Nym is an evolving

mix network Mix networks are routing protocols that create hard-to-trace communications by using a chain of proxy servers known as ''mixes'' which take in messages from multiple senders, shuffle them, and send them back out in random order to the next dest ...

(mixnet), a type of computer

network Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...

infrastructure for privacy that masks user

metadata Metadata (or metainformation) is "data that provides information about other data", but not the content of the data itself, such as the text of a message or the image itself. There are many distinct types of metadata, including: * Descriptive ...

, separating source and destination

IP address An Internet Protocol address (IP address) is a numerical label such as that is assigned to a device connected to a computer network that uses the Internet Protocol for communication. IP addresses serve two main functions: network interface i ...

es. It anonymizes various types of communication, including messaging, files transfers, payments transactions, and web browsing on basic websites. The project is built on

free and open-source software Free and open-source software (FOSS) is software available under a license that grants users the right to use, modify, and distribute the software modified or not to everyone free of charge. FOSS is an inclusive umbrella term encompassing free ...

and is

decentralized Decentralization or decentralisation is the process by which the activities of an organization, particularly those related to planning and decision-making, are distributed or delegated away from a central, authoritative location or group and gi ...

, maintained by a distributed set of independent

nodes In general, a node is a localized swelling (a "knot") or a point of intersection (a vertex). Node may refer to: In mathematics *Vertex (graph theory), a vertex in a mathematical graph *Vertex (geometry), a point where two or more curves, lines, ...

worldwide. Nym is sometimes compared to

anonymity Anonymity describes situations where the acting person's identity is unknown. Anonymity may be created unintentionally through the loss of identifying information due to the passage of time or a destructive event, or intentionally if a person cho ...

networks such as

Tor Tor, TOR or ToR may refer to: Places * Toronto, Canada ** Toronto Raptors * Tor, Pallars, a village in Spain * Tor, former name of Sloviansk, Ukraine, a city * Mount Tor, Tasmania, Australia, an extinct volcano * Tor Bay, Devon, England * Tor ...

and

I2P The Invisible Internet Project (I2P) is an anonymous network layer (implemented as a mix network) that allows for censorship-resistant, peer-to-peer communication. Anonymous connections are achieved by encrypting the user's traffic (by usin ...

, although it differs in some aspects. Unlike these, Nym does not support hidden services (e.g. .onion sites on Tor or eepsites on I2P).

Data packets In telecommunications and computer networking, a network packet is a formatted unit of data carried by a packet-switched network. A packet consists of control information and user data; the latter is also known as the '' payload''. Control inform ...

sent through the Nym mixnet are

encrypted In cryptography, encryption (more specifically, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plain ...

in multiple layers and routed through a series of nodes, including an entry gateway, three "mix nodes", and an exit gateway to the

internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...

. To mitigate

traffic analysis Traffic analysis is the process of intercepting and examining messages in order to deduce information from patterns in communication. It can be performed even when the messages are encrypted. In general, the greater the number of messages observ ...

risks, packets are standardized to a uniform size, mixned with cover traffic, and transmitted with randomized timing to obscure traffic patterns. These methods aim to make it more difficult for adversaries with broad surveillance capabilities to correlate incoming and outgoing data flows. Users can interact with the network via "NymVPN", a client application, or integrate Nym functionality into third-party applications using its

software development kit A software development kit (SDK) is a collection of software development tools in one installable package. They facilitate the creation of applications by having a compiler, debugger and sometimes a software framework. They are normally specific t ...

(SDK).

History

The concept of a

(mixnet) was introduced by

David Chaum David Lee Chaum (born 1955) is an American computer scientist, List of cryptographers, cryptographer, and inventor. He is known as a pioneer in cryptography and privacy-preserving technologies, and widely recognized as the inventor of Digital cur ...

in 1979 and later published in 1981. The

cypherpunk A cypherpunk is one who advocates the widespread use of strong cryptography and privacy-enhancing technologies as a means of effecting social and political change. The cypherpunk movement originated in the late 1980s and gained traction with th ...

movement contributed to the development of mixnets in the 1990s, though their practical applications remained limited, primarily in the form of

anonymous remailer An anonymous remailer is a server that receives messages with embedded instructions on where to send them next, and that forwards them without revealing where they originally came from. There are cypherpunk anonymous remailers, mixmaster anony ...

