This encryption protocol is meant as a simpler replacement for TLS in the context of the `gemini://` protocol (<a href="https://gemini.circumlunar.space/" rel="nofollow">https://gemini.circumlunar.space/</a>), a newer `gopher://` alternative, which basically provides a simpler HTTP `GET`-only alternative.<p>Simpler means both "simpler to implement" (only having `libsodium` as a dependency) and "simpler to comprehend". (However it can be used for any other message-based protocol, not strictly request-reply.)<p>I'm submitting it here in the hope that anyone with a strong cryptographic background can provide some insight into any weaknesses or improvements. (Or alternatively pointers where I could ask this question.)<p>Please note that I have limited cryptography experience, but I am well aware that "rolling your own crypto" is an extremely stupid idea. However I didn't "invent" any new cryptographic primitives, but instead relied heavily on what `libsodium` provides. Moreover I've looked at both the Noise protocol and CurveCP and I think I got 25% of their internal workings and properties. :)<p>I think the best solution would have been Noise_XX, however implementing the full protocol is quite involving, thus it doesn't check the "simpler to implement" (and neither "simpler to comprehend") checkbox.<p>There is also a Python-based proof-of-concept that implements the above protocol:<p>* <a href="https://github.com/cipriancraciun/gemini-experiments/blob/master/nacl/sources/transport.py" rel="nofollow">https://github.com/cipriancraciun/gemini-experiments/blob/ma...</a><p>* <a href="https://github.com/cipriancraciun/gemini-experiments/blob/master/nacl/sources/crypto.py" rel="nofollow">https://github.com/cipriancraciun/gemini-experiments/blob/ma...</a><p>Thanks,
Ciprian.