Sigil

Your public key is your address.

A datagram-level routing protocol where Ed25519 keys are network addresses. Substrate-agnostic. Encryption-free. Built for any bearer.

Read the DocsView Whitepaper
sigil1qpzry9x8gf2tvdw0s3jn54khce6mua7lmqqqxw

IP, reimagined

Sigil sits where IP sits — but your address is your cryptographic identity, and the transport beneath is whatever you have.

Sigil Stack

Your Protocol
Encryption (Noise, QUIC, TLS...)
Sigil Datagram — 71B header
Bearer (UDP, BLE, Wi-SUN, Ethernet)

Traditional Stack

Your Protocol
TLS / QUIC
TCP / UDP
IP (address ≠ identity)
Ethernet / Wi-Fi

Why Sigil

Substrate Agnostic

Same identity over UDP, Bluetooth, Wi-SUN, or raw Ethernet. 71-byte binary header. Runs on Cortex-M microcontrollers.

UDP/IPBLE L2CAPWi-SUN 802.15.4gRaw Ethernet

Built-in Privacy

Sphinx onion routing with rotating mixer keys. No external daemon. The anonymity set is the Sigil network itself.

Sender-constructed circuitsFixed packet size per hop24h key rotationNo Tor dependency

Algorithm Agility

Ed25519 today. Post-quantum SLH-DSA-128s tomorrow. One byte changes. No protocol break.

1-byte algo identifierKey succession protocolKey revocationPost-quantum reserved

Start building

Pure state machines. No async runtime required. Feed bytes in, get actions out.

use sigil_core::{PeerState, SigilIdentity, Action};
use sigil_wire::SigilAddr;
let identity = SigilIdentity { addr, seed };
let mut peer = PeerState::new(identity, clock, rng);
// Send a datagram to any Sigil address
let actions = peer.send_datagram(&dst_sigil, payload);
// Handle inbound — routing, probing, delivery
let actions = peer.handle_inbound("udp:10.0.0.5:4433", &data);
// React to protocol actions
for action in actions {
    match action {
        Action::SendBearer { to, data } => bearer.send(&to, &data),
        Action::DeliverToApp { from, payload } => app.recv(from, payload),
        Action::RouteEstablished { dst } => log!("route up: {dst}"),
        _ => {}
    }
}

Modular by design

Five crates, layered from bare metal to full runtime. Use only what you need.

sigil-wire

no_std

Binary codec for all message types. Zero-copy parsing. Zero dependencies beyond core.

DatagramProbeProbeAckEnvelopeSigilAddr

sigil-crypto

no_std

Crypto traits and implementations. Test doubles for deterministic simulation.

SignerVerifierMacHasherKeyAgreement

sigil-core

no_std

Protocol state machines. Peer, Relay, Registrar, Mixer, and route table logic.

PeerStateRelayStateRegistrarStateRouteTable

sigil-sim

std

Deterministic network simulation. Model latency, loss, NAT, and firewalls.

SimNetworkSimLinkSimNatSimFirewall

sigil-runtime

std

System implementations for real-world deployment. Clock, RNG, storage, transport.

SystemClockOsRngMemoryStoreUdpTransport

Payload budget by bearer

71-byte fixed header for Ed25519. Every remaining byte is yours.

UDP/IP
1209B
MTU ~1280B
BLE L2CAP
441B
MTU ~512B
Wi-SUN
1976B
MTU ~2047B
Ethernet
1429B
MTU 1500B

What sets Sigil apart

Sigil operates at the network layer — below QUIC, below TLS. It complements tools like iroh rather than competing with them.

FeatureSigilTypical P2P libraries
no_std embeddedYesNot targeted
Sphinx onion routingYesExternal Tor required
Federated discovery + access controlYesDNS only, no ACL
Consent-based discovery (Delegate)YesNo equivalent
Post-quantum algorithm slotsYesEd25519 only
Binary wire format (71B)YesQUIC frames
Multi-bearer nativeYesQUIC adapters