Noisy Sockets is a secure service-to-service communications library based on the Noise Protocol Framework. Endpoints are identified by Curve25519 public keys, traffic is encrypted and authenticated using ChaCha20-Poly1305, and sent/received as UDP packets. Noisy Sockets is wire compatible with WireGuard.

Noisy Sockets implements a drop-in replacement for the Go net package, allowing it to be used with any existing code. This is implemented using a userspace TCP/IP stack based on Netstack from the gVisor project.

Examples of how to use Noisy Sockets can be found in the examples directory.

Surprisingly decent, I've been able to saturate a 1Gbps link with approximately two CPU cores and a single noisy socket. Interestingly it appears to outperform the kernel implementation of WireGuard.

Some preliminary benchmark results can be found in the benchmarks respository.

Noisy Sockets is based on code originally from the wireguard-go project by Jason A. Donenfeld.

WireGuard is a registered trademark of Jason A. Donenfeld.