s. In the 2000s, some anonymous communication networks—most notably

—incorporated principles of mixnets, though Tor itself is based on

onion routing Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to the layers of an onion. The encrypted data is transmitted through a series o ...

rather than a mixnet implementation. The Nym mixnet originates from two

Horizon 2020 The Framework Programmes for Research and Technological Development, also called Framework Programmes or abbreviated FP1 to FP9, are funding programmes created by the European Union/European Commission to support and foster research in the Europe ...

research projects funded by the

European Commission The European Commission (EC) is the primary Executive (government), executive arm of the European Union (EU). It operates as a cabinet government, with a number of European Commissioner, members of the Commission (directorial system, informall ...

following the revelations on mass internet surveillance by the U.S. and U.K. governments: Panoramix (2015–2019) and NEXTLEAP (2016–2018). The mixnet originates from

academic research Research is creative and systematic work undertaken to increase the stock of knowledge. It involves the collection, organization, and analysis of evidence to increase understanding of a topic, characterized by a particular attentiveness to ...

, with technologies associated with the project regularly presented at scientific conferences in cybersecurity and cryptography, including

USENIX USENIX is an American 501(c)(3) nonprofit membership organization based in Berkeley, California and founded in 1975 that supports advanced computing systems, operating system (OS), and computer networking research. It organizes several confe ...

, NDSS, and Privacy Enhancing Technologies Symposium (PETS). These projects contributed to advancements in mixnet technologies, leading to the foundations of Nym in 2017: * Harry Halpin, then a computer scientist at

INRIA The National Institute for Research in Digital Science and Technology (Inria) () is a French national research institution focusing on computer science and applied mathematics. It was created under the name French Institute for Research in Comp ...

, conceived of the idea after a discussion with

Adam Back Adam Back (born July 1970) is a British cryptographer and cypherpunk. He is the CEO of Blockstream, which he co-founded in 2014. He invented Hashcash, which is used in the bitcoin mining process. Life Back was born in London, England, in July ...

in 2017 on how to improve

online privacy Internet privacy involves the right or mandate of personal privacy concerning the storage, re-purposing, provision to third parties, and display of information pertaining to oneself via the Internet. Internet privacy is a subset of data privacy. P ...

through a decentralized computing network that could take advantage of spare computing power to mix packets. * Cryptographers Ania Piotrowska and George Danezis of

University College London University College London (Trade name, branded as UCL) is a Public university, public research university in London, England. It is a Member institutions of the University of London, member institution of the Federal university, federal Uni ...

(UCL) introduced the "Loopix" architecture, which influenced Nym. Loopix integrated existing privacy-enhancing techniques to strengthen mixnet properties, including "Sphinx"

packet Packet may refer to: * A small container or pouch ** Packet (container), a small single use container ** Cigarette packet ** Sugar packet * Network packet, a formatted unit of data carried by a packet-mode computer network * Packet radio, a form ...

format, cover traffic,

exponential Exponential may refer to any of several mathematical topics related to exponentiation, including: * Exponential function, also: **Matrix exponential, the matrix analogue to the above *Exponential decay, decrease at a rate proportional to value * Ex ...

mixing delays, a layered network

topology Topology (from the Greek language, Greek words , and ) is the branch of mathematics concerned with the properties of a Mathematical object, geometric object that are preserved under Continuous function, continuous Deformation theory, deformat ...

, and Poisson-process-based packet transmission. In 2018, Harry Halpin white-boarded the idea to

Moxie Marlinspike Moxie Marlinspike is an American entrepreneur, cryptographer, and computer security researcher. Marlinspike is the creator of Signal (messaging app), Signal, co-founder of the Signal Technology Foundation, and served as the first CEO of Signal M ...

and Trevor Perrin of

Signal A signal is both the process and the result of transmission of data over some media accomplished by embedding some variation. Signals are important in multiple subject fields including signal processing, information theory and biology. In ...

and decided to launch Nym. An alpha version of Nym was presented at the 36th

Chaos Communication Congress The Chaos Communication Congress is an annual hacker conference organized by the Chaos Computer Club. The congress features a variety of lectures and workshops on technical and political issues related to security, cryptography, privacy and ...

(36C3) in December 2019. In February 2021, a

white paper A white paper is a report or guide that informs readers concisely about a complex issue and presents the issuing body's philosophy on the matter. It is meant to help readers understand an issue, solve a problem, or make a decision. Since the 199 ...

co-authored by Harry Halpin, Claudia Diaz (

KU Leuven KU Leuven (Katholieke Universiteit Leuven) is a Catholic research university in the city of Leuven, Leuven, Belgium. Founded in 1425, it is the oldest university in Belgium and the oldest university in the Low Countries. In addition to its mai ...

