A cryptography-powered Zero Trust security protocol that hides your infrastructure from attackers. They can't attack what they can't find. Invisible until trusted.
From Port Knocking to SPA to NHP — the evolution of hiding network infrastructure from threats.
Simple but insecure. Vulnerable to replay attacks and eavesdropping.
Improved security with encrypted packets. Limited by shared secrets and scalability issues.
Modern cryptography (Noise Protocol, ECC), mutual authentication, and enterprise-grade scalability. Hides domains, IPs, and ports completely.
| Feature | SPA | NHP |
|---|---|---|
| Cryptography | Shared secrets | Modern Cryptography Algorithms (e.g. Noise, IBC, etc) |
| Scalability | Single-point bottleneck | Stateless, infinitely scalable |
| Communication | One-way | Bi-directional with status |
| Hiding Capability | Ports only | Domain, IP, and ports |
| Extensibility | Typically SDP | All-purpose, customizable |
| Library | C/C++ (memory-unsafe) | Memory-safe Go (OpenNHP) |
| Integration | Limited | DNS, FIDO, IAM, Policy Engines |
Built for the AI era where attackers use LLMs to find and exploit vulnerabilities automatically.
All resources are hidden by default. Only authenticated and authorized users can even discover that services exist.
Hide domains, IP addresses, and ports. Attackers can't attack what they can't find. NXDOMAIN for unauthorized queries.
10K authentication requests per second with sub-10ms latency. Built with Go for memory safety and concurrency.
Noise Protocol Framework, Curve25519, ChaCha20-Poly1305. Proven secure key exchange to prevent MITM attacks.
Client-to-Gateway, Client-to-Server, Server-to-Server, Gateway-to-Gateway. Standalone to multi-tenant clusters.
Works with existing IAM, DNS, FIDO, and Zero Trust policy engines. Extends rather than replaces your security stack.
A growing ecosystem of tools and implementations for Zero Trust network security.
The official NHP protocol implementation in Go. Includes nhp-agent, nhp-server, and nhp-ac components for complete Zero Trust deployments.
View on GitHubA DNS client powered by OpenNHP that implements invisible DNS resolution. Protected domains return NXDOMAIN to unauthorized clients.
View on GitHubJavaScript implementation of the NHP protocol for web applications. Enable Zero Trust access directly from the browser.
View on GitHubJoin thousands of developers building Zero Trust security with OpenNHP.