BIP324 (v2 Encrypted P2P Transport)

BIP324 defines Bitcoin's version-2 (v2) peer-to-peer transport: an encrypted message layer that replaces the original plaintext v1 protocol used between full nodes. It provides confidentiality against passive eavesdroppers and makes the connection bytestream look like uniform random data, so deep-packet-inspection tooling can no longer fingerprint Bitcoin traffic by its fixed magic bytes. Encryption is opportunistic and unauthenticated by default, meaning any two upgraded peers negotiate it automatically without certificates or a trusted setup.

How the handshake works

The key exchange uses X-only Elliptic-Curve Diffie-Hellman over the secp256k1 curve, with each party's public key encoded via ElligatorSwift so the 64-byte handshake bytes are indistinguishable from random. The shared secret is run through HKDF-SHA256 to derive per-direction session keys, a session ID, and garbage terminators. Message payloads are then sealed with the ChaCha20-Poly1305 AEAD cipher, while a separate ChaCha20 keystream encrypts the length prefix. Keys are rotated periodically within a session to limit exposure.

What it does and does not protect

v2 transport defeats trivial passive surveillance and raises the cost of tampering to an active man-in-the-middle attack. Because the default handshake is unauthenticated, it does not by itself prove a peer's identity, though it establishes a channel-binding foundation for optional future authentication. Nodes advertise support through a dedicated service flag, and connections fall back to v1 when a peer has not upgraded.

For related transaction-layer privacy, see Dandelion (BIP156). For how light wallets fetch data without leaking addresses, see Compact Block Filters (BIP158).