HTP Protocol

The HookProbe Transport Protocol (HTP) is a lightweight, secure transport layer designed specifically for mesh communication with neural weight binding.

Overview

Property	Value
Port	UDP 8144
Encryption	ChaCha20-Poly1305
Key Binding	Weight fingerprint
NAT Traversal	Heartbeat-based
Message Types	9 core + 9 file ops

Why HTP?

vs QUIC

Feature	QUIC	HTP
Message types	100+	9
Complexity	High	Simple
Auditability	Difficult	Easy
Weight binding	No	Native
HookProbe optimized	No	Yes

Design Goals

Simplicity - Easy to audit and implement
Security - Weight-bound session keys
NAT-friendly - Works behind CGNAT
Lightweight - Minimal overhead

Message Types

Core Messages

class MessageType(Enum):
    HELLO = 0x01       # Edge → Validator: Initiate
    CHALLENGE = 0x02   # Validator → Edge: Challenge
    ATTEST = 0x03      # Edge → Validator: Attestation
    ACCEPT = 0x04      # Validator → Edge: Session accepted
    REJECT = 0x05      # Validator → Edge: Session rejected
    DATA = 0x10        # Bidirectional: Encrypted payload
    HEARTBEAT = 0x20   # Bidirectional: NAT keep-alive
    ACK = 0x21         # Response to DATA/HEARTBEAT
    CLOSE = 0xFF       # Bidirectional: Close session

File Operations

class FileOperation(IntEnum):
    CREATE = 0x30      # Create new file
    READ = 0x31        # Retrieve file
    UPDATE = 0x32      # Update file
    DELETE = 0x33      # Delete file
    STAT = 0x34        # Get metadata
    LIST = 0x35        # List directory
    CHUNK = 0x36       # File data chunk
    COMPLETE = 0x37    # Transfer complete
    ERROR = 0x38       # Operation error

Connection Flow

Edge (behind NAT/CGNAT)               Validator (Cloud)
  │                                        │
  │─── (1) HELLO ─────────────────────────►│
  │   [node_id, W_fingerprint]             │ Check device registry
  │                                        │
  │◄── (2) CHALLENGE ──────────────────────│
  │   [nonce (16 bytes)]                   │
  │                                        │
  │ Sign: Ed25519(nonce + W_fingerprint)   │
  │                                        │
  │─── (3) ATTEST ─────────────────────────►│
  │   [signature (64 bytes)]               │ Verify signature
  │                                        │ Generate session_secret
  │                                        │
  │◄── (4) ACCEPT ──────────────────────────│
  │   [session_secret (32 bytes)]          │
  │                                        │
  │ Derive ChaCha20 key:                   │ Derive same key:
  │ k = SHA256(secret + W_fingerprint)     │ k = SHA256(secret + W_fingerprint)
  │                                        │
  │◄══ (5) DATA (encrypted) ══════════════►│
  │   [TER logs, PoSF signatures]          │
  │                                        │
  │─── (6) HEARTBEAT (every 30s) ─────────►│
  │                                        │
  │◄── (7) ACK ────────────────────────────│

Packet Structure

Header (32 bytes)

┌─────────────────────────────────────────────────────────────┐
│                    HTP HEADER (32 bytes)                     │
├─────────────────────────────────────────────────────────────┤
│ version    (2 bytes): Protocol version (1.0 = 0x0100)       │
│ type       (2 bytes): Message type enum                     │
│ sequence   (4 bytes): Packet sequence number                │
│ timestamp  (4 bytes): Unix timestamp                        │
│ flow_token (8 bytes): Session identifier                    │
│ nonce      (8 bytes): Random nonce for encryption           │
│ flags      (4 bytes): Message flags                         │
└─────────────────────────────────────────────────────────────┘

Resonance Layer (64 bytes)

┌─────────────────────────────────────────────────────────────┐
│                 RESONANCE LAYER (64 bytes)                   │
├─────────────────────────────────────────────────────────────┤
│ RDV        (32 bytes): Resonance Derived Value              │
│ PoSF       (32 bytes): Proof-of-Sensor-Fusion signature     │
└─────────────────────────────────────────────────────────────┘

Payload

┌─────────────────────────────────────────────────────────────┐
│                      PAYLOAD SECTION                         │
├─────────────────────────────────────────────────────────────┤
│ payload_length (4 bytes): Length of encrypted data          │
│ payload        (variable): ChaCha20-Poly1305 encrypted      │
└─────────────────────────────────────────────────────────────┘

Key Derivation

Session Key

def derive_session_key(session_secret: bytes, w_fingerprint: bytes) -> bytes:
    """
    Derive ChaCha20 key from session secret and weight fingerprint.

