Skip to content

Project Overview

Jump to bottom
Gregory edited this page May 16, 2026 · 5 revisions

Group Protocol Stack is a layered, end-to-end encrypted group-messaging protocol family built on top of MLS (RFC 9420).

What problem does it solve?

Existing group-messaging solutions either bolt encryption on top of transport-level primitives or rely on a trusted server for key distribution. Group Protocol Stack inverts this: the cryptographic group-membership layer (MLS) is the foundation, and all transport framing, replay protection, and stream multiplexing sit above it — so even the delivery server is treated as untrusted.

Protocol layers

┌── application ────────────────────────────────────────────────┐
│   GTP · GAP · GSP    (text / audio / signalling semantics)    │
├───────────────────────────────────────────────────────────────┤
│   GBP                (base: frames, AEAD, replay, FSM)        │
├───────────────────────────────────────────────────────────────┤
│   MLS (RFC 9420)     (group key agreement and exporter)       │
└───────────────────────────────────────────────────────────────┘

The design is intentionally analogous to the Internet protocol suite — GBP plays the role of IP, while GTP/GAP/GSP play the role of TCP, UDP, and SCTP.

Protocol Full name Responsibility
GBP Group Base Protocol Framing, AEAD encryption, replay window, FSM, control plane
GTP Group Text Protocol Text messages, delivery history, read watermarks
GAP Group Audio Protocol Opus audio streams, jitter buffer, SFrame E2EE
GSP Group Signaling Protocol Signalling, roles, capability negotiation

Key properties

  • End-to-end encrypted — payloads are AEAD-encrypted with keys derived by MLS; the Delivery Service sees only ciphertext.
  • Replay-protected — every stream maintains a per-member replay window; duplicate or replayed frames are rejected.
  • Epoch-safe — membership changes drive MLS epoch transitions; GBP enforces commit ordering via a coordinator-based control plane.
  • Stream-multiplexed — four stream classes (control / audio / text / signal) share one QUIC connection with independent congestion domains.

Implementations and packages

The reference implementation is a Rust workspace. The same protocol is published from one source tree to every major package manager, with pre-built native binaries for win-x64, win-arm64, linux-x64, linux-arm64, osx-x64, osx-arm64.

Language Package
Rust gbp-stack
.NET GBPStack
Python gbp-stack
Node.js @voluntas-progressus/gbp-stack

Specifications

Protocol specifications live in docs/ — English in docs/en/, Russian in docs/ru/.

The protocols are at Internet-Draft stage (Standards Track intent).

Current status

GitHub release GitHub release date GitHub Issues GitHub Discussions

Clone this wiki locally