Noise Protocol: A Minimal and Modular Cryptographic Tool
Been working with the Noise protocol recently — here’s a quick breakdown of what it does and how it works under the hood.
Noise is a small framework for building secure handshakes. It’s not a full protocol like TLS, more like a toolkit to define your own. It handles the initial key exchange, identity/auth, and gives you encrypted transport keys after the handshake. That’s it. No certificates, no extensions, no middleboxes.
Each handshake in Noise is built using a "pattern" — I’ve been using XX and NX. These define how the keys are exchanged:
* XX: both sides are anonymous, and exchange keys during handshake.
* NX: responder has a static pubkey, initiator is ephemeral (closer to client-server flows like SV2).
Behind the scenes, these patterns are just sequences of Diffie-Hellman operations between the parties' keys (ephemeral and static), and the handshake hash is updated after each message. Once complete, both sides split the final hash into two symmetric cipherstates, and that’s what’s used to encrypt transport messages.
All operations are constant-time. I’m using the `noise-c` library, which supports `Noise_XX_25519_ChaChaPoly_BLAKE2s` (or SHA256 if you tweak the suite string). Noise defines the handshake state machine, but the crypto primitives are pluggable.
The nice part is that everything’s deterministic and testable. Given the same inputs, the handshake always produces the same shared keys. It’s all pure key material — no ASN.1, no PEMs, no handshake extensions to worry about.
In the next post, I’ll show a tiny C implementation that wraps a Noise handshake (XX or NX), and exchanges Stratum V2 `SetupConnection` messages post-handshake. Useful for testing your own SV2 client/server implementations.
#noiseprotocol #cryptography #infosec #keyexchange #stratumv2 #miningprotocol #cprogramming #protocolengineering #decentralization #bitcoin #nostrdev #datumgateway #DLT #securecommunication #networkprotocols
Replies (1)
🧪 Part 2: Minimal Stratum V2 Handshake (Noise XX/NX + SetupConnection)
Following up on the Noise Protocol intro — here's a small, self-contained C implementation that performs a Noise handshake (XX or NX) and exchanges Stratum V2 SetupConnection messages immediately after.
It’s built to test client/server handshake logic without needing full SV2 support or encryption on the transport layer (yet).
Just Noise + SetupConnection, using raw TCP with framed messages.
🔧 What’s included:
Minimal “pool server” (sv2_pool_server.c) that:
Accepts TCP connections
Completes a Noise handshake (XX by default, NX optional via --nx)
Decodes a SetupConnection message and responds with SetupConnection.Success
Matching client (noise_client.c) that:
Connects to the pool
Runs Noise handshake
Sends a valid SetupConnection payload
Handshake and transport logic is handled using noise-c — clean, constant-time, and easy to audit.
🔐 Handshake Patterns:
XX: Both parties are anonymous; ephemeral key exchange on both sides.
NX: Server has a static key; client is ephemeral (more realistic for mining pools).
These map directly to Noise patterns (Noise_XX_25519_ChaChaPoly_BLAKE2s) and can be swapped via --xx / --nx.
🧰 Framing and Messages:
Transport uses simple framing: uint16_be length prefix + payload.
After handshake, we send:
SetupConnection (client → server)
SetupConnection.Success (server → client)
These are built using SV2 helpers (sv2_common.[ch], sv2_wire.[ch]) to encode/decode the frames.
🔄 Example Usage:
Start the pool server:
./sv2_pool_server -l 0.0.0.0:3334 --prologue STRATUM/2 --sk <hex-secret>
Start the client:
./noise_client -l 127.0.0.1:3334 --prologue STRATUM/2
Both ends should print confirmation of the handshake and the SetupConnection exchange.
🚫 What's intentionally missing (for now):
No full SV2 session yet (no channel open, no job distribution)
No post-handshake encryption of transport messages
No persistent session keys or reconnection logic
This is by design — the goal is to test handshakes + basic SV2 flows before introducing more complexity. Once the handshake layer is stable, you can drop in encrypted transport using sv2_noise_send_transport() and sv2_noise_recv_transport() provided in the demo.
💡 I’m using this for testing SV2 client implementations and validating message formats over raw TCP before wiring into a full miner or pool stack.
This is all part of adding SV2 mining protocol support to Datum gateway.
I already have a SV1 to SV2 translator. Now adding SV2 server features.
#noiseprotocol #stratumv2 #miningprotocol #bitcoinmining #handshake #cryptography #protocoltesting #cprogramming #securecommunications #nostrdev #decentralization #packetengineering #DLT
nostr:nevent1qvzqqqqqqypzq59aa2xs9z3t8jxr6jt9c7zpg9xa59agm2akp8vv62784cqjstrfqythwumn8ghj7un9d3shjtnwdaehgu3wvfskuep0qythwumn8ghj7cnfw33k76twv4ezuum0vd5kzmp0qy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qpqacaj5nwru0fw2ea0tsm8l5hf75scca43nf4s8e556lkn8nqm8hpqtwfrff