Skip to main content
CH VPN

Protocol & Primitives

Public primitives.
Clean-room implementation.

CH VPN uses public cryptographic primitives. The handshake is an IK-pattern Noise construction. The data channel uses authenticated encryption with associated data. Every line of crypto code is ours. We ship no third-party brand.

Protocol CH-VPN/1.01-RTT handshakeFIPS 140-3 path

Default Mode

Modern, auditable,
ready to migrate.

The default crypto suite is selected for auditability, post-quantum migration readiness, and performance on low-power Android handsets. Every primitive is published, documented, and standardized.

Purpose
Primitive
Diffie-Hellman
X25519
AEAD cipher
ChaCha20-Poly1305
Hash
BLAKE2s-256
MAC
BLAKE2s-MAC (keyed)
KDF
BLAKE2s-HKDF-lite
RNG
OS CSPRNG
Handshake pattern
Noise IK (1-RTT)

FIPS 140-3 Mode

Validated module.
Federal-ready path.

Selectable at deployment time. Same handshake layer, same wire format, different primitive bindings. For FedRAMP, DoD, and HIPAA Safe Harbor deployments where validated crypto is mandatory.

Purpose
FIPS Primitive
Diffie-Hellman
P-384 ECDH
AEAD cipher
AES-256-GCM
Hash
SHA-384
MAC
HMAC-SHA-384
KDF
HKDF-SHA-384
RNG
OS CSPRNG + DRBG
Handshake pattern
Noise IK (1-RTT)

Performance

Sustained throughput.

Designed to deliver 100+ Mbps per peer on a low-power Android handset. ChaCha20-Poly1305 with a counter-mode nonce keeps packet overhead at 16 bytes header + 16 bytes MAC.

<100ms
Handshake (warm cache)
1-RTT over a healthy LTE uplink, wall clock.
100+ Mbps
Per-peer throughput
Sustained ChaCha20-Poly1305 on commodity Android.
32B
Packet overhead
16-byte header + 16-byte AEAD tag. Stable across modes.

Revocation

Compromise contained.

An Authority-pushed EmergencyRevoke message fans out to every active peer in under ten seconds. The revoked certificate is rejected immediately. No re-handshake will succeed for a revoked peer.

← Back to CH VPNSee the architecture