WireGuard Study Notes networking vpn

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs). It aims to be lighter and better performing than IPsec and OpenVPN, two common tunneling protocols. The WireGuard protocol passes traffic over UDP.

WireGuard has one main job:

Securely move IP packets between peers over UDP.

To do this safely, it needs to solve several problems:

Problem Solution
How do peers identify each other? Public keys
How do they agree on encryption keys? Diffie-Hellman
How do they encrypt traffic? ChaCha20
How do they verify integrity? Poly1305
How do they derive multiple keys safely? HKDF
How do they avoid replay attacks? Nonces/counters
How do they prove protocol security? CryptoVerif formal proofs

Why WireGuard use UDP?

WireGuard uses UDP (User Datagram Protocol) primarily to achieve superior speed, lower latency, and to avoid the “TCP-over-TCP meltdown” phenomenon, which causes severe performance degradation when tunneling TCP traffic inside another TCP connection. UDP’s lightweight, connectionless nature makes it ideal for modern, fast VPNs.

Noise Protocol Framework

Noise is a framework for designing secure handshakes.

Instead of inventing protocols from scratch, Noise provides:

  • reusable patterns
  • proven constructions
  • secure state transitions

WireGuard uses one specific pattern:

Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s

This looks terrifying initially, but it’s just a compact protocol description.

Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s

Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s is the WireGuard handshake definition. It specifies the exact cryptographic protocol and primitives used.

Noise Refers to the Noise Protocol Framework.

IKpsk2 This is the specific handshake pattern. It contains 3 parts:

  • IK A predefined Noise handshake pattern.

Meaning:

  • I = Initiator knows the responder’s static public key beforehand
  • K = both sides use static keys during authentication

In WireGuard terms:

  • client already knows server public key
  • peers authenticate each other using long-term Curve25519 keys

This avoids certificate infrastructure entirely.

  • psk2 Means a pre-shared symmetric key is mixed into the handshake at message position 2.

This is optional in WireGuard. Purpose:

  • adds another authentication/encryption layer
  • improves post-quantum resistance somewhat
  • useful in hardened deployments

The PSK is NOT the main authentication method. It supplements the public-key exchange.

  • 25519 This means Curve25519 is used for Diffie-Hellman key exchange.

  • ChaChaPoly Short form of ChaCha20-Poly1305

This is an AEAD cipher suite:

  • ChaCha20 → encryption
  • Poly1305 → authentication/integrity

WireGuard chose this because it performs extremely well on systems without AES hardware acceleration.

  • BLAKE2s Refers to BLAKE2, specifically the smaller/faster BLAKE2s variant.

Full Meaning

Noise_IKpsk2_25519_ChaChaPoly_BLAKE2s

Use the Noise framework with the IK handshake pattern plus an optional preshared key, Curve25519 for key exchange, ChaCha20-Poly1305 for encryption/authentication, and BLAKE2s for hashing."

Long-Term vs Ephemeral Keys

Long-Term Keys

Persistent identity keys. Example:

Server private/public key

These identify peers.

Ephemeral Keys

Temporary keys generated for each handshake. Destroyed afterward.

Forward Secrecy

Suppose attacker records encrypted VPN traffic today. Later they steal server private key.

Can they decrypt old traffic?

NO

because old session keys depended on ephemeral secrets already erased.