Cryptography & Secure Handshake

Information

  • Node Identity: Ed25519 keypair per node (published on-chain). Ephemeral X25519 keys per session for forward secrecy.

  • Hashing: BLAKE3 for local metering; SHA-256 for cross-chain compatibility.

  • AEAD: AES-GCM or ChaCha20-Poly1305 for authenticated encryption.

  • KDF: HKDF-SHA256 to derive session keys.

  • MAC: HMAC-SHA256 for off-path telemetry integrity.

Handshake Process

  • Discovery via Intelligent DNS with node IDs.

  • QUIC/TLS 1.3 establishes encrypted streams.

  • Application Identity Bind with signed Ed25519 proofs.

  • Ephemeral X25519 exchange with HKDF derivation.

  • Optional double-encryption via overlay AEAD.

Data Transmission Privacy

  • Default: QUIC/TLS 1.3 AEAD per hop.

  • Optional: End-to-end AEAD overlay so intermediate lightnodes only relay ciphertext.

  • Zero-copy Rust pipeline preserves encryption until final processing point.

PreviousTechnology Stack & ProtocolsNextProof-of-Transmission (TEE-Based)

Last updated