Abstract
Real-time peer-to-peer communication in web browsers typically relies on centralized signaling servers, creating single points of failure, privacy vulnerabilities, and censorship risks. We present WebRTC Swarms, a fully decentralized signaling architecture integrated into GRIDNET OS that combines onion-routed relay circuits with designated verifier zero-knowledge authentication and cryptoeconomic incentives. The proposed system empowers peers to discover and connect without exposing identities or IP addresses through an overlay of incentivized full nodes that carry signaling traffic using transmission tokens. We introduce a MAC-based designated verifier ZK authentication protocol allowing peers sharing a pre-shared key to mutually authenticate without revealing the key, ensuring only authorized participants can join sessions while preserving unlinkability to outsiders across sessions. Through formal verification using TLA+, we prove key safety and liveness properties of both the signaling protocol and the authentication mechanism. Empirical evaluation demonstrates near-100% NAT traversal success via incentivized decentralized TURN relaying (compared to approximately 85% for STUN-only approaches), join latencies under 2 s for swarms of dozens of peers, and strong resilience against Sybil and denial-of-service attacks through token-based rate limiting. Our work represents the first practical integration of decentralized WebRTC signaling with designated verifier cryptographic authentication and built-in economic incentives, providing a privacy-first substrate for secure, community-governed communication networks.