This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "GNUnet" – news ·newspapers ·books ·scholar ·JSTOR(April 2019) (Learn how and when to remove this message)

This article needs to beupdated. Please help update this article to reflect recent events or newly available information.(April 2019)

GNUnet
GNUnet with theGTK+ user interface
Developer	GNUnete.V.[1]
Initial release	November 5, 2001; 24 years ago (2001-11-05)
Stable release	0.26.0[2]  / 15 November 2025
Repository	git.gnunet.org/gnunet.git/
Written in	C[3]
Operating system	official:Free software operating systems (Linux,FreeBSD,NetBSD,OpenBSD); unofficial: Other operating systems (OS X,Windows)
Available in	Spanish, English, Russian, German, French
Type	Anonymous P2P,Friend-to-friend
License	2018:AGPL-3.0-or-later[a][4] 2007:GPL-3.0-or-later[b] 2001:GPL-2.0-or-later[c]
Website	gnunet.org

Part ofa series on
File sharing
Technologies File-hosting services Online video platform Peer to peer Usenet Web hosting WebRTC XDCC
Video on demand sites 123Movies Dailymotion PeerTube Putlocker YouTube
BitTorrent sites 1337x BTDigg Demonoid ExtraTorrent EZTV isoHunt FitGirl Repacks KickassTorrents Nyaa Torrents RARBG ruTracker.org TamilRockers The Pirate Bay YIFY YourBittorrent
Academic/scholarly Anna's Archive ICanHazPDF Internet Archive Library Genesis Sci-Hub Shadow library Z-Library
File sharing networks BitTorrent Direct Connect eDonkey Gnutella Gnutella2 Hyphanet I2P Soulseek
P2P clients BitComet DC++ eMule Filetopia μTorrent LimeWire OnionShare qBittorrent Shareaza Transmission Tribler Vuze WinMX
Streaming programs Butter Project Kodi Popcorn Time Torrents-Time
Anonymous file sharing Anonymous P2P Darknet Friend-to-friend Private P2P Proxy server Seedbox VPN
Development and societal aspects Timeline Legality BitTorrent issues
By country or region Canada Japan Singapore UK USA
Comparisons Comparison of BitTorrent clients Comparison of BitTorrent sites Comparison of eDonkey software Comparison of IRC clients Comparison of Usenet newsreaders
v t e

GNUnet is asoftware framework fordecentralized,peer-to-peernetworking and an officialGNU package. The framework offerslink encryption,peer discovery,resource allocation, communication over many transports (such asTCP,UDP,HTTP,HTTPS,WLAN andBluetooth) and various basicpeer-to-peer algorithms forrouting,multicast and network size estimation.^[5][6]

GNUnet's basic network topology is that of amesh network. GNUnet includes adistributed hash table (DHT) which is arandomized variant ofKademlia that can still efficiently route insmall-world networks. GNUnet offers a "F2F topology" option for restricting connections to only the users' trusted friends. The users' friends' own friends (and so on) can then indirectly exchange files with the users' computer, never using its IP address directly.

GNUnet usesUniform resource identifiers (not approved byIANA, although an application has been made).^[when?] GNUnet URIs consist of two major parts: the module and the module specific identifier. A GNUnet URI is of form
gnunet://module/identifier wheremodule is the module name andidentifier is a module specific string.

The primary codebase is written inC, but there arebindings in other languages to produce an API for developing extensions in those languages. GNUnet is part of theGNU Project. It has gained interest in thehacker community after thePRISM revelations.^[7]

GNUnet consists of several subsystems, of which essential ones are Transport and Core subsystems.^[8] Transport subsystem provides insecure link-layer communications, while Core provides peer discovery and encryption.^[9] On top of the core subsystem various applications are built.

GNUnet includes various P2P applications in the main distribution of the framework, including filesharing, chat and VPN; additionally, a few external projects (such as secushare) are also extending the GNUnet infrastructure.

GNUnet is unrelated to the olderGnutella P2P protocol. Gnutella is not an official GNU project, while GNUnet is.^[10]

Originally, GNUnet usedUDP for underlying transport.^[11] The GNUnet transport subsystem were expanded to included additional options, such as TCP and SMTP.^[12] Support for the latter was later dropped due to a lack of maintenance.^[13]

The communication port, officially registered atIANA, is 2086 (tcp +udp).^[14]

GNUnet provides trust system based on an excess-based economic model.^[15] The idea of employing an economic system is taken from theMojoNation network.^[16]

GNUnet network has no trusted entities so it is impossible to maintain a globalreputation. Instead, each peer maintains its owntrust for each of its local links.

When resources, such as bandwidth and CPU time, are in excess, the peer provides them to all requesting neighbors without reducing trust or otherwise charging them. When a node is under stress, it denies requests of those neighbors that it trusts less and charges others by reducing their trust.

The primary application at this point isanonymous,censorship-resistant file-sharing, allowing users to anonymously publish or retrieve information of all kinds. The GNUnet protocol which provides anonymity is called GAP (GNUnet anonymity protocol).^[17] GNUnet FS can additionally make use ofGNU libextractor to automatically annotate shared files withmetadata.

Files shared with GNUnet are ECRS (Encoding for Censorship-Resistant Sharing) coded.^[18]

All content is represented as GBlocks. Each GBlock contains 1024 bytes. There are several types of GBlocks, each of them serves a particular purpose. Any GBlock${\displaystyle B}$ is uniquely identified by itsRIPEMD-160 hash${\displaystyle H(B)}$.

DBlocks store actual file contents and nothing else. File is split at 1024 byte boundaries and resulting chunks are stored in DBlocks. DBlocks are linked together intoMerkle tree by means of IBlocks that store DBlock identifiers.

