radio
connectivity for superintelligence. a fork of iroh where every hash — content identifiers, verified streaming trees, relay handshakes — runs through Hemera instead of Blake3
why
Blake3 hashes at 2 GB/s. Hemera reaches ~50–100 MB/s on CPU. the tradeoff: proving a single Blake3 hash inside a stark costs 50,000–100,000 constraints. Hemera costs ~736. this enables:
- storage proofs without downloading content
- verified streaming with Hemera Merkle trees
- private computation over encrypted knowledge graph
- post-quantum security via starks
architecture
radio preserves iroh networking (QUIC, radio/hole-punching, radio/relay) and replaces the cryptographic foundation across four strata:
| stratum | layer | crate |
|---|---|---|
| protocols | radio/blob, radio/docs, radio/gossip, radio/willow | iroh-blobs, iroh-docs, iroh-gossip, iroh-willow |
| verified streaming | radio/bao (Hemera Merkle trees) | cyber-bao |
| content identity | sponge, compression, KDF in Goldilocks field | cyber-poseidon2 |
| networking | radio/endpoint, radio/relay, radio/hole-punching | iroh, iroh-relay |
crates
- cyber-poseidon2 — Hemera hash implementation (CPU + GPU scaffolding)
- cyber-bao — radio/bao protocol (Hemera Merkle trees)
- cyber-hash — CLI hashing tool
- iroh-blobs — radio/blob transfer
- iroh-relay — radio/relay servers with Hemera handshakes
- iroh-docs — radio/docs synchronization
- iroh-gossip — radio/gossip protocol
- iroh-willow — radio/willow protocol implementation
status
zero Blake3 dependencies remain. 395 tests pass across all crates
in the stack
radio is the data transport layer of cyb. where ipfs uses CIDv1 with multicodec headers, radio uses raw 64-byte Hemera outputs as particle addresses. one hash function, one address space, zero self-describing overhead
connections route through the radio/router (ALPN multiplexer). content is shared via radio/ticket. radio/endpoint radio/discovery resolves public keys to addresses
migration status
hemera (Poseidon2) migration is complete: zero blake3 dependencies remain, 395 tests pass. content addressing, BAO trees, gossip message IDs all use hemera.
remaining work: replace Ed25519 with stark proofs for peer authentication. ~800 lines of direct crypto across three areas:
- identity types (iroh-base/src/key.rs) —
NodeId = PublicKeywraps curve25519-dalek. replace withNodeId = Poseidon2(secret), sign → STARK proof, verify → STARK verify - TLS handshake (iroh/src/tls/) — rustls expects classical signatures. options: (a) fork rustls for STARK verification, (b) replace TLS with custom Noise-like protocol over raw QUIC, (c) keep TLS as dumb encryption pipe, authenticate with STARK proofs at application layer after channel is established. option (c) is least invasive
- relay handshake (iroh-relay/src/protos/handshake.rs) — replace Ed25519 challenge-response with STARK proof of identity
gossip, blobs, bao, docs — already clean, no signatures involved.
the key exchange (QUIC/TLS) can use mudra primitives (kem/ctidh) once the handshake is redesigned. encrypted channels after handshake use aead.
see Hemera for the hash primitive, hemera/spec for the full decision record
from subgraph radio
radio
Verified content streaming over Poseidon2.
Radio is a fork of iroh where every hash — content identifiers, verified streaming trees, relay handshakes — runs through Poseidon2 over the Goldilocks field instead of BLAKE3.
Why replace a fast hash with a slow one?
BLAKE3 hashes at 2 GB/s. Poseidon2 over Goldilocks hashes at ~50-100 MB/s on CPU. By every throughput benchmark, BLAKE3 wins.
But throughput is the wrong metric when the goal is a self-verifying knowledge graph at planetary scale.
BLAKE3 uses bit-oriented operations — XOR, rotation, shift — that are cheap on CPUs and catastrophic in arithmetic circuits. Proving a single BLAKE3 hash inside a STARK costs 50,000-100,000 constraints. Poseidon2 costs ~300. That is not a percentage improvement. It is the difference between a system that can prove its own state transitions and one that cannot.
