Leaderless admission
Peers admit new members via distributed challenge-response and reputation-weighted quorum voting. No gatekeeper.
The internet, on the internet.
Knoten is a fully decentralized, quantum-resistant, zero-trust overlay network. No central controller. No trusted identity provider. Every node, message, and stored chunk is verified by cryptographic proof — on every interaction.
bootstrap: /dns4/bootstrap.upliftstudios.ca/tcp/9000
Post-quantum by default
Dual ML-DSA-65 + Ed25519 signatures, X-Wing (X25519 + ML-KEM-768) key exchange, AES-256-GCM, BLAKE3, Argon2id.
Donate disk, store fragments
Files are striped into 256 KiB blocks, Reed-Solomon coded (6+4), encrypted, and spread across peers. No node holds a readable file.
Private messaging
End-to-end encrypted direct messages, offline dead-drops, and onion routing for metadata privacy.
Self-verifying storage
Proof-of-storage challenges, dummy cover traffic, versioned manifests, and tamper-evident audit logs.
Evolves without forks
Reputation-weighted governance proposals let the network upgrade its own protocol — no central authority, no hard fork.
Zero trust, all the way down
Knoten is built on three mandates — verify explicitly, least-privilege access, and assume breach — baked into every subsystem rather than bolted on. Access to file chunks is gated by short-lived, signed capability tokens. Storage is compartmentalized and erasure-coded. Sessions expire and re-handshake for forward secrecy. Private namespaces microsegment the network.
Defense-in-depth by design: every signature and key exchange is hybrid (post-quantum + classical), so a flaw in either half alone never compromises you. Your identity is derived from a 24-word recovery phrase — restore it on any device with no central server ever holding your keys.
Download
The desktop app (Windows, macOS, Linux) and the knt CLI
are published on GitHub Releases. Server operators can run a headless
node or a bootstrap relay with Docker.