-item__label{display:block;overflow:hidden;white-space:nowrap;text-overflow:ellipsis;}.lsd-dropdown-item--disabled{opacity:0.34;}.lsd-dropdown-item__icon{margin-right:18px;-webkit-flex-shrink:0;-ms-flex-negative:0;flex-shrink:0;}.lsd-dropdown-item--small{padding:5px 9px;height:28px;}.l
<p>Some of Waku&#x27;s security features include the following:</p>
<h2 class="anchor anchorWithHideOnScrollNavbar_WYt5" id="pseudonymity"><a href="https://rfc.vac.dev/waku/standards/core/10/waku2/#pseudonymity" target="_blank" rel="noopener noreferrer">Pseudonymity</a><a href="#pseudonymity" class="hash-link" aria-label="Direct link to pseudonymity" title="Direct link to pseudonymity">​</a></h2>
<p>Waku ensures pseudonymity across its protocol layers, using libp2p <code>PeerID</code> as identifiers instead of disclosing true identities. However, it is important to note that pseudonymity does not provide complete anonymity. Actions performed under the same pseudonym (<code>PeerID</code>) can be linked, leading to the potential re-identification of the actual actor.</p>
<h2 class="anchor anchorWithHideOnScrollNavbar_WYt5" id="anonymityunlinkability"><a href="https://rfc.vac.dev/waku/standards/core/10/waku2/#anonymity--unlinkability" target="_blank" rel="noopener noreferrer">Anonymity/unlinkability</a><a href="#anonymityunlinkability" class="hash-link" aria-label="Direct link to anonymityunlinkability" title="Direct link to anonymityunlinkability">​</a></h2>
<p>Anonymity means an adversary cannot connect an actor to their actions or data. To achieve anonymity, avoiding linking activities with actors or their Personally Identifiable Information (PII) is crucial. In Waku, the following anonymity features are provided:</p>
<ul>
<li><a href="https://rfc.vac.dev/waku/standards/core/11/relay/#security-analysis" target="_blank" rel="noopener noreferrer">Publisher-message unlinkability</a>: Ensures that the publisher of messages in the <code>Relay</code> protocol cannot be linked to their published messages.</li>
<li><a href="https://rfc.vac.dev/waku/standards/core/11/relay/#security-analysis" target="_blank" rel="noopener noreferrer">Subscriber-topic unlinkability</a>: Ensures that the subscriber of topics in the <code>Relay</code> protocol cannot be linked to the topics they have subscribed to.</li>
</ul>
<h2 class="anchor anchorWithHideOnScrollNavbar_WYt5" id="spam-protection"><a href="https://rfc.vac.dev/waku/standards/core/10/waku2/#spam-protection" target="_blank" rel="noopener noreferrer">Spam protection</a><a href="#spam-protection" class="hash-link" aria-label="Direct link to spam-protection" title="Direct link to spam-protection">​</a></h2>
<p>The spam protection feature in <code>Relay</code> ensures that no adversary can flood the system with many messages, intentionally or not, regardless of the content&#x27;s validity or usefulness. This protection is achieved through the <a href="https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md#spam-protection-measures" target="_blank" rel="noopener noreferrer">scoring mechanism</a> of <code>GossipSub v1.1</code>. Peers assign scores to their connections based on their behaviour and remove peers with low scores.</p>
<p>Ongoing research is being conducted, including developing <a href="/learn/concepts/protocols#rln-relay">Rate Limit Nullifiers (RLN)</a>, which can be explored further at: <a href="https://github.com/vacp2p/research/issues/148" target="_blank" rel="noopener noreferrer">https://github.com/vacp2p/research/issues/148</a>.</p>
<h2 class="anchor anchorWithHideOnScrollNavbar_WYt5" id="data-confidentiality-integrity-and-authenticity"><a href="https://rfc.vac.dev/waku/standards/core/10/waku2/#data-confidentiality-integrity-and-authenticity" target="_blank" rel="noopener noreferrer">Data confidentiality, integrity, and authenticity</a><a href="#data-confidentiality-integrity-and-authenticity" class="hash-link" aria-label="Direct link to data-confidentiality-integrity-and-authenticity" title="Direct link to data-confidentiality-integrity-and-authenticity">​</a></h2>
<p>Confidentiality in Waku is ensured through data encryption, while integrity and authenticity are achieved through digital signatures. These security measures are available in <a href="https://rfc.vac.dev/waku/standards/core/14/message/#version-1" target="_blank" rel="noopener noreferrer">Waku Message (version 1)</a> and Noise protocols, which offer payload encryption and encrypted signatures. Noise protocols also facilitate secure channel negotiation within the Waku Network.</p>
