Expand description
Unified Phantom Handshake Protocol
Combines PQC security (Hybrid KEM/Sign) with Staged state machine for optimistic start, Early Data, and 0-RTT resumption.
Structs§
- Client
Hello - Client hello message (initiates handshake).
- Handshake
Client - Handshake Client State Machine
- Handshake
Server - Handshake Server State Machine
- Hello
Retry Request - Hello Retry Request (Server demands PoW or Cookie)
- Server
Hello - Server hello message (response to ClientHello)
- Server
Reject - Typed handshake rejection the server returns instead of silently dropping
the connection when it structurally cannot satisfy a
ClientHello— today, an unknownversion. It gives a forward/backward-incompatible peer an actionable signal (the version the server speaks) rather than a bare connection reset.
Enums§
- Handshake
Error - Handshake
Response - Server response to ClientHello
- Handshake
Stage
Constants§
- EARLY_
DATA_ MAX_ LEN - Maximum 0-RTT early-data plaintext, in bytes. The client constructor rejects a larger payload; the server drops an oversized blob and continues as a normal 1-RTT handshake. Caps the work an unauthenticated peer can force before the handshake completes.
- PROTOCOL_
VARIANT - Handshake processing stages
Compile-time protocol-variant tag, baked into every
ClientHello(cleartext field) and the signed handshake transcript. Peers reject mismatched variants up front withHandshakeError::ProtocolVariantMismatch; even an attacker who rewrites the cleartext field cannot escape detection because the transcript signature is computed over the build’s own variant. - PROTOCOL_
VERSION - The sole protocol version carried in
ClientHello.versionand bound into the handshake transcript. Pinned to one value — the protocol is not negotiated (pre-1.0, no users). It is a tamper-check anchor and a hook for a future, deliberate version increment. - REJECT_
UNSUPPORTED_ VERSION ServerReject::code: the client’sClientHello.versionis one this server does not speak.supported_versioncarries the version it does speak.- SERVER_
REJECT_ MARKER - Marker leading a
ServerRejectframe. The client disambiguates the three possible server replies by trial-deserialization; the marker (plus the fixed, tiny size of a reject vs. the multi-KiBServerHello) makes a reject unmistakable and immune to a false-positive parse as aHelloRetryRequest.