    The weight fingerprint binds the key to the device's neural state.
    """
    return SHA256(session_secret + w_fingerprint)

Weight Fingerprint

def compute_weight_fingerprint(weights: NeuralWeights) -> bytes:
    """
    SHA-512 hash of current neural network weights.

    Changes if:
    - System is compromised (integrity change)
    - Time passes (TER-driven evolution)
    - Tampering occurs
    """
    serialized = weights.serialize_deterministic()
    return SHA512(serialized)

NAT Traversal

Heartbeat Mechanism

# Edge sends heartbeat every 30 seconds
while session.active:
    await session.send(MessageType.HEARTBEAT)
    await asyncio.sleep(30)

NAT Binding

NAT Type	Binding Timeout	Heartbeat Interval
Full Cone	5+ minutes	60s
Restricted	2 minutes	30s
Symmetric	30 seconds	15s
CGNAT	Variable	30s (default)

File Transfer

CRUD Operations

from htp_file import HTPFileTransfer

async with HTPFileTransfer(session) as ft:
    # Create
    await ft.create('/path/file.txt', b'content')

    # Read
    data = await ft.read('/path/file.txt')

    # Update
    await ft.update('/path/file.txt', b'new content')

    # Delete
    await ft.delete('/path/file.txt')

    # Metadata
    stat = await ft.stat('/path/file.txt')

    # List directory
    entries = await ft.list('/path/')

File Header (16 bytes)

file_op     (1 byte):  Operation enum
flags       (1 byte):  Compression, atomic write
chunk_index (2 bytes): Current chunk (0-65535)
file_id     (4 bytes): Transfer ID
total_chunks(4 bytes): Total chunks
file_hash   (4 bytes): First 4 bytes of SHA256

Security Features

Feature	Description
Chunk size	8KB default (tunable)
Integrity	SHA256 verification
Compression	Optional zlib
Path safety	Traversal prevention
Extension filter	Whitelist-based
Atomic write	Temp file + rename
Max size	1GB default
Concurrency	16 transfers max

Security Properties

Key Binding

Session keys are bound to:

Session secret - Generated by validator
Weight fingerprint - Device’s neural state
Timestamp - Prevents replay

Compromise Detection

If a device is compromised:

Integrity hash changes
Weight evolution diverges
Weight fingerprint changes
Session key derivation differs
Connection fails or is rejected

Forward Secrecy

Each session uses a new:

Session secret (from validator)
Nonce (per packet)
Derived key (from fingerprint)

Implementation

Client Usage

from htp import HTPClient

async def main():
    client = HTPClient(
        validator="validator.hookprobe.mesh:8144",
        node_id="edge-12345",
        private_key=load_key()
    )

    async with client.connect() as session:
        # Send TER logs
        await session.send_data(ter_logs)

        # Receive model updates
        updates = await session.receive()

Error Handling

class HTPError(Exception): pass
class AuthenticationError(HTPError): pass
class ResonanceError(HTPError): pass
class SessionExpired(HTPError): pass

2026 Roadmap

Enhancement	Purpose	Status
Neural Trust Scoring	Continuous trust (0.0-1.0)	Planned Q1
Adaptive Polymorphism	BURST/SWARM/GHOST modes	Planned Q1
Jitter Injection	Anti-surveillance timing	Planned Q1
Energy-Aware Routing	Battery management	Planned Q1
Witness Verification	Anti-hallucination BLS	Planned Q2

Configuration

htp:
  port: 8144
  heartbeat_interval: 30
  session_timeout: 300
  max_packet_size: 65535
  encryption: chacha20-poly1305
  compression: zlib  # optional

Next Steps

NEURO Protocol - Neural resonance details
DSM Protocol - Consensus mechanism
Architecture - System overview