0k-sync
Most “encrypted sync” services hold your keys. They pinky-promise not to look. 0k-sync takes a different approach: the relay can’t look, even if compromised.
- No accounts. Devices pair via passphrase or QR code.
- No key escrow. Keys derive from your passphrase via Argon2id. We never see them.
- Minimal metadata. The relay sees blob sizes and timing, but never content, file names, or structure.
- No trust required. Run your own relay. Or use ours. The cryptography is the same.
- Runs anywhere. Pure Rust, no runtime. Designed for edge hardware, slow networks, and battery-constrained devices.
The Vision
Section titled “The Vision”We’re building for a world where edge AI runs on edge chips — and those devices need a reliable, secure sync protocol to deliver context updates in seconds, not minutes.
Edge AI scenarios:
- Autonomous agents on long missions, maintaining shared context even when far from base
- Drone swarms that need to sync state without a central server seeing the mission
- Field sensors pushing readings back to your infrastructure, not someone else’s cloud
Personal privacy scenarios:
- Sync your health data across devices without Google knowing your weight
- Family photo sharing that doesn’t train someone else’s AI model
- Personal journals, financial tracking, medical records — yours, not theirs
Not just messages — large files too. Photos, video, sensor dumps, AI model checkpoints. Content is encrypted locally, chunked, and transferred with content-addressed hashing (BLAKE3). The relay never sees what’s inside.
Built With Rust
Section titled “Built With Rust”No garbage collector. No runtime. No Electron. Just compiled machine code.
| Property | Detail |
|---|---|
| Footprint | Small relay binary, minimal client library overhead |
| Memory | Argon2id scales to available RAM (19–64 MiB) |
| Startup | Instant — no VM warmup, no JIT compilation |
| Target | Edge-ready — resource-constrained, bandwidth-limited environments |
Crate Architecture
Section titled “Crate Architecture”| Crate | Purpose | Tests |
|---|---|---|
sync-types | Wire format, message definitions | 44 |
sync-core | Pure logic, no I/O (instant tests) | 70 |
sync-client | Client library for applications | 144 |
sync-content | Large file transfer (encrypt-then-hash) | 24 |
sync-cli | CLI tool for testing/debugging | 45 |
sync-relay | Relay server | 105 |
sync-bridge | FFI-friendly bridge layer | 41 |
sync-node | Node.js/Bun bindings (napi-rs) | 10 + 21 JS |
sync-python | Python bindings (PyO3) | 11 + 31 pytest |
chaos-tests | Chaos + distributed testing | 71 + 63 scenarios |
750+ tests across the workspace — Rust, JS (napi-rs), and Python (PyO3) — plus 63 chaos scenarios. Two tiers of chaos testing: 28 single-host Docker scenarios (Toxiproxy) and 35 distributed scenarios across a 3-machine mesh.
Cryptography
Section titled “Cryptography”| Layer | Algorithm | Why |
|---|---|---|
| Blob encryption | XChaCha20-Poly1305 | 256-bit key, 192-bit nonce — no nonce reuse risk even at scale |
| Key derivation | Argon2id | 19–64 MiB memory-hard — OWASP minimum enforced, adapts to device |
| Transport | QUIC (TLS 1.3) + Noise XX | UDP-based, handles packet loss, NAT traversal. Hybrid Noise adds mutual auth + PQ protection |
| Post-quantum | ML-KEM-768 + X25519 | Hybrid scheme via clatter — security holds if either classical or PQ is broken |
| Content addressing | BLAKE3 | Encrypt-then-hash — fast, parallelizable, collision-resistant |
See the Hybrid Post-Quantum Crypto research for the full design.
Explore the Documentation
Section titled “Explore the Documentation”What This Is (and Isn’t)
Section titled “What This Is (and Isn’t)”Is:
- A sync primitive for local-first apps
- A secure relay for routing encrypted blobs
- Framework-agnostic (Tauri, Electron, mobile, CLI)
Isn’t:
- A database (you handle storage)
- A CRDT library (you handle conflict resolution)
- A backup service (the relay is ephemeral by default)
- A replacement for Syncthing (different use case — this is for app developers)
Because “trust us” isn’t a security model.