Applied Cryptography in the Tollbooth DPYC Secure Courier
Share
How classical cryptographic primitives from Bruce Schneier's Applied Cryptography solve a modern problem that few in the industry have tackled directly.
A Problem the Industry's Brightest Are Still Researching
The MCP (Model Context Protocol) ecosystem has an open challenge that few have tackled head-on: credential provisioning.
When an AI agent needs to call an API on your behalf, it needs your credentials. Today, the standard approach is to paste those credentials directly into a chat window, a configuration file, or an environment variable. That works, but it leaves credentials exposed in contexts where they're difficult to audit and easy to leak.
At DPYC (Don't Pester Your Customer), we built something different. We call it the Secure Courier — a credential exchange protocol where your API keys never appear in the chat interface at all. They travel through what we call the "diplomatic pouch": an encrypted, time-bounded, metadata-private channel over the Nostr relay network.
What's remarkable is that the cryptographic foundations aren't new. They come from a textbook published in 1996.
Bruce Schneier's Applied Cryptography
Bruce Schneier's Applied Cryptography: Protocols, Algorithms, and Source Code in C (2nd Edition, John Wiley & Sons, 1996) remains one of the most important references in practical cryptography. It's not a theoretical treatise — it's an engineer's handbook for building systems that actually work.
Three specific algorithms from this book map directly onto what the Secure Courier does.
Algorithm 1: Diffie-Hellman Key Agreement (Chapter 22)
The fundamental challenge is straightforward: two parties who have never communicