Secure Scuttlebutt

13 minute read

Secure Scuttlebutt

  • Scuttlebutt social network - a decentralised platform

  • Secure Scuttlebutt is a database protocol for unforgeable append-only message feeds.

    “Unforgeable” means that only the owner of a feed can update that feed, as enforced by digital signing (see Security properties). This property makes Secure Scuttlebutt useful for peer-to-peer applications. Secure Scuttlebutt also makes it easy to encrypt messages.

    Scuttlebot forms a global cryptographic social network with its peers. Each user is identified by a public key, and publishes a log of signed messages, which other users follow socially.

    Scuttlebot searches the P2P mesh for new messages and files from followed users and from FoaFs (friend of a friend’s). The messages and files are stored locally, indefinitely, for applications to read.

    Identity Users are identified by confirmations and signals in the social graph. This is known as a Web-of-Trust. There is no global registry of usernames. Instead, users name themselves, and share petnames for each other.

    Discovery occurs by examining the social graph, or by out-of-band sharing. Applications can analyze the follow-graph, and look for “flag” messages, to determine who is trust-worthy in the network.

  • Scuttlebot - a peer-to-peer log store

    Scuttlebot is an open source peer-to-peer log store used as a database, identity provider, and messaging system. It features global replication, file-syncronization, and end-to-end encryption.

  • - Get started with Scuttlebot and the Secure Scuttlebutt protocol

    Scuttlebot implemented by ssb-server: a p2p log store Secure Scuttlebutt implemented by ssb-db: a global database protocol Patchwork: a social messaging app built on ssb-server and ssb-db

  • Secure-scuttlebutt vs scuttlebutt vs scuttlebot vs sbot? - Explanation of terms, repos and project history
    • scuttlebutt: a gossip protocol that synchronises messages via a vector clock of per-node timestamps or sequences. Dominic got this name from an amazon paper “Efficient Reconciliation and Flow Control for Anti-Entropy Protocols”. This is the original scuttlebutt module which should now be known as “insecure scuttlebutt”. This repo is generally no longer used by the ssb community.
    • ssb-db: this is the database part of ssb. Previously this term referred to the protocol/database as a whole.
    • ssb-server: this repo adds networking behaviour to the database (secure-scuttlebutt).
    • sbot: short for scuttlebot, previously the CLI command name to control ssb-server. Now also named ssb-server.
  • Manyverse - Mobile App

    Manyverse is a social network mobile app with features you would expect: posts, threads, likes, profiles, etc. But it’s not running in the cloud owned by a company, instead, your friends’ posts and all your social data live entirely in your phone. This way, even when you’re offline, you can scroll, read anything, and even write posts and like content! When your phone is back online, it syncs the latest updates directly with your friends’ phones, through a shared local Wi-Fi or on the internet.


  • A collection of news articles and blogs about Scuttlebutt
  • Design Challenge: Avoid Centralization and Singletons

    The danger of centralization is obvious: it creates a single point of failure that can easily be attacked, or act as an attacker. And, it creates a monoculture of information, as the central point starts to control what information is trusted, or ranked highly.

  • Design Challenge: Sybil Attacks

    If it is possible for an anyone to connect to a computer system then it may be possible to interfere with the operation of that system, and defenses against interference must be designed in.

  • Efficient Reconciliation and Flow Control for Anti-Entropy Protocols

    The paper shows that anti-entropy protocols can process only a limited rate of updates, and proposes and evaluates a new state reconciliation mechanism as well as a flow control scheme for anti-entropy protocols.

  • Announcing: SSB Rooms -

    Today I’m launching something I’ve been working on since May to help improve the Secure Scuttlebutt (SSB) ecosystem with a new type of server: SSB Rooms. As an alternative or complement to pub servers, rooms are servers intended as meeting places where peers come to discover others and establish network connections with each other.

  • Scuttlebutt - P2PFR

    Scuttlebutt est un logiciel libre, développé pour assurer des fonctions utiles à un réseau social (type Facebook, Mastodon, Diaspora…). Nous n’en parlerions pas autrement, la communication entre chaque participant(e) au réseau se fait en pair-à-pair. rec

  • Counter-Anti-Disintermediation
  • The Nomad Who’s Exploding the Internet Into Pieces - Could decentralizing online life make it more compatible with human life?
  • Scuttlebutt: an “off-grid” P2P social network that runs without servers and can fall back to sneakernet
  • [Efficient Reconciliation and Flow Control for Anti-Entropy Protocols]

    The paper shows that anti-entropy protocols can process only a limited rate of updates, and proposes and evaluates a new state reconciliation mechanism as well as a flow control scheme for anti-entropy protocols.

