Reach is an end-to-end encrypted communication platform that enables collaborative groups to safely receive information and requests from anonymous individuals and securely respond to them. The system is specifically engineered to address the security challenges faced by organizations and collectives that need to protect both themselves and their anonymous contacts.

The project expands on established whistleblowing system principles to serve a broader purpose. Reach evolved from SecureDrop's end-to-end encryption research (to which it contributed valuable insights). It targets a wider audience than GlobaLeaks while implementing stronger security measures than Hush Line to handle more sophisticated threat models.

Warning

Reach is currently in pre-alpha stage. The code in this repository is not ready for deployment, and neither the underlying protocol nor the codebase has undergone independent security review. Current documentation focuses primarily on information for developers. To follow the project's progress, you can follow @reach@floss.social to find out about its progress.

What's what? Repository structure

Reach's architecture is designed to anticipate diverse usage scenarios, resulting in a multi-component structure even in its early development stage:

End-User Applications

• reachable-app/: The Reachable Application is a Tauri, Gleam and Lustre based desktop app enabling reachable peers to manage and respond to messages.

• reaching-app/: The Reaching Application is a browser-based single-page application built with Gleam and Lustre, allows anonymous individuals to contact reachable peers.

• attestant/: The Reach Attestant command-line tool that handles administrative tasks including deployment preparation and peer onboarding/offboarding.

Service Components

• node/: Implements Reachable Nodes - the central communication hubs that include Server Nodes (exposed via Tor Onion Services) and Peer Nodes (accessible only to onboarded reachable peers through authenticated Onion Services).

• secrets/: The Reachable Secrets service manages key generation, encryption key signing, and encryption/decryption of message vaults for reachable peers.

• reaching-app/src-wasm/: The Reaching Link is a Wasm library used by the Reaching Application to handle passphrase generation, key derivation, encryption/decryption and encoding/decoding.

Common Libraries

• common/aliases/: Type aliases (and wrapper types) used across all Rust components.

• common/core/gleam/: Shared types and functions for Gleam-based frontends.

• common/core/rust/: Shared data structures and functionality used (primarily) by end-user applications and service components.

• common/ecdh-omr/: ECDH-based Oblivious Message Retrieval implementation - a core protocol component (reusable in other projects).

• common/encryption/: Encryption and decryption functionality used by service components and some end-user applications.

• common/passphrase/: Generates passphrases from word lists, and provides deterministic key generation infrastructure.

• common/rotating-bloom-filter/: Bloom filter variant with automatic rotation for recent membership testing.

• common/signatures/: Generic trait implementations for signing and verification.

• common/ui/: Shared Lustre UI components used by the Reachable and Reaching applications.

• common/visual-key-identity/: Emoji mapping system that replaces traditional alpha-numeric hashes with visual elements for more user-friendly key verification.

• common/websocket/: Generic implementations for strongly typed automatically decoding/encoding WebSocket clients and servers.

Development Support

• common/harness/: Rust test harness for component testing.

• common/proc-macros/: Procedural macros that generate code for fundamental data structures.

• tests/: Integration tests for the Rust portion of the project.

• test-bin/: Command-line applications to aid testing and developing service components.

Development

This project uses a Nix flakes based development shell to help developers share a predictable environment with all the prerequisite tooling installed to get right to work. To use it, we recommend to install the (delicious) Lix implementation of the Nix package manager. Lix provides install and upgrade instructions for your respective configuration.

To enable flakes, either enable it via the Lix installer, or the following line to your nix.conf (found in /etc/nix/ or ~/.config/nix/):

experimental-features = nix-command flakes

The Nix flake will set up all the tools Reach relies on (in no particular order): Rust, Gleam, just, wasm-pack, REUSE, protoc, etc.

Note

For Nix sceptics and the impatient, we also provide a container based setup (compatible with Podman and Docker) that can be used by installing just and running $ just containerized help.

Getting Started

Once you installed Nix, you can enter the development shell by running the following command in the root directory of the repository:

$ nix develop .

It's strongly encouraged for you to run just repo-config as a next step to set up and configure Git hooks that are also managed by the repository itself.

If you already installed just through your regular package manager, you can also run just develop from anywhere in the repository, which will trigger the repo-config recipe before dropping you into the development shell.

Running just help will give you an overview of which recipes exist and what they do:

$ just help
Welcome to Reach's development justfile 👋
Don’t forget to read CONTRIBUTING.md before you start ✨
Available recipes:
Available recipes:
    audit                              # 🧐 Check if any of this project's dependencies have advisories on rustsec.org
    build                              # 🚀 Build everything
    build-attestant                    # 🖋️ Build reach-attestant and reach-core with the attestant feature enabled
[…]

Contributing

If you would like to contribute to Reach (❤️) please refer to the CONTRIBUTING.md document to get familiar with the conventions that are expected by the project. Thank you for taking the time!

Credits

Reach was originally derived from and contributed to research into the Next Generation End-to-End Encrypted Design of SecureDrop by Giulio B. of Freedom of the Press Foundation, @smaury and Davide @TheZero of Shielder as well as the SecureDrop Team. Additional credits go to Olivia M. for pointing out and insisting on the inevitability of Asymmetric Forward/Backward Secrecy, and @redshiftzero for prior art, as well as countless of people who provided us with feedback. This list will expand.

Early contributors (❤️) to Reach include:

• @mgoldenberg
• @schlink
• @gonzalo-bulnes

Reach was initiated by @eaon