Reticulum

- Reading time: 14 minutes -

Still needs to be translated

Foreword

The Latin term reticulum means “small net.” Messages can be exchanged in a variety of ways—even without an Internet connection. The system is currently still in the beta phase.

Extreme privacy is much more difficult to achieve than security. Reticulum seems to do this very well because it is not based on the Internet Protocol (IP). With the Internet Protocol, the source and destination addresses (IP addresses) are always known. Even Tor (the onion routing) and VPN (virtual private networks) are also based on IP. In contrast, the Reticulum network system does not know the source, only the destination.

Contents

Advantages/disadvantages

  • Decentralization: direct, IP-independent (P2P, no separate servers required)
  • Positive: very good anonymity and very “secure”
  • Positive: no central system
  • Positive: can also be used with poor connections
  • Positive: can also be used independently of IP addresses (unique selling point)
  • Positive: no SIM card required
  • Positive: no terms of use
  • Positive: no contract
  • Positive: no identity verification
  • Positive: no provider
  • Positive: no IP address (ICAN)
  • Positive: no DNS
  • Positive: no blocking, no censorship
  • Positive: no unencrypted packets
  • Negative: Reticulum is still in beta and is experimental software (June 2024)
  • Negative: no security audit yet
  • Negative: no chat groups possible
  • Negative: No images and no voice messages
  • Negative: No telephony
  • Negative: Not suitable for corporate use, as only encrypted

How it works

The Reticulum “system” can be thought of as three layers built on top of each other:

1. Network level

The network system is called Reticulum (Reticulum Network Stack / “RNS”) and, like any other network technology, reliably transports data from one point to another via a series of intermediate stations—but in a completely different way than, for example, the classic Internet: None of the transmitted data packets contain information about the address, location, machine, or person from which it originates.

Reticulum itself is a mesh network protocol and not a messenger. It would be the replacement for the Clearnet/Internet protocol, where every attempt at privacy fails.

2. Data exchange

The “Lightweight Extensible Message Format (LXMF)” protocol is used for the actual data exchange. LXMF is a distributed, delay- and fault-tolerant message transmission protocol. It enables the transmission of audio and signal data in real time via Reticulum.

The simple and flexible message format and transmission protocol allows for a variety of implementations while using as little bandwidth as possible. LXMF offers zero-conf message forwarding, end-to-end encryption, forward secrecy, and can be transmitted over any medium supported by Reticulum.

It is so efficient that it can transmit messages over extremely low-bandwidth systems such as Packet Radio or LoRa. Encrypted LXMF messages can also be encoded as QR codes or text-based URIs, which even allows for completely analog transmission of messages on paper.

Addendum: There is also another protocol based on Reticulum: Qortal (external); https://github.com/markqvist/Reticulum/discussions/290 (external)

3. Applications

Sideband

The Sideband application has a graphical user interface, focuses on user-friendliness, and is available for Android, Linux, Raspberry, macOS, and Windows. Its target audience includes emergency responders in disaster areas.

Sideband is an extensible LXMF messaging and LXST telephony client, situational awareness tracker, and remote control and monitoring system for Android, Linux, macOS, and Windows. It enables communication with other people or LXMF-compatible systems via Reticulum networks using LoRa, Packet Radio, WiFi, I2P, encrypted QR paper messages, or anything else that Reticulum supports.

Sideband offers many useful and interesting features, including:

  • Secure and self-determined messaging and voice calls using the LXMF and LXST protocols via Reticulum.
  • Image and file transfers via all supported media.
  • Audio messages that even work over LoRa and radio connections thanks to Codec2 and Opus encoding.
    • Secure and direct P2P telemetry and location sharing. Data never falls into the hands of third parties or ends up on servers.
    • Exchange of messages via encrypted QR codes on paper or via messages embedded directly in lxm:// links.
    • Use of Android devices as improvised Reticulum routers (transport instances) for easy network setup or expansion.
    • Engine for executing remote commands and responses with built-in commands such as ping, signal reports, and echo, as well as full plugin extensibility.
    • With PTT function / push-to-talk (as with radio devices)

Sideband is completely free, end-to-end encrypted, license-free, anonymous, and infrastructure-free. Sideband uses the peer-to-peer and distributed messaging system LXMF. There is no registration, no service providers, no “end user license agreements,” no data theft, and no surveillance. The system belongs to no one.

This also means that Sideband works differently than you might be used to. It does not require a connection to a server on the internet to function, and you do not have an account anywhere.

Sideband is fully compatible with other LXMF clients such as MeshChat and Nomad Network. With the Nomad Network client, you can also easily host propagation nodes for your LXMF network and much more.

MeshChat

MeshChat is a user-friendly LXMF client with a web-based interface that also supports image and voice messages as well as file transfers. It also includes a built-in page browser for browsing the nodes of the Nomad Network (next item) and is available for Windows, Mac, and Linux. Source: https://github.com/liamcottle/reticulum-meshchat (external)

Nomad Network

A network-independent, encrypted, and resilient mesh communication platform.

Addresses

There is no central control over the address space in Reticulum. Anyone can assign as many addresses as they need, when they need them. Newly generated addresses become globally accessible within seconds to a few minutes. Once an address has been created, it can be physically moved to another location on the network and remains accessible—they are portable.

