The Sovereign Tech Fund is now part of the Sovereign Tech Agency.

Pendulum

Providing accurate time on millions of devices and networks fundamental to the internet and other critical infrastructure.

Key facts

Status:
Current
Investment Amount
€449,850.00
Investment Year(s)
2023, 2024

The Network Time Protocol (NTP) and Precision Time Protocol (PTP) provide accurate and reliable time on millions of phones, PCs, and servers. These two protocols are vital building blocks of the internet and other critical infrastructure. They are used everywhere, but particularly significant in finance and broadcasting, in our power grids and telecommunication, and in security protocols.

Project Pendulum, an initiative of Tweede golf, is building modern, open-source implementations of NTP and PTP. The software ntpd-rs is an NTP implementation written in Rust, with a focus on security and stability. It includes client and server functionality and supports Network Time Security (NTS). Statime aims to provide a memory-safe implementation of PTP in Rust.

Why is this important?

Accurate time is at the core of any machine or network communication. Applications and tools from data backups to messaging or video conferencing rely on precise timing, both between servers and across multiple networks. Creating secure implementations of the Network Time Protocol (NTP) and Precision Time Protocol (PTP) is critically important. Inaccurate and imprecise time can lead to security, performance, and availability issues.

There are currently only three complete open source implementations of NTP, and just one for PTP. These implementations are maintained by single individuals or small groups of people. Developing new implementations of NTP and PTP as part of Project Pendulum provides solid alternatives should the other implementations become vulnerable.

For the internet, NTP is particularly relevant. It ensures that time on (public) networks is synchronized, and underpins security protocols. For individual users, one familiar use-case is in two-factor authentication, where one-time codes are only valid for a set amount of time.

A recent article “An open infrastructure for sub-millisecond internet time” by SIDN Labs explains:

“Time is crucial for an increasingly wide range of internet applications and services. For example, internet security protocols like TLS (secures end-to-end communication), DNSSEC (secures domain name to IP address mappings), and RPKI (secures routes across the internet) cannot function without accurate time, nor can a function such as domain name registration. Time also plays a crucial role in critical infrastructures, which increasingly use the internet and its protocols for their communications.”

Beyond the benefit to individual users, public institutions expressed support for this work: the Interdisciplinary Hub for Security; Privacy and Data Governance at Radboud University; and VSL, the Dutch Meteorology Institute which is responsible for the Dutch national time standard. The Linux distributions Fedora and Debian are interested in using ntpd-rs. Furthermore, industry users also plan to adopt ntpd-rs, the memory-safe open source implementation of NTP. This includes Let’s Encrypt, whose 250 million digital certificates enabling HTTPS on websites depend on time synchronization through Let’s Encrypt’s servers. Cloud providers such as Cloudflare, Automattic, and AWS have also expressed interest.

What are we supporting?

  1. Development and Stabilization:
    • Releasing end-user ready version of ntpd-rs with improved stability, observability, and configuration.
    • Releasing PTP functionality for Linux through Statime.
    • Contributing to the NTPv5 standard, implementing the draft specification, and improving the custom clock algorithm based on Kalman filters.
  2. Adoption and Visibility:
    • Promoting adoption by improving packaging and documentation, conducting market research, and showcasing performance and statistics.
    • Blog posts, talks, and documentation on the benefits of using memory-safe versions of PTP and NTP.
    • Exploring the establishment of an NTS (Network Time Security) pool to facilitate the adoption of NTS.
  3. Maintenance and Community Support:
    • Ensuring ongoing maintenance of both Statime and ntpd-rs by responding to issues, updating documentation, and performing regular releases.
    • Transferring knowledge to contributors and fostering community engagement.
    • Seeking structural financial support from industry companies to sustain the projects in the long term.

These work areas encompass various aspects of software development, adoption, maintenance, and community support necessary for the success and stability of ntpd-rs and Statime.

More technologies

All technologies