| Version | |
|---|---|
| Proof-of-Concept Implementation | 0.1 |
| Specification | 0.3 (changelog) |
Warning
This repository contains proof-of-concept code and is not intended for production use. The protocol details are not yet finalized.
January 2025: A formal analysis was performed by Luca Maier in https://github.com/lumaier/securedrop-formalanalysis and published as "A Formal Analysis of the SecureDrop Protocol", supervised by David Basin, Felix Linker, and Shannon Veitch in the Information Security Group at ETH Zürich.
May 2024: Proof-of-concept code was announced publicly.
December 2023: A preliminary cryptographic audit was performed by Michele Orrù. See #36.
Jan 2023: Proof-of-concept implementation work with Shielder began.
To better understand the context of this research and the previous steps that led to it, read the following blog posts:
- Part 1: Future directions for SecureDrop
- Part 2: Anatomy of a whistleblowing system
- Part 3: How to research your own cryptography and survive
- Part 4: Introducing SecureDrop Protocol
Install the Rust toolchain. To view browsable documentation, install doxygen and dot (Graphviz). Use make help from the project root to see available make targets, e.g. to install lint tools, run formatting checks, or build crates.
Lint tools are installed in the lint-tools directory to avoid interfering with the user's system dependencies; cargo will suggest adding the directory to your $PATH, but that's not required.
The securedrop-protocol/securedrop-protocol directory contains Rust proof-of-concept code under development. Running make bench from within that directory allows for benchmarking the proof-of-concept implementation.