Protocol · Semantics

hps://

Pub/sub, services and channels

publisher signs every post member · reads member · reads non-member · carries blind ACK → reach
A post is sealed and floods the mesh. Members (with the shared key) decrypt it and ACK back, the host counts unique ACKs as reach, with no subscriber registry; non-members carry it but can't read it. Every post is signed by its author. Channels let anyone read and write; services let only the owner broadcast.
How it works
  • Channels, anyone with the shared key reads and writes (group chat); every post is signed by its author, so senders are always verified.
  • Services, only the owner can broadcast (a service signing key), and many subscribers read with a shared content key.
  • A post is sealed and floods the mesh; non-members carry it blind, members decrypt and ACK back, the host counts unique ACKs as its reach, with no subscriber registry.
Why it matters
For developers

Register a topic at a path on any node and that node becomes its host. Open / request-to-join / invite control who gets the keys; per-app secrets keep other apps' topics invisible and unjoinable.

For business

Group messaging, fan-out alerts, and discoverable services with no broker to run, and on the cloud backbone a topic only ships to regions that actually have subscribers, so you never pay to flood empty ones.

Deeper implementation detail is coming in the Hop whitepaper.

Ready to build on it?