Blocks are encrypted with a symmetric key derived from${\displaystyle H(B)}$ when they are stored in the network.

GNUnet Anonymity Protocol consists of queries and replies. Depending on load of the forwarding node, messages are forwarded to zero or more nodes.

Queries are used to search for content and request data blocks.

Query contains resource identifier, reply address, priority and TTL (Time-to-Live).

Resource identifier of datum${\displaystyle Q}$ is a triple-hash${\displaystyle H(H(H(Q)))}$.^[19] Peer that replies to query provides${\displaystyle H(H(Q))}$to prove that it indeed has the requested resource without providing${\displaystyle H(Q)}$ to intermediate nodes, so intermediate nodes can't decrypt${\displaystyle Q}$.

Reply address is the major difference compared toFreenet protocol. While in Freenet reply always propagates back using the same path as the query, in GNUnet the path may be shorter. Peer receiving a query may drop it,forward it without rewriting reply address orindirect it by replacing reply address with its own address. By indirecting queries peer providescover traffic for its own queries, while by forwarding them peer avoids being a link in reply propagation and preserves its bandwidth. This feature allows the user to trade anonymity for efficiency. User can specify an anonymity level for each publish, search and download operation. An anonymity level ofzero can be used to select non-anonymous file-sharing. GNUnet's DHT infrastructure is only used if non-anonymous file-sharing is specified. The anonymity level determines how much cover traffic a peer must have to hide the user's own actions.

Priority specifies how much of its trust user wants to spend in case of a resource shortage.

TTL is used to prevent queries from staying in the network for too long.

Thefs moduleidentifier consists of eitherchk,sks,ksk orloc followed by a slash and a category specific value. Most URIs contain hashes, which are encoded inbase32hex.^[20]

• chk identifies files, typically:gnunet://fs/chk/[file hash].[query hash].[file size in bytes]

File hash is the hash of the plaintext file, which allows decrypting it once it is downloaded. Query hash is the hash of topmost GBlock which allows downloading the whole tree of GBlocks that contain encrypted file. File size is required to determine the shape of the tree.

• sks identifies files within namespaces, typically:gnunet://fs/sks/NAMESPACE/IDENTIFIER
• ksk identifies search queries, typically:gnunet://fs/ksk/KEYWORD[+KEYWORD]*
• loc identifies a datum on a specific machine, typically:gnunet://fs/loc/PEER/QUERY.TYPE.KEY.SIZE

A type of GNUnet filesharing URI pointing to a specific copy ofGNU GPL license text:gnunet://fs/chk/9E4MDN4VULE8KJG6U1C8FKH5HA8C5CHSJTILRTTPGK8MJ6VHORERHE68JU8Q0FDTOH1DGLUJ3NLE99N0ML0N9PIBAGKG7MNPBTT6UKG.1I823C58O3LKS24LLI9KB384LH82LGF9GUQRJHACCUINSCQH36SI4NF88CMAET3T3BHI93D4S0M5CC6MVDL1K8GFKVBN69Q6T307U6O.17992

Another type of GNUnet filesharing URI, pointing to the search results of a search with keyword "gpl":gnunet://fs/ksk/gpl

GNUnet includes an implementation of the GNU Name System (GNS), a decentralized and censorship-resistant replacement forDNS. In GNS, each user manages their ownzones and can delegate subdomains to zones managed by other users. Lookups of records defined by other users are performed using GNUnet's DHT.^[21] GNS was standardized inRFC 9498 in 2023. The GANA registry manages the ".alt"top-level domain in GNS.^[22]

GNUnet can tunnel IP traffic over the peer-to-peer network. If necessary, GNUnet can perform IPv4-IPv6protocol translation in the process. GNUnet provides aDNS Application-level gateway to proxy DNS requests and map addresses to the desired address family as necessary. This way, GNUnet offers a possible technology to facilitateIPv6 transition. Furthermore, in combination with GNS, GNUnet's protocol translation system can be used to access hidden services — IP-based services that run locally at some peer in the network and which can only be accessed by resolving a GNS name.

Gabor X Toth published in early September 2013 a thesis^[23] to present the design of asocial messaging service for the GNUnet peer-to-peer framework that offers scalability, extensibility, and end-to-end encrypted communication. The scalability property is achieved through multicast message delivery, while extensibility is made possible by usingPSYC (Protocol for SYnchronous Conferencing), which provides an extensibleRPC (Remote Procedure Call) syntax that can evolve over time without having to upgrade the software on all nodes in the network. Another key feature provided by the PSYC layer are stateful multicast channels, which are used to store e.g. user profiles. End-to-end encrypted communication is provided by the mesh service of GNUnet, upon which the multicast channels are built. Pseudonymous users and social places in the system have cryptographical identities — identified by their public key — these are mapped to human memorable names using GNS (GNU Name System), where each pseudonym has a zone pointing to its places.

That is the required building block for turning the GNUnet framework into a fullypeer-to-peer social networking platform.

A chat has been implemented in the CADET module,^[24] for which aGTK interface forGNOME exists,^[25] specifically designed for the emerging Linux phones (such as theLibrem 5 or thePinePhone).^[26]

• InterPlanetary File System
• Comparison of file-sharing applications
• Synchronous conferencing

• Official website

• GNU Project software
• Free file sharing software
• Anonymity networks
• Anonymous file sharing networks
• Free software programmed in C
• Cross-platform free software
• Software using the GNU Affero General Public License
• Key-based routing

• Webarchive template wayback links
• Articles with short description
• Short description is different from Wikidata
• Articles needing additional references from April 2019
• All articles needing additional references
• Wikipedia articles in need of updating from April 2019
• All Wikipedia articles in need of updating
• All articles with vague or ambiguous time
• Vague or ambiguous time from May 2019