Reticulum creates Ed25519 keypairs that exist only within Reticulum. Meshtastic assigns device IDs that live only on the hardware. BitChat maintains separate Noise keys for mesh routing even while using Nostr for internet fallback. Run multiple protocols, and you manage multiple identity systems, each isolated from the others. FIPS breaks this pattern by collapsing the identity layer: one keypair for social messages and network routing.
@Johnathan Corgan, the creator of FIPS, brings credentials from a different corner of the open-source world. He served as Chief Architect of GNU Radio from 2016 to 2018 and contributed the addrindex patch that made Counterparty possible on Bitcoin. His background in software-defined radio and protocol design shows in the technical choices that shape FIPS. FIPS synthesizes techniques with long track records: spanning tree self-organization from IEEE 802.1D dating to 1985 and tree coordinate routing adapted from Yggdrasil's Ironwood library, secured by the Noise Protocol Framework.
Identity architecture is the core innovation. In FIPS, your secp256k1 keypair generates multiple related identifiers: the public key handles cryptographic operations during handshakes, while a sixteen-byte SHA-256 hash of that key becomes your node_addr, the routing identifier visible in packet headers. That same hash maps to an IPv6 address in the fd00::/8 range for compatibility with standard IP applications through a TUN adapter. Intermediate routers forward traffic using only the hashed node_addr, never learning your actual public key or Nostr identity. The routing layer sees opaque addresses; the endpoints see authenticated identities.
This design contrasts sharply with how other mesh protocols handle identity. Reticulum generates 512-bit Ed25519 keypairs specific to the mesh network, creating destinations that are portable across any medium but have no relationship to any identity system outside Reticulum itself. Mark Qvist designed it this way deliberately: the address represents the cryptographic identity, and the cryptographic identity exists solely within Reticulum's domain. You can move from WiFi to LoRa to packet radio without changing your Reticulum address, but that address connects to nothing else you do online.
@npub17sl...w9r8 takes a hybrid approach that gestures toward integration. It uses Bluetooth Low Energy mesh for local communication and falls back to Nostr relays (via NIP-17 private messages) when devices leave mesh range. The system uses Noise_XX_25519_ChaChaPoly_SHA256 for mesh encryption, with separate Curve25519 static keys and Ed25519 signing keys for identity management. Nostr integration exists at the application layer: mutual favorites automatically switch to Nostr transport, and geohash-based location channels operate over relays using derived identities. The mesh layer and the Nostr layer remain architecturally distinct, connected by application logic but not unified at the protocol level.
Meshtastic has achieved the broadest adoption of any mesh protocol, with hundreds of thousands of devices deployed and active community networks across multiple continents. Its identity model is device-centric: each node has a short ID and a long name, with PSK (pre-shared key) encryption on private channels and recently added public-key encryption for direct messages. The protocol optimizes for accessibility and ease of deployment on cheap hardware. You can buy a T-Beam for thirty dollars and join a mesh in minutes. What you cannot do is connect that Meshtastic identity to anything beyond the mesh itself. The identity lives on the device and has no cryptographic relationship to any keypair you might hold elsewhere.
FIPS inverts this isolation by using your Nostr npub as your network address. Your social notes and your mesh packets now authenticate through the same key. One backup phrase protects both your social identity and your network presence. You no longer manage separate key material for each protocol or wonder whether your mesh identity will survive a device failure. If you have backed up your Nostr seed, your network address recovers with it. Peer discovery through Nostr relays appears on the roadmap, which would allow new nodes to bootstrap from the same infrastructure that carries social messages.
FIPS organizes its protocol stack into three layers with distinct responsibilities. At the base, a transport layer abstracts over physical media, currently supporting UDP/IP with planned extensions to Bluetooth, serial links, radio, and Ethernet. Any medium capable of carrying datagrams can participate. Above this, the FIPS Mesh Protocol (FMP) handles peer authentication using Noise IK handshakes and propagates Bloom filters for destination discovery. Each hop makes forwarding decisions using only local information: coordinates derived from tree position and Bloom filters indicating which peers can reach which destinations. At the top, the FIPS Session Protocol (FSP) establishes end-to-end encrypted sessions using Noise XK, independent of any intermediate hop. Application data flows through FSP sessions, protected by a layer of encryption that intermediate routers cannot read.