), and Aggelos Kiayias provided details on Nym’s technical and operational design. In 2021,

Chelsea Manning Chelsea Elizabeth Manning (born Bradley Edward Manning, December 17, 1987) is an American activist and whistleblower. She is a former United States Army soldier who was convicted by court-martial in July 2013 of violations of the Espionage ...

, a former U.S. Army intelligence analyst and

whistleblower Whistleblowing (also whistle-blowing or whistle blowing) is the activity of a person, often an employee, revealing information about activity within a private or public organization that is deemed illegal, immoral, illicit, unsafe, unethical or ...

, conducted a

security audit An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of i ...

of Nym to identify potential vulnerabilities. In January 2022, she joined the Nym development team as a security consultant and

public relations Public relations (PR) is the practice of managing and disseminating information from an individual or an organization (such as a business, government agency, or a nonprofit organization) to the public in order to influence their perception. Pu ...

advisor. The launch of the live Nym network took place on April 14, 2022, at

Station F Station F is a business incubator for startups, located in 13th arrondissement of Paris, near Bibliothèque nationale de France–Site François Mitterrand. It is noted as the world's largest startup facility. Situated in a former rail freight ...

Paris Paris () is the Capital city, capital and List of communes in France with over 20,000 inhabitants, largest city of France. With an estimated population of 2,048,472 residents in January 2025 in an area of more than , Paris is the List of ci ...

, with

Edward Snowden Edward Joseph Snowden (born June 21, 1983) is a former National Security Agency (NSA) intelligence contractor and whistleblower who leaked classified documents revealing the existence of global surveillance programs. Born in 1983 in Elizabeth ...

as a keynote speaker. In June 2022, Claudia Diaz, Harry Halpin, and Aggelos Kiayias introduced a reward-sharing scheme designed to incentivize operators within mix networks. As of February 2025, the Nym mixnet remains under active development. The project continues to be developed in collaboration with research institutions, such as

(through the COSIC research group) and EPFL (via the SPRING lab). Several other research teams working on privacy-enhancing technologies, cryptography, and decentralized systems have published research articles covering the Nym mixnet design.

Stakeholders

Nym is structured around a

architecture Architecture is the art and technique of designing and building, as distinguished from the skills associated with construction. It is both the process and the product of sketching, conceiving, planning, designing, and construction, constructi ...

, incorporating three primary roles: users, node operators, and validators. The network operates on an incentive-driven economic model designed to maintain its functionality and decentralization. * Users send

network traffic Network traffic or data traffic is the amount of data moving across a network at a given point of time. Network data in computer networks is mostly encapsulated in network packets, which provide the load in the network. Network traffic is the main ...

through Nym to enhance the privacy of their online activities and communications. * Node operators manage two types of node roles: ** Gateways act as entry and exit points to the network. They verify whether a user has access credentials and forward packets either to the inner "mix nodes" (entry gateways) or to the

(exit gateways). ** Mix nodes, which process traffic by decrypting and mixing packets before forwarding them, ensuring that communication patterns are obfuscated. * Anyone with technical expertise can download the Nym server software and become an operator, similar to how Tor relays function. A decentralized reward and

reputation system A reputation system is a program or algorithm that allow users of an online community to rate each other in order to build trust (social sciences), trust through reputation. Some common uses of these systems can be found on E-commerce websites s ...

is used to monitor operators' with the goal of promoting network stability and efficiency. * Validators maintain a

distributed ledger A distributed ledger (also called a shared ledger or distributed ledger technology or DLT) is a system whereby replicated, shared, and synchronized digital data is geographically spread (distributed) across many sites, countries, or institutions. I ...

that stores public information about active nodes and their rewards. They also issue anonymous access credentials using

zero-knowledge proof In cryptography, a zero-knowledge proof (also known as a ZK proof or ZKP) is a protocol in which one party (the prover) can convince another party (the verifier) that some given statement is true, without conveying to the verifier any information ...

s and digital signatures, allowing users to authenticate without revealing their identity. A utility token serves two primary purposes: # Compensating operators and validators for contributing to

network infrastructure A computer network is a collection of communicating computers and other devices, such as printers and smart phones. In order to communicate, the computers and devices must be connected by wired media like copper cables, optical fibers, or b ...

, ensuring the network adapts to user demand. # Maintaining network quality through: #* A reputation system that prioritizes high-performance operators based on

reliability Reliability, reliable, or unreliable may refer to: Science, technology, and mathematics Computing * Data reliability (disambiguation), a property of some disk arrays in computer storage * Reliability (computer networking), a category used to des ...

, speed, and latency. #* Mitigation of

Sybil attack A Sybil attack is a type of attack on a computer network service in which an attacker subverts the service's reputation system by creating a large number of pseudonymous identities and uses them to gain a disproportionately large influence. It is ...

s by making it resource-intensive for malicious entities to gain control over a significant portion of the network. This architecture is designed to support a decentralized

governance Governance is the overall complex system or framework of Process, processes, functions, structures, Social norm, rules, Law, laws and Norms (sociology), norms born out of the Interpersonal relationship, relationships, Social interaction, intera ...

model, where incentives align with

privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...

preservation and network security.

Technical architecture

Access control

Initial access to the network is managed through anonymous access credentials which usage unlinkable from payment and digital signatures. This

cryptographic Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or '' -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adversarial behavior. More gen ...

approach enables users to

authenticate Authentication (from ''authentikos'', "real, genuine", from αὐθέντης ''authentes'', "author") is the act of proving an assertion, such as the identity of a computer system user. In contrast with identification, the act of indicating ...

their access rights to each

node In general, a node is a localized swelling (a "knot") or a point of intersection (a vertex). Node may refer to: In mathematics * Vertex (graph theory), a vertex in a mathematical graph *Vertex (geometry), a point where two or more curves, lines ...

without disclosing any identifiable information, thereby enhancing the network's

Network architecture with dynamic reconfiguration

The Nym mixnet consists of a five-layer network architecture, maintained by independent

operators. * Entry gateways: The first layer consists of entry gateways, which serve as access point to the network. Users can select a gateway based on criteria such as reputation, performance, or geographic location. * Three layers of mix nodes: The core of the mixnet consists of three layers of mix nodes, structured in a stratified architecture. This design is intended to balance

protection, network

resilience Resilience, resilient, or resiliency may refer to: Science Ecology * Ecological resilience, the capacity of an ecosystem to recover from perturbations ** Climate resilience, the ability of systems to recover from climate change ** Soil resilien ...

, and efficiency in maintaining inter-node connections. * Exit gateways: The final layer consists of exit gateways, which forward traffic to the public

. Users can select an exit gateway similarly to how they choose an entry one. The

of the three mixing layers is updated hourly to improve privacy. Before the start of each epoch: * A subset of mix nodes is selected to route network traffic, based on a

that evaluates quality of service metrics. * The selected nodes are then

randomly In common usage, randomness is the apparent or actual lack of definite pattern or predictability in information. A random sequence of events, symbols or steps often has no order and does not follow an intelligible pattern or combination. In ...

assigned to different layers, reducing the risk of malicious actors strategically positioning themselves within the network to monitor or manipulate traffic.

Privacy-preserving mechanisms

Nym employs several

-enhancing techniques to protect both the content of communications and associated

. Metadata can reveal

information Information is an Abstraction, abstract concept that refers to something which has the power Communication, to inform. At the most fundamental level, it pertains to the Interpretation (philosophy), interpretation (perhaps Interpretation (log ...

about user activity and communication patterns, making it a target for

and

mass surveillance Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by Local government, local and federal governments or intell ...

. The mixnet aims to resist global adversaries with significant resources, including those capable of network-wide monitoring,

cryptanalysis Cryptanalysis (from the Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic se ...

, advanced

statistical analysis Statistical inference is the process of using data analysis to infer properties of an underlying probability distribution.Upton, G., Cook, I. (2008) ''Oxford Dictionary of Statistics'', OUP. . Inferential statistical analysis infers properties of ...

, or active participation through malicious nodes. * Uniform packet size: Messages transmitted through the mixnet are divided into fixed-size packets using the "Sphinx" packet format. Standardizing packet sizes helps prevent traffic correlation attacks based on message length. * Layered encryption: Similar to onion encryption in Tor, each packet is encapsulated in five layers of

encryption In Cryptography law, cryptography, encryption (more specifically, Code, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the inf ...

. As packets traverse the network, each

decrypts only its assigned layer before forwarding the packet. The final node in the sequence is the only one that knows the ultimate destination of the packet. * Randomized packet transmission: Packets are emitted by the user at random intervals, following a

Poisson process In probability theory, statistics and related fields, a Poisson point process (also known as: Poisson random measure, Poisson random point field and Poisson point field) is a type of mathematical object that consists of Point (geometry), points ...

. * Cover traffic injection: Users generate and send dummy packets to accompany real messages. This prevents adversaries from identifying active communication and makes correlation attacks more difficult. * Temporal reordering at mix nodes: Following the standard

model, each mix node introduces random delays (following an

exponential distribution In probability theory and statistics, the exponential distribution or negative exponential distribution is the probability distribution of the distance between events in a Poisson point process, i.e., a process in which events occur continuousl ...

) and reorders packets before forwarding, rather than forwarding them when they become available. This also aims to disrupt timing correlation between packet input and output, making traffic analysis more challenging.

Cryptographic mechanisms

Nym employs

open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...

protocols such as WireGuard and the Noise Protocol Framework to enable secure and anonymous packet transmission. The client establishes a secure communication channel with an entry gateway and then

encrypts In cryptography, encryption (more specifically, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plain ...

each packet in five layers—one for the exit gateway, three for the mix nodes, and one for the entry gateway. As the packet traverses the network, each node decrypts only its designated layer, before forwarding it to the next

. To initiate communication, the client selects an entry gateway and establishes a secure channel using: *

X25519 X, or x, is the twenty-fourth letter of the Latin alphabet, used in the English alphabet, modern English alphabet, the alphabets of other western European languages and others worldwide. Its name in English is Wikt:ex#English, ''ex'' (pro ...

, an Elliptic Curve Diffie-Hellman (ECDH)

key exchange Key exchange (also key establishment) is a method in cryptography by which cryptographic keys are exchanged between two parties, allowing use of a cryptographic algorithm. If the sender and receiver wish to exchange encrypted messages, each m ...

protocol, used for confidential key agreement. *

Ed25519 In public-key cryptography, Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves. It is designed to be faster than existing digital signature scheme ...

, a digital signature scheme, which ensures the authenticity of the connection. Before transmission, the client encrypts each packet in five successive layers, corresponding to the nodes it will traverse: * Three mix nodes and exit gateway: A four-layer "Sphinx" packet encryption: ** Packet headers are encrypted using

AES-CTR In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authentication, authenticity. A block cipher by itself is only suitable for the secure cryptogr ...

(stream cipher mode). ** Packet contents are encrypted using Lioness Wide Block Cipher. * Entry gateway: The outermost encryption layer is secured using

AES-GCM In cryptography, Galois/Counter Mode (GCM) is a mode of operation for symmetric-key cryptographic block ciphers which is widely adopted for its performance. GCM throughput rates for state-of-the-art, high-speed communication channels can be achie ...

256-bit for confidentiality and integrity purposes. According to Nym’s 2025 roadmap, plans exist to integrate post-quantum cryptographic resistance as the development team has proposed replacing the Sphinx packet format with a new, lighter format known as “Outfox”, which is intended to optimize network efficiency while maintaining strong

guarantees.

Research and Development (R&D)

The mixnet originates from

, with technologies associated with the project regularly presented at scientific conferences in cybersecurity and cryptography, including

, NDSS, and Privacy Enhancing Technologies Symposium (PETS). The project continues to be developed in collaboration with research institutions, such as

advisory board An advisory board is a body that provides non-binding strategic advice to the management of a corporation, organization, or foundation. The informal nature of an advisory board gives greater flexibility in structure and management compared to the ...

and external advisors, comprising researchers and practitioners in

computer science Computer science is the study of computation, information, and automation. Computer science spans Theoretical computer science, theoretical disciplines (such as algorithms, theory of computation, and information theory) to Applied science, ...

networking Network, networking and networked may refer to: Science and technology * Network theory, the study of graphs as a representation of relations between discrete objects * Network science, an academic field that studies complex networks Mathematics ...

cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...

, and

privacy protection Privacy engineering is an emerging field of engineering which aims to provide methodologies, tools, and techniques to ensure systems provide acceptable levels of privacy. Its focus lies in organizing and assessing methods to identify and tackle priv ...

. Notable members include : * Karthikeyan Bhargavan, a former

researcher, known for his contributions to TLS 1.3 and

IETF The Internet Engineering Task Force (IETF) is a standards organization for the Internet standard, Internet and is responsible for the technical standards that make up the Internet protocol suite (TCP/IP). It has no formal membership roster ...

standardization efforts. He was a co-recipient of the

Levchin Prize The Levchin Prize for real-world cryptography is a prize given to people or organizations who are recognized for contributions to cryptography that have a significant impact on its practical use. The recipients are selected by the steering commit ...

in 2016 for his work on TLS. * Daniel J. Bernstein, a mathematician and cryptographer affiliated with the

University of Illinois Chicago The University of Illinois Chicago (UIC) is a public research university in Chicago, Illinois, United States. Its campus is in the Near West Side community area, adjacent to the Chicago Loop. The second campus established under the Universi ...

and

Ruhr University Bochum The Ruhr University Bochum (, ) is a public research university located in the southern hills of the central Ruhr area, Bochum, Germany. It was founded in 1962 as the first new public university in Germany after World War II. Instruction began ...

. He has contributed to the development of several cryptographic primitives, including

ChaCha20 Salsa20 and the closely related ChaCha are stream ciphers developed by Daniel J. Bernstein. Salsa20, the original cipher, was designed in 2005, then later submitted to the eSTREAM European Union cryptographic validation process by Bernstein. Ch ...

SipHash SipHash is an add–rotate–xor (ARX) based family of pseudorandom functions created by Jean-Philippe Aumasson and Daniel J. Bernstein in 2012, in response to a spate of "hash flooding" denial-of-service attacks (HashDoS) in late 2011. SipHash ...

, Streamlined

NTRU NTRU is an open-source public-key cryptosystem that uses lattice-based cryptography to encrypt and decrypt data. It consists of two algorithms: NTRUEncrypt, which is used for encryption, and NTRUSign, which is used for digital signatures. Unlike ...

Prime, and Classic McEliece, a post-quantum

Key Encapsulation Mechanism In cryptography, a key encapsulation mechanism (KEM) is a public-key cryptosystem that allows a sender to generate a short secret key and transmit it to a receiver securely, in spite of eavesdropping and intercepting adversaries. Modern standar ...

(KEM). * George Danezis, a researcher specializing in anonymous communications and security, affiliated with

and the

Alan Turing Institute The Alan Turing Institute is the United Kingdom's national institute for data science and artificial intelligence, founded in 2015 and largely funded by the UK government. It is named after Alan Turing, the British mathematician and computing p ...

. *

Aggelos Kiayias Aggelos Kiayias () is a Greek cryptographer and computer scientist, is a professor at the University of Edinburgh and the chief science officer at Input Output Global (formerly IOHK), the blockchain company that developed Cardano. Education ...

, a cryptographer and professor at the University of Edinburgh, known for his work on the Cardano blockchain, the

Ouroboros The ouroboros or uroboros (; ) is an ancient symbol depicting a serpent symbolism, snake or European dragon, dragon Autocannibalism, eating its own tail. The ouroboros entered Western tradition via Egyptian mythology, ancient Egyptian iconogra ...

proof-of-stake Proof-of-stake (PoS) protocols are a class of consensus mechanisms for blockchains that work by selecting validators in proportion to their quantity of holdings in the associated cryptocurrency. This is done to avoid the computational cost of ...

protocol, and

electronic voting Electronic voting is voting that uses electronic means to either aid or handle casting and counting ballots including voting time. Depending on the particular implementation, e-voting may use standalone '' electronic voting machines'' (also ...

systems. He was a co-recipient of the

Lovelace Medal The Lovelace Medal was established by BCS, The Chartered Institute for IT in 1998, and is presented to individuals who have made outstanding contributions to the understanding or advancement of computing. It is the top award in computing in the U ...

in 2024. *

Ben Laurie Ben Laurie is an English software engineer. Laurie wrote Apache-SSL, the basis of most SSL-enabled versions of the Apache HTTP Server. He developed the MUD ''Gods'', which was innovative in including online creation in its endgame. Laurie also ...

, a founding member of the

Apache Software Foundation The Apache Software Foundation ( ; ASF) is an American nonprofit corporation (classified as a 501(c)(3) organization in the United States) to support a number of open-source software projects. The ASF was formed from a group of developers of the ...

, contributor to

OpenSSL OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS web ...

and

FreeBSD FreeBSD is a free-software Unix-like operating system descended from the Berkeley Software Distribution (BSD). The first version was released in 1993 developed from 386BSD, one of the first fully functional and free Unix clones on affordable ...

, and a former associate of

WikiLeaks WikiLeaks () is a non-profit media organisation and publisher of leaked documents. It is funded by donations and media partnerships. It has published classified documents and other media provided by anonymous sources. It was founded in 2006 by ...

. He was a co-recipient of the

in 2024 for his work on

Certificate Transparency Certificate Transparency (CT) is an Internet security standard for monitoring and auditing the issuance of digital certificates. When an internet user interacts with a website, a trusted third party is needed for assurance that the website is leg ...

. *

Bart Preneel Bart Preneel (born 15 October 1963 in Leuven, Belgium) is a Belgium, Belgian cryptographer and cryptanalyst. He is a professor at Katholieke Universiteit Leuven, in the COSIC group. He was the president of the International Association for Crypt ...

, a cryptographer at KU Leuven, co-designer of cryptographic functions, including the Miyaguchi-Preneel construction,

RIPEMD RIPEMD (RIPE Message Digest) is a family of cryptographic hash functions developed in 1992 (the original RIPEMD) and 1996 (other variants). There are five functions in the family: RIPEMD, RIPEMD-128, RIPEMD-160, RIPEMD-256, and RIPEMD-320, of ...

hash function, and the

MUGI In cryptography, MUGI is a pseudorandom number generator (PRNG) designed for use as a stream cipher. It was among the cryptographic techniques recommended for Japanese government use by CRYPTREC in 2003, however, has been dropped to "candidate" ...

pseudo-random number generator. He is a former president of the

International Association for Cryptologic Research The International Association for Cryptologic Research (IACR) is a non-profit scientific organization that furthers research in cryptology and related fields. The IACR was organized at the initiative of David Chaum at the CRYPTO '82 conference. ...

(IACR). *

Carmela Troncoso Carmela González Troncoso (born 1982 in Vigo) is a Spanish telecommunication engineer and researcher specialized in privacy issues, and an LGBT+ activist. She is currently an associate professor at École Polytechnique Fédérale de Lausanne ...

, a professor of computer security and privacy at EPFL, known for her contributions to

privacy-enhancing technologies Privacy-enhancing technologies (PET) are technologies that embody fundamental data protection principles by minimizing personal data use, maximizing data security, and empowering individuals. PETs allow online users to protect the privacy of their ...

Practical considerations

User experience

Users can access the Nym mixnet through the "NymVPN" client, which is available with both a

graphical interface A graphical user interface, or GUI, is a form of user interface that allows users to interact with electronic devices through graphical icons and visual indicators such as secondary notation. In many applications, GUIs are used instead of te ...

and a

command-line interface A command-line interface (CLI) is a means of interacting with software via command (computing), commands each formatted as a line of text. Command-line interfaces emerged in the mid-1960s, on computer terminals, as an interactive and more user ...

, or by integrating the network into third-party applications using

s (SDKs). The privacy features of Nym share similarities with

Virtual Private Networks Virtual private network (VPN) is a network architecture for virtually extending a private network (i.e. any computer network which is not the public Internet) across one or multiple other networks which are either untrusted (as they are not c ...

(VPNs) and

, particularly in masking the user’s

and obfuscating their location. Additionally, Nym is designed to conceal

, a factor often exploited in

and

systems.

Adoption challenges

Independent tests conducted by technology media in 2024–2025 indicate that, in practice, the Nym mixnet introduces noticeable latency, which limits its suitability for real-time applications and mainstream adoption–unlike more widely used privacy-enhancing technologies developed over the past decade, such as

Brave Brave(s) or The Brave(s) may refer to: Common meanings *Brave, an adjective for one who possesses courage * Braves (Native Americans), a Euro-American stereotype for Native American warriors Film and television * ''Brave'' (1994 film), a concept ...

for private

browsing Browsing is a kind of orienting strategy. It is supposed to identify something of relevance for the browsing organism. In context of humans, it is a metaphor taken from the animal kingdom. It is used, for example, about people browsing open sh ...

Proton Mail Proton Mail is a Swiss end-to-end encrypted email service launched in 2014 and operated by Proton AG, which also operates Proton VPN, Proton Drive, Proton Calendar, Proton Pass and Proton Wallet. Proton AG is owned by the nonprofit Proton ...

for encrypted email, and

DuckDuckGo DuckDuckGo is an American software company focused on online privacy whose flagship product is a search engine named DuckDuckGo. Founded by Gabriel Weinberg in 2008, its later products include browser extensions and a custom DuckDuckGo web ...

for anonymous

search Searching may refer to: Music * "Searchin', Searchin", a 1957 song originally performed by The Coasters * Searching (China Black song), "Searching" (China Black song), a 1991 song by China Black * Searchin' (CeCe Peniston song), "Searchin" (C ...

. Mixnets are considered more appropriate for latency-tolerant use cases, such as

messaging A message is a unit of communication that conveys information from a sender to a receiver. It can be transmitted through various forms, such as spoken or written words, signals, or electronic data, and can range from simple instructions to co ...

, emailing, data transfers,

batch processing Computerized batch processing is a method of running software programs called jobs in batches automatically. While users are required to submit the jobs, no other interaction by the user is required to process the batch. Batches may automatically ...

, and IoT applications.

Privacy properties

While the Nym mixnet aims to offer enhanced privacy features, researchers acknowledge that

and surveillance methods evolve over time, leading to a continuous adaptation between anonymization techniques and traffic analysis strategies. An

emerging technology Emerging technologies are technologies whose development, practical applications, or both are still largely unrealized. These technologies are generally new but also include old technologies finding new applications. Emerging technologies are o ...

, mixnets such as Nym have yet to be extensively validated on a large scale. More specifically,

research Research is creative and systematic work undertaken to increase the stock of knowledge. It involves the collection, organization, and analysis of evidence to increase understanding of a topic, characterized by a particular attentiveness to ...

has identified several potential vulnerabilities in the “Loopix” mixnet architecture, which serves as the foundation for Nym. These concerns include susceptibility to

, the possibility for entry gateways to discern user information, the substantial amount of cover traffic required to ensure the claimed privacy properties, and the risks of exposure to malicious service providers, including complete paths being compromised.

Security properties

The Nym software, which powers the network, is

and distributed under the

GPLv3 The GNU General Public Licenses (GNU GPL or simply GPL) are a series of widely used free software licenses, or ''copyleft'' licenses, that guarantee end users the freedom to run, study, share, or modify the software. The GPL was the first ...

license A license (American English) or licence (Commonwealth English) is an official permission or permit to do, use, or own something (as well as the document of that permission or permit). A license is granted by a party (licensor) to another part ...

. Its

source code In computing, source code, or simply code or source, is a plain text computer program written in a programming language. A programmer writes the human readable source code to control the behavior of a computer. Since a computer, at base, only ...

is publicly available on

GitHub GitHub () is a Proprietary software, proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug trackin ...

, allowing for independent review and

audits An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon." Auditing al ...

by the security community. Nym has undergone several security audits, including by cryptographer Jean-Philippe Aumasson (2021), Oak Security (2023), Cryspen (2023–2024) and

Cure53 Cure53 is a German cybersecurity firm. The company was founded by Mario Heiderich, a security researcher. History After a report from Cure53 on the South Korean security app Smart Sheriff, that described the app's security holes as "catastrop ...

(2024). However, it does not currently have a public

bug bounty program A bug bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security vulnerabilities. If no fin ...

to encourage the reporting of

vulnerabilities Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...

Energy consumption

Mix networks enhance user privacy by employing multi-layered encryption and routing data through 5-hop connections. This process introduces additional computational overhead compared to single-hop connections, increasing

energy consumption Energy consumption is the amount of energy used. Biology In the body, energy consumption is part of energy homeostasis. It derived from food energy. Energy consumption in the body is a product of the basal metabolic rate and the physical acti ...

. The generation of cover traffic—artificial packets designed to obfuscate real data flows—further increases

data transmission Data communication, including data transmission and data reception, is the transfer of data, signal transmission, transmitted and received over a Point-to-point (telecommunications), point-to-point or point-to-multipoint communication chann ...

volumes and energy usage. Some analyses suggest that this overhead could be up to ten times greater than that of traditional internet traffic.

References

External links

* * {{Portal bar, Free and open-source software , Freedom of speech , Internet 2020 software Application layer protocols Computer networking Free software programmed in Rust File sharing Free routing software Internet privacy software Internet security Overlay networks Proxy servers Mix networks

History

Stakeholders

Technical architecture

Access control

Network architecture with dynamic reconfiguration

Privacy-preserving mechanisms

Cryptographic mechanisms

Research and Development (R&D)

Practical considerations

User experience

Adoption challenges

Privacy properties

Security properties

Energy consumption

See also

References

External links

External links