  • Designing a Secret Handshake: Authenticated Key Exchange as a Capability System

    Capability Based Security is a conceptual framework for designing decentralized access control systems, yet there is no widely implemented protocol for establishing secure two-way communication that also forms a capability system. We examine the ways various key exchange protocols arn’t capability systems, and then present a secure key exchange protocol designed with capability systems in mind. In this protocol, the server’s public key forms an access capability. Using a preauthentication step, we authenticate the client before the server, but still accomplish mutual authentication within 4 passes. All long term keys are kept secret from any unauthenticated actors.


Secure Scuttlebutt Consortium - GitHub Repos

Nearly all of these repositories have seen activity within the past year!


  • ssbc/docs

    Scuttlebot implemented by ssb-server: a p2p log store Secure Scuttlebutt implemented by ssb-db: a global database protocol Patchwork: a social messaging app built on ssb-server and ssb-db

  • ssbc/

    ssb handbook: A guide to the Secure Scuttlebutt key concepts and influences (see also, new website: ssbc/

  • ssbc/ - Documentation for the Scuttlebutt module ecosystem

    This is an aggregation of commonly used scuttlebutt modules grouped for your convenience into several sections.

  • ssbc/ssb-spec-drafts - protocol specifications for Secure Scuttlebutt

    SSB-Drafts are working documents of the Secure Scuttlebutt community. Note that other groups may also distribute working documents as SSB-Drafts.

    SSB-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use SSB-Drafts as reference material or to cite them other than as “work in progress.”

    This wording aligns with the IRTF’s document track for Internet-Drafts.

  • ssbc/scuttlebutt-protocol-guide - Protocol documentation for Secure Scuttlebutt
  • ssbc/scuttlebutt-guide

    Looking to learn how to build in Scuttlebutt? There’s currently no canonical resource, but here’s a map of the known archipelago!


  • ssbc/ssb-server The gossip and replication server for Secure Scuttlebutt - a distributed social network
  • ssbc/ssb-minimal-pub-server - A minimal version of ssb-server aimed at pubs
  • ssbc/multiserver A single interface that can work with multiple protocols, and multiple transforms of those protocols (eg, security layer)
  • ssbc/ssb-config standard configuration for ssb





  • ssbc/ssb-keys - keyfile operations for ssb
  • ssbc/ssb-caps - The default “Caps” keys for accessing the SSB protocol using secret handshake
  • ssbc/box2-spec

    This is a spec for encrypting messages to groups of people. Initially it will support communication for large groups which share a public key (secret key cryptography / symmetric keys), but it has also been designed to support forward-secure secret-key cryptography (a little like Signal’s double-ratchet).

  • ssbc/ssb-ephemeral-keys - Methods for encrypting messages with ephemeral keys over Secure Scuttlebutt
  • ssbc/secret-stack - connect peers to each other using secret-handshakes
  • ssbc/ssb-secret-blob - encrypted blobs over ssb protocol
  • ssbc/private-box2 - new message encryption for ssb


  • ssbc/muxrpc - lightweight multiplexed rpc
  • ssbc/muxrpc-validation- Forked from pfrazee/muxrpc-validation Validation library for muxrpc apis
  • ssbc/ssb-plugins

    ssb-plugins is a plugin that provides additional plugin related functionality to a secret-stack instance.

    Without ssb-plugins, plugins can only be loaded explicitly by an ssb-server with the .use() method.

    Generally speaking, this plugin provides the abilility for plugins to be loaded and run as a separate process, with communication over muxrpc.

  • ssbc/muxrpcli - command-line interface to muxrpc servers

    muxrpc aims to provide remote access to any reasonable node.js api remotely. this means it supports both streaming and async operations. pull-streams are used.

    It may seem at first that it would be logically cleaner to separate this into two concerns, multiplexing and request-response. Indeed, we did just that in multilevel combining mux-demux and rpc-stream however, I realized that multiplexing depends on adding framing to incoming messages, and so does rpc. If rpc is implemented as another layer on top of multiplexing, then the rpc messages end up with a second layer of framing too. By implementing one protocol that supports both streams and rpc, we were able to have both features with only a single layer of framing.