<h2 class="anchor anchorWithHideOnScrollNavbar_WYt5" id="security-considerations"><a href="https://rfc.vac.dev/waku/standards/core/10/waku2/#security-considerations" target="_blank" rel="noopener noreferrer">Security considerations</a><a href="#security-considerations" class="hash-link" aria-label="Direct link to security-considerations" title="Direct link to security-considerations">​</a></h2>
<p>In protocols like <code>Store</code> and <code>Filter</code>, where direct connections are required for the designated service, anonymity or unlinkability is not guaranteed. This is because nodes use their <code>PeerID</code> to identify each other during direct connections, making the service obtained in these protocols linkable to the beneficiary&#x27;s <code>PeerID</code>, considered Personally Identifiable Information (PII). In <code>Store</code>, the queried node can link the querying node&#x27;s <code>PeerID</code> to the topics being queried. Similarly, in <code>Filter</code>, a node can link the <code>PeerID</code> of a light node to its content filter.</p></div><footer class="theme-doc-footer docusaurus-mt-lg"><div class="row margin-top--sm theme-doc-footer-edit-meta-row"><div class="col"><a href="https://github.com/waku-org/docs.waku.org/tree/develop/docs/learn/security-features.md" target="_blank" rel="noreferrer noopener" class="theme-edit-this-page"><div class="icon_S7Kx m_thRi"><svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="none" viewBox="0 0 16 16"><path fill="#fff" fill-rule="evenodd" d="m12.707 2.393.9.9c.526.52.526 1.367 0 1.887L4.787 14H2v-2.787l6.933-6.94 1.887-1.88c.52-.52 1.367-.52 1.887 0M3.333 12.667l.94.04 6.547-6.554-.94-.94-6.547 6.547z" clip-rule="evenodd"></path></svg></div><span class="lsd-typography lsd-typography--body2">Edit this page</span></a></div><div class="col lastUpdated_JAkA"></div></div></footer></article><nav class="docusaurus-mt-lg pagination-nav" aria-label="Docs pages"><a class="pagination-nav__link pagination-nav__link--prev" href="/learn/concepts/peer-exchange"><div class="icon_S7Kx m_thRi"><svg xmlns="http://www.w3.org/2000/svg" width="14" height="14" fill="none" viewBox="0 0 14 14"><path fill="#fff" d="M11.667 6.417h-7.1L7.83 3.156 7 2.333 2.334 7 7 11.667l.823-.823-3.255-3.26h7.099z"></path></svg></div><span class="lsd-typography lsd-typography--body2 pagination-nav__label">Peer Exchange</span></a><a class="pagination-nav__link pagination-nav__link--next" href="/learn/research/"><span class="lsd-typography lsd-typography--body2 pagination-nav__label">Research</span><div class="icon_S7Kx m_thRi"><svg xmlns="http://www.w3.org/2000/svg" width="14" height="14" fill="none" viewBox="0 0 14 14"><path fill="#fff" d="m7 2.334-.823.822 3.255 3.26H2.333v1.167h7.1l-3.256 3.261.823.823L11.667 7z"></path></svg></div></a></nav></div></div><div class="gap1_XuuQ"></div></div></div></main></div></div></div><footer class="footer"><div class="container container-fluid firstRow_ar1q"><div class="footer__bottom text--center"><div class="margin-bottom--sm"><a class="footerLogoLink_BH7S" href="/"><img src="/theme/image/logo.svg" alt="Waku" class="themedImage_kfRS themedImage--light_BL8e footer__logo" width="22"><img src="/theme/image/logo.svg" alt="Waku" class="themedImage_kfRS themedImage--dark_OvIx footer__logo" width="22"></a></div><div class="footer__copyright">Waku</div></div><div class="row footer__links"><div class="theme-layout-footer-column col footer__col"><div class="footer__title">Community</div><ul class="footer__items clean-list"><li class="footer__item"><a href="https://twitter.com/waku_org/" target="_blank" rel="noopener noreferrer" class="footer__link-item">X<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://discord.waku.org/" target="_blank" rel="noopener noreferrer" class="footer__link-item">Discord<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://github.com/waku-org/" target="_blank" rel="noopener noreferrer" class="footer__link-item">GitHub<svg width="13.5" height="13.5" aria-hidden="true" class="iconExternalLink_nPIU"><use href="#theme-svg-external-link"></use></svg></a></li><li class="footer__item"><a href="https://www.youtube.com/@wakuorg" target="_blank" rel="noopener noreferrer" class="f
</body>
</html>