This paper describes a network that builds security directly into the transport layer, rather than leaving encryption to individual applications. Every node generates a cryptographic key pair, and the public key is mathematically hashed to produce its IPv6 network address. No central authority assigns addresses. Identity and address are the same thing by construction.
Today's internet assigns IP addresses through registries, routes traffic through many untrusted machines, and relies on certificate authorities to establish identity. Even encrypted traffic reveals who is talking to whom. The paper argues these structural choices create permanent exposure to surveillance, censorship, BGP hijacking, and impersonation — problems that layers of retrofitted security (TLS, IPsec, DNSSEC) cannot fully fix because the underlying infrastructure remains untrusted.
Each node generates a Curve25519 key pair. The public key is double-hashed with SHA-512, and the result becomes the node's IPv6 address in the fc00::/8 range. This means an address cannot be faked without the corresponding private key, there is no address registry, and connecting to an address is simultaneously connecting to a verified cryptographic identity. The white paper calls this the collapse of "where" and "who" into a single property.
Nodes connect to trusted peers and exchange routing information. Route discovery uses a distributed hash table (DHT) based on Kademlia, with routing table entries organized by XOR distance in key-space. This gives O(log N) scaling — each node needs only a logarithmic number of entries to reach any other node. Packets travel hop-by-hop through encrypted tunnels, with switch labels encoding the path at each step.
Encryption is mandatory and universal. All links use Curve25519 key agreement with Salsa20/Poly1305 authenticated encryption. Ephemeral session keys provide forward secrecy: compromising a node's permanent private key does not expose past sessions. Packet authentication means any modification in transit is detected and silently dropped.
This prevents spoofing, man-in-the-middle attacks, address hijacking, and route poisoning.
The system provides no anonymity. An observer monitoring UDP traffic can identify cjdns participants, measure their peering relationships, and analyze traffic timing and volume. The white paper explicitly states that for anonymity requirements, cjdns should be layered with Tor or I2P. This is the most commonly misunderstood aspect of the system.
Peering is social and local. Nodes choose who to peer with and exchange credentials directly. There is no global authority. Legitimacy is established by cryptography and personal peering relationships, which makes the network resistant to mass control but places responsibility on each operator.
The current internet assumes infrastructure is neutral and security should be added on top. cjdns assumes infrastructure is hostile and security must be native. The design principle is: encrypt first, then route — not the reverse.
No central servers, no address authorities, built-in mandatory encryption, forward secrecy, cryptographic identity binding, resistance to censorship, and compatibility with any existing IPv6 application without modification.
No anonymity, moderate throughput ceiling (100–400 Mbps; no AES-NI acceleration), complex setup requiring technical users, small user base, no offline message delivery, requires manual peering relationships, and development activity has declined significantly since 2016.
The paper treats network design as a political and social problem. Centralized systems are treated as structurally prone to eventual abuse. The goal is not convenience but survivability under adversarial conditions — replacing institutional trust with mathematical trust.
This is not an improved version of the current internet. It is a parallel network built on different assumptions: no central ownership, no address control, no unencrypted transport, and no easy surveillance. It performs best where infrastructure cannot be trusted, and least well where convenience and anonymity both matter. For strong anonymity, it must be combined with Tor or a comparable system.