Lesson 1

What is FIPS?

The internet you use every day depends on a stack of centralized infrastructure: ISPs, backbone providers, DNS servers, certificate authorities. If any of these go down or start behaving badly, the network breaks. Your device cannot talk to another device without multiple intermediaries coordinating the connection.

FIPS (Free Internetworking Peering System) takes a different approach. It is a mesh protocol where nodes connect directly to each other, authenticate using cryptographic keypairs, and route traffic cooperatively. There is no central authority assigning addresses or managing routing tables. Each node generates its own identity from a keypair and joins the mesh by connecting to a single peer.

Four properties that matter

Transport agnostic

FIPS runs over WiFi, Ethernet, Bluetooth, UDP overlays, serial links, satellite uplinks, and Tor circuits. The protocol treats the communication medium as a pluggable driver. A node running multiple transports bridges between them automatically. Peers on WiFi and peers on Ethernet join the same mesh.

Self-organizing

Connect to one peer and you can reach the entire network. Nodes discover each other, build a spanning tree for coordinate-based routing, exchange bloom filters for reachability, and forward traffic. The network heals around failures and adapts to topology changes without anyone telling it to.

Nostr-native identity

Your node identity is a Nostr keypair (secp256k1). From that single keypair, FIPS deterministically derives your application identity (npub), your routing address (node_addr), and an IPv6 address for legacy app compatibility. No registration. No certificate authority. Generate a key, join the mesh.

Privacy by design

Every link is encrypted hop-by-hop (Noise IK). Every session is encrypted end-to-end (Noise XK). Intermediate routers forward packets without knowing who is talking to whom. They see only opaque routing hashes, not Nostr identities.

How it differs from the internet

Traditional Internet FIPS
Address assignment DHCP, registrars, ICANN Self-generated from keypair
Routing BGP tables pushed by ISPs Local decisions using spanning tree coordinates
Encryption Optional (TLS), relies on CAs Mandatory, two layers, no CAs
Transport IP over specific media Any datagram-capable medium
Failure recovery Manual reconfiguration, BGP convergence Automatic reconvergence via gossip

The protocol stack at a glance

FIPS is organized into four layers. Each one has a single job and knows nothing about the layers above or below it. We will explore each in detail through these lessons.

4
Application Interface Native API or IPv6 TUN adapter for legacy apps
3
FSP (Session Protocol) End-to-end Noise XK encryption between endpoints
2
FMP (Mesh Protocol) Hop-by-hop Noise IK encryption, spanning tree, bloom filters, routing
1
Transport Pluggable: UDP, Ethernet, WiFi, Bluetooth, Tor, Serial

In the next lesson, we will look at the identity system: how a single keypair gives you an address, a routing ID, and IPv6 compatibility.

Orientation Quiz

1. Which of these best captures what makes FIPS different from the classic internet?

2. What does 'transport-agnostic' mean in the FIPS context?

3. Which problem does FIPS NOT try to solve by itself?