Two independent encryption layers protect traffic through the mesh. At the link level, Noise IK (in the FMP layer) defeats transport observers and active attackers on individual connections. At the session level, Noise XK (in the FSP layer) protects application payloads from intermediate routers, who see only encrypted datagrams and opaque routing headers containing hashed addresses. An attacker who compromises a single intermediate node learns nothing about the content of sessions passing through it. The layered design means that breaking link encryption does not break session encryption, and vice versa.
Routing operates through coordinate-based greedy forwarding. Nodes self-organize into a spanning tree through distributed announcements, each independently selecting a parent based on information from immediate neighbors. Without voting or coordination protocol, the network converges on a single agreed-upon root. Tree position becomes a coordinate that enables distance calculations: the distance between any two nodes equals the number of hops to their lowest common ancestor. Bloom filters propagate reachability information, allowing each node to learn which destinations its peers can reach without maintaining a global view of network topology.
Reaching an unknown destination requires a LookupRequest that propagates through the network until the target responds with current coordinates. Intermediate nodes cache this information to accelerate future routing. Error recovery operates through signaling: CoordsRequired tells the source that a lookup is needed, and PathBroken indicates route failure with MtuExceeded reporting path MTU information. These signals trigger active recovery on the sending side, converting silent packet loss into actionable events.
FIPS addresses four adversary classes explicitly. Transport observers see only encrypted packets and learn nothing about content or endpoints. Active attackers cannot forge or replay messages due to Noise Protocol authentication and AEAD encryption. Intermediate nodes see only opaque node_addr hashes in routing headers, unable to correlate traffic to Nostr identities without breaking SHA-256. Byzantine adversaries face signed tree announcements with transitive ancestry validation, plus the fundamental constraint that peering is discretionary: you choose which peers to connect with, and malicious nodes can be dropped.
FIPS remains early-stage. Version 0.1.0 was publicly announced yesterday, with spanning tree construction and Bloom filter discovery working in the current codebase. No security audit has been conducted. The planned Nostr relay bootstrap for peer discovery does not yet exist. Anyone evaluating FIPS for production use should understand they are looking at alpha software from a single developer, however experienced that developer may be.
Each alternative carries different trade-offs. Reticulum offers the most mature architecture, with version 1.1.3 released in January 2026 and years of refinement in its cryptographic and routing design. It supports any transport medium capable of five bits per second, from LoRa to packet radio to TCP overlays, but your Reticulum identity exists only within Reticulum. BitChat achieved rapid adoption during protest events in Nepal and Madagascar, with over 365,000 downloads by September 2025. Its Nostr integration provides internet fallback and geohash location channels, but the mesh layer maintains separate cryptographic identity. Meshtastic remains the accessible entry point, with cheap hardware and simple setup, but its device-centric identity model offers no path toward broader integration.
FIPS proposes something none of them provide: a network layer that uses the same identity you already hold. Possession of a Nostr keypair means possession of a FIPS address. When Nostr relays work for peer discovery, the same infrastructure that routes your social messages will help you find mesh peers. Consolidation under a single keypair you generated, that no registration authority issued, portable across every layer of a decentralized stack.
Identity fragmentation compounds with each protocol you adopt. A Meshtastic device in your backpack and a Reticulum node on your home server mean separate keypairs with no relationship to your Nostr social presence. Lose a device, and you regenerate identity on each protocol independently. Change your Nostr key, and nothing follows. FIPS eliminates this operational burden by making one keypair work everywhere. Back up your Nostr seed once, and your mesh identity survives any hardware failure. The protocol remains alpha software requiring security audits before trust is warranted, but its architecture addresses a gap that existing protocols have not attempted to fill. Mesh networking has enough protocols. What it lacks is identity unification, and FIPS is the first project designed to provide it.