A content-addressed network where every hash is cheaply provable in zero knowledge enables:
- Storage proofs that verify content availability without downloading it
- Verified streaming where every chunk is authenticated against a Poseidon2 Merkle tree
- Private collective computation over encrypted knowledge graphs (MPC, FHE)
- Post-quantum security — STARKs rely on hash collision resistance only, no pairings
One hash everywhere. No "fast hash for data, ZK hash for proofs" split. The content identifier IS the proof-friendly identifier. Deduplication, verified streaming, and zero-knowledge proofs all operate on the same identity.
The performance gap narrows with GPU acceleration (Poseidon2 is massively parallelizable) and larger chunk groups (16 KB blocks amortize per-chunk overhead). For the proving system, there is no gap at all — Poseidon2 is 100x cheaper where it matters.
See hash function selection for the full analysis across seven domains: content addressing, deduplication, ZK proofs, MPC, FHE, quantum resistance, and planetary scale.
Architecture
Radio preserves iroh's networking layer — QUIC connections, hole-punching, relay servers — and replaces the cryptographic substrate:
┌──────────────────────────────────────────────────────────────┐
│ Protocols │
│ iroh-blobs iroh-docs iroh-gossip iroh-willow │
│ (content) (key-value) (pub-sub) (sync) │
├──────────────────────────────────────────────────────────────┤
│ Verified Streaming │
│ cyber-bao │
│ (Poseidon2 Merkle tree encode/decode) │
├──────────────────────────────────────────────────────────────┤
│ Content Identity │
│ hemera │
│ (sponge, compression, KDF — Goldilocks field) │
├──────────────────────────────────────────────────────────────┤
│ Networking │
│ iroh (QUIC, hole-punching) │
│ iroh-relay (relay servers) │
└──────────────────────────────────────────────────────────────┘
Crates
| Crate | Description |
|---|---|
hemera |
Poseidon2 hash over Goldilocks (Hemera: t=16, rate=8, capacity=8, x^7). CPU backend via p3-poseidon2, GPU scaffolding via wgpu. |
cyber-bao |
Verified streaming with Poseidon2. Encoding, decoding, outboard, slice extraction — the BAO protocol rebuilt on algebraic hashing. |
particle |
CLI tool for Poseidon2 hashing from the command line. |
iroh |
Hole-punching and QUIC connections between endpoints. Dial by public key. |
iroh-relay |
Relay server with Poseidon2-based handshake. |
iroh-base |
Common types — Hash (Poseidon2 digest), keys, RelayUrl. |
iroh-blobs |
Content-addressed blob transfer with Poseidon2 verified streaming. Scales from kilobytes to terabytes. |
iroh-docs |
Eventually-consistent key-value store over iroh-blobs. |
iroh-gossip |
Publish-subscribe overlay networks. |
iroh-car |
CAR (Content Addressable aRchive) format support. |
iroh-willow |
Willow protocol implementation. |
iroh-dns-server |
DNS-based endpoint discovery. |
Hemera Parameters
Frozen at deployment. These never change — changing them changes every content identifier in the network.
| Parameter | Value |
|---|---|
| Field | Goldilocks (p = 2^64 - 2^32 + 1) |
| State width | 16 elements (128 bytes) |
| Rate | 8 elements (64 bytes absorbed per permutation) |
| Capacity | 8 elements (64 bytes) |
| Full rounds | 8 (4 initial + 4 final) |
| Partial rounds | 64 |
| S-box | x^7 |
| Padding | 0x01 || 0x00* |
| Encoding | Little-endian canonical |
| Output | 8 elements = 64 bytes |
| Security | 256-bit collision resistance |
Migration Status
Complete. Zero BLAKE3 dependencies remain in any Cargo.toml or Cargo.lock. 395 tests pass across all crates.
| Phase | Status |
|---|---|
| hemera (CPU + GPU scaffolding) | Done |
| cyber-bao (verified streaming) | Done |
| iroh-blobs (content addressing) | Done |
| iroh-relay (handshake) | Done |
| iroh-docs, iroh-gossip, iroh-car | Done |
| Blake3 removal | Done |
| Validation (395 tests, 0 failures) | Done |
Getting Started
# Build the workspace
# Run tests
# Hash something
License
Copyright 2025 N0, INC.
Dual-licensed under MIT or Apache-2.0, at your option.