Everything you need to build fast, secure, and reliable networks. No compromises.
Every packet on the Lattix network is protected by the Noise_IK handshake protocol, the same cryptographic framework trusted by WireGuard and Signal. Your data is authenticated and encrypted before it ever leaves your device.
We use ChaCha20-Poly1305 with 256-bit keys for symmetric encryption, providing both confidentiality and integrity in a single pass. The X25519 Diffie-Hellman key exchange ensures perfect forward secrecy — even if a long-term key is compromised, past sessions remain secure.
Identity verification is handled by Ed25519 signatures, giving each node a unique cryptographic identity. Membership certificates with expiration ensure that only authorized devices can participate in your network.
Lattix automatically discovers your network topology using STUN servers and classifies your NAT type. Whether you are behind a symmetric NAT, a restricted cone, or a corporate firewall, Lattix finds the optimal path to connect you.
UDP hole punching creates direct peer-to-peer tunnels through firewalls without any manual port forwarding. When direct connectivity is not possible, encrypted traffic is seamlessly routed through our relay infrastructure with zero configuration required from the user.
The coordination server acts as a rendezvous point, exchanging endpoint information between peers. Once the direct path is established, the server steps out of the data plane entirely — your traffic never touches our infrastructure.
Lattix builds a full mesh topology where every peer can communicate directly with every other peer. There is no central bottleneck — traffic flows on the shortest path between nodes, minimizing latency and maximizing throughput.
The control plane handles membership, key distribution, and peer discovery, but never touches your data. Once peers establish a Noise_IK session, all traffic is encrypted end-to-end and routed directly between devices.
For peers that cannot establish direct connections, an encrypted relay path is automatically negotiated. The relay server sees only opaque ciphertext — it cannot read, modify, or analyze your traffic. Bandwidth is optimized through intelligent path selection and keepalive management.
Lattix runs natively on Windows, macOS, and Linux with platform-specific optimizations for each operating system. The TUN virtual network interface integrates seamlessly with your OS networking stack, appearing as a standard network adapter.
On each platform, a system tray application provides one-click access to network status, peer information, and quick actions. The background daemon runs as a native service — a Windows Service, a macOS LaunchDaemon, or a systemd unit on Linux.
Installation packages are purpose-built for each platform: MSI with service registration on Windows, .pkg with LaunchDaemon on macOS, and .deb/.rpm packages with systemd integration on Linux. Every installer sets up auto-start so your network is always available.
A full-featured web administration panel gives you complete control over your networks from any browser. Create and manage networks, authorize members, monitor peer connectivity, and view real-time metrics — all from a clean, modern interface.
The RESTful API supports JWT authentication with role-based access control, enabling seamless integration with your existing infrastructure and CI/CD pipelines. Every action available in the dashboard is also available via the API.
Built on Axum with TLS support, the server provides rate limiting, CORS configuration, security headers, input validation, and health monitoring out of the box. Data is stored in SQLite for zero-dependency deployment.
Written entirely in Rust, Lattix delivers near-native performance with memory safety guarantees. The async I/O architecture built on Tokio handles thousands of concurrent connections without blocking, ensuring your network scales effortlessly.
The compact 28-byte packet header minimizes overhead on every packet. Combined with zero-copy buffer management and lock-free data structures (DashMap), Lattix achieves sub-millisecond encryption latency even under heavy load.
The modular crate architecture means only the components you need are compiled and loaded. With 11 focused Rust crates, each optimized for its specific responsibility, the entire system maintains a small footprint while delivering enterprise-grade throughput.
The cryptographic primitives and protocol details that power Lattix Network.
| Component | Specification | Details |
|---|---|---|
| Protocol | Noise_IK |
25519 key exchange, ChaChaPoly cipher, BLAKE2s hash |
| Encryption | ChaCha20-Poly1305 |
256-bit symmetric keys, AEAD construction |
| Key Exchange | X25519 |
Elliptic-curve Diffie-Hellman with perfect forward secrecy |
| Authentication | Ed25519 |
Digital signatures for identity verification |
| Header Size | 28 bytes |
Compact binary format with NodeAddress (40-bit) |
| Hash Function | BLAKE3 |
HMAC for packet integrity, faster than SHA-256 |
| Certificates | Membership Certificates | Network-bound certificates with expiration and revocation |
| Transport | UDP |
Primary UDP with encrypted relay fallback |
Deploy your own secure network in under 60 seconds. Free for personal use.