2026-07-02 –, Amphitheater 122
We present KeibiDrop, an open-source (MPL 2.0) peer-to-peer file transfer tool that provides end-to-end encryption using a hybrid post-quantum key exchange (ML-KEM-1024 + X25519) with ChaCha20-Poly1305 at the transport layer. KeibiDrop operates over direct IPv6 connections with no cloud intermediary, no STUN/TURN servers, and no persistent metadata. The relay server is treated as an untrusted blind intermediary: it sees only opaque lookup keys and encrypted blobs, and cannot correlate users or decrypt content. We discuss the cryptographic design, the privacy model, the trade-offs of an IPv6-only architecture, and the practical challenges of mounting remote files as a local FUSE filesystem with forward secrecy via automatic re-keying. A live demonstration accompanies the talk.
KeibiDrop addresses a concrete problem: transferring files between two devices without trusting a third party. Existing solutions make trade-offs: cloud storage (Google Drive, Dropbox) requires trusting the provider; tools like croc and Magic Wormhole relay traffic through servers that see both peers' IP addresses and lack post-quantum resistance; platform-native solutions (AirDrop, Nearby Share) are locked to specific ecosystems. KeibiDrop works across any combination of macOS, Linux, Windows, and mobile (iOS/Android via gomobile), with or without FUSE - the filesystem layer is optional, not required, but very fun to use. The desktop UI is built with Slint and bound in Rust; the total binary size is 20 MB.
Cryptographic design. KeibiDrop implements a hybrid key exchange combining ML-KEM-1024 (NIST FIPS 203, Security Category 5) with X25519, deriving session keys via HKDF-SHA512. Key pairs are ephemeral: generated fresh each session and never persisted to disk. Peer authenticity is established through out-of-band fingerprint exchange: each peer's fingerprint is a SHA-512 hash over its ephemeral public keys (X25519 || ML-KEM), shared via a trusted channel (e.g. Signal, in person, QR code). During the handshake, the received public keys are verified against the registered fingerprint using constant-time comparison before any session key is derived. No certificate authority, no long-lived keys — if the fingerprint does not match, the handshake is rejected. The transport layer uses ChaCha20-Poly1305 AEAD with counter-based nonces and direction-separated prefixes to prevent nonce reuse. Automatic session re-keying triggers every 1 GB or approximately one million messages, providing forward secrecy by discarding old key material.
Relay privacy model. The relay server facilitates peer discovery only. Registered keys are held in memory for 10 minutes and then discarded - nothing is persisted. Registration data (fingerprints, public keys, IP addresses) is encrypted client-side before upload. The relay stores only lookup_key -> encrypted_blob, where the lookup key is derived via HKDF from a room password shared out-of-band. The relay cannot reverse-engineer fingerprints, decrypt registration blobs, or correlate sessions across rooms. The relay operator sees IPv4 source addresses in access logs, but has no access to the encrypted content or the identities behind it. We present the threat model and the test suite that validates these privacy guarantees.
IPv6-only architecture. KeibiDrop deliberately avoids STUN/TURN/UPnP to prevent IP metadata leakage to third-party NAT traversal infrastructure. This is a privacy-first design choice with real trade-offs: it requires globally routable IPv6 on both peers. We discuss why this trade-off is defensible for privacy-sensitive use cases and what it costs in practice, including the challenges we encountered deploying across consumer ISPs.
FUSE filesystem integration. Remote files appear as a mounted local filesystem with lazy loading, enabling real-time access without downloading entire files upfront. We cover the practical challenges of building a secure FUSE filesystem: macFUSE versus fuse3 versus WinFSP behavioral differences, direct_io for write operations, deadlock prevention in the VFS layer, and cross-platform support across macOS, Linux, and Windows.
Live demonstration. Two laptops, one room. Files transferred with post-quantum encryption.
The talk targets security practitioners, privacy engineers, and contributors to free software who want to understand practical post-quantum cryptography deployment, privacy-preserving protocol design, and the engineering reality of building encrypted file transfer tools.
Marius-Florin Cristian is a computer scientist and the author of KeibiDrop, an open-source post-quantum encrypted file transfer tool. He holds a CISSP certification and a Master's degree in Computer Science from the University of Copenhagen (DIKU), where his thesis addressed the minimum spanning tree problem in the context of linear-time complexity. He served as CISO at two B2B SaaS startups in Copenhagen---Krizo.io and Omnio.net---where he built cybersecurity programs from scratch (ISO 27001 ISMS, NIST RMF/800-53, risk management) while simultaneously contributing to product development (Haskell at Krizo, Rust at Omnio), managing DevOps and Kubernetes infrastructure, and shipping features in sprints---both acquired within two years of his joining. After Omnio's acquisition by IBM, he worked briefly as a Senior Cybersecurity Specialist at IBM before moving to Romania to build KeibiSoft full-time. He works across the full stack---from cryptographic protocol design and threat modeling to systems programming and infrastructure---doing whatever it takes to ship.