Noise Protocol XX
Relayly uses the Noise Protocol Framework, specifically the XX pattern, for end-to-end encryption.
Why Noise Protocol?
The Noise Protocol is used in production by WireGuard, Signal, WhatsApp, and Lightning Network. It provides:
- Formal security proofs: unlike ad-hoc TLS configurations
- Small codebase: trivial to audit
- No certificate authorities: identity is based on static key pairs, not PKI
XX Pattern
The XX pattern provides mutual authentication, so both parties authenticate each other’s static public keys before sending any application data.
| Property | Detail |
|---|---|
| Handshake | 3 messages |
| Key Exchange | X25519 (Curve25519 Diffie-Hellman) |
| Cipher | ChaChaPoly (ChaCha20 + Poly1305) |
| Hash | SHA-256 |
| Authentication | Mutual (both parties) |
| Forward Secrecy | Yes (ephemeral session keys) |
Public Key Locking
After a device completes its first Noise handshake with the relay, its static public key is “locked” to its device record in the database. Even if the relay server is compromised, an attacker cannot substitute a different public key without manual admin intervention.
This is the Trustless Architecture guarantee: your devices verify each other, not the server.