128-bit destination address hashes are used, which are displayed to users as 16 hexadecimal bytes. The display can also be in a dot-separated format. Example: <13425ec15b621c1d928589718000d814> or “logger.sensor.temperature”

Encryption

All communication is secured with strong encryption by default. All encryption keys are short-lived, and communication provides forward secrecy by default.

  • It is not possible to establish unencrypted connections in Reticulum networks.
  • It is not possible to send unencrypted packets to arbitrary destinations on the network.
  • Destinations that receive unencrypted packets discard them as invalid.

Reticulum is relatively new software and should be treated as such. Although it was developed with best cryptography practices in mind, it has not been externally security reviewed and may well contain bugs that compromise privacy or security.

Source: https://reticulum.betweentheborders.com/rnode_bootstrap_console/r/crypto_de.html (external)

Reticulum requires a thorough security review by independent cryptographers and security researchers. If you would like to help or sponsor an audit, please contact (external) us.

Source: https://markqvist.github.io/Reticulum/manual/whatis.html#caveat-emptor (external)

Hardware

Reticulum can be used over virtually any medium that supports at least one half-duplex channel with a throughput of 500 bits per second and an MTU of 500 bytes. Radio transceivers, modems, LoRa radios, serial lines, AX.25 TNCs, digital amateur radio modes, WiFi and Ethernet devices, free-space optical links, and similar systems are examples of physical devices that Reticulum can use. Supported interface types include:

  • Any Ethernet device
  • Almost all WiFi-based hardware
  • LoRa with RNode
  • Packet Radio TNCs (with or without AX.25)
  • KISS-compatible hardware and software modems
  • Any device with a serial interface
  • TCP over IP networks
  • UDP over IP networks
  • External programs via stdio or pipes
  • Custom hardware via stdio or pipes

Reticulum can therefore be used not only via existing Internet connections (directly via Ethernet or WiFi devices) but also via radio data devices, modems, LoRa radio devices, serial lines, digital amateur radio modes, optical connections, and more. Virtually any available infrastructure can be used.

For example, it is possible to connect a Raspberry Pi to both a LoRa radio device and a packet radio TNC and a WiFi network. Once the interfaces are configured, Reticulum takes care of the rest, and every device in the WiFi network can communicate with nodes on the LoRa and packet radio side of the network and vice versa.

Public Test Network

If you simply want to experiment without setting up a physical network, you can join the public Reticulum test network. The test network is exactly that: an informal network for testing and experimentation. It will be available most of the time, and anyone can join, but that also means there are no guarantees regarding the availability of services.

The test network runs the very latest version of Reticulum (often even shortly before public release). Sometimes experimental versions of Reticulum are deployed on nodes in the test network, which means that strange behavior may occur. If none of this deters you, you can join the test network via TCP or I2P.

Difference from TCP/IP (Internet)

Technical digression: OSI model (“Open Systems Interconnection”) The OSI model enables standardized communication between different computer systems and consists of 7 layers, each of which performs a specific task.

Reticulum could be seen as a replacement for Ethernet, IP, TCP, TLS, and HTTP:

Explanatory graphic RNS layers

Sources: Graphic RNS layers (external), GOODBYE INTERNET STACK (external)

Thoughts

Other messenger systems can be criticized in terms of the basis used (TCP/IP), as the modern Internet (TCP/IP) cannot really be considered secure. Examples:

Even if a provider is not “forced” to activate Cloudflare, but only does so briefly due to a DDoS attack, etc., Cloudflare can see all passwords and all data. Unfortunately, Cloudflare also remains “temporarily” activated far too often. Even the .Onion router at SimpleX does not help here, only extreme IP alternatives such as IPFS, I2P, or Reticulum.

Which other messenger (apart from Sideband, which is based on Reticlum/LXMF) is independent of IP and offers more decentral freedom?

Conclusion

Reticulum is an interesting approach—but fundamentally not suitable as an alternative or replacement for WhatsApp.

Sources

Browser presentation by RNS: https://r8io.github.io/rns-presentations/source/001-introduction.html (external)

Messenger client (sideband):
https://unsigned.io/website/sideband (external)
https://github.com/markqvist/sideband (external)
Quick success in public test network: http://reticulum.network/connect_de.html (external)

LXMF protocol:
https://unsigned.io/website/lxmf (external)

Basis (Reticulum):
Version history: https://github.com/markqvist/Reticulum/blob/master/Changelog.md (external)
Description: https://reticulum.network/index_de.html / betweentheborders.com (external)
Manual: https://reticulum.network/docs_de.html (external) / https://markqvist.github.io/Reticulum/manual (external); Manual as PDF file (external; PDF)

Video/presentation at the Chaos Computer Club (external)
Lecture/ (text) at qortal (external)
The Reticulum Network and How it Works (August 17, 2024): https://b2server.codeberg.page/blog/reticulum (external)

Difference to Nostr: https://github.com/markqvist/Reticulum/discussions/59 (external)

Discussion forum: https://github.com/markqvist/Reticulum/discussions (external)
Public chat room (XMPP) on the topic: xmpp:reticulum@chat.openim.de

FAQ: https://github.com/markqvist/Reticulum/wiki/frequently-asked-questions (external)

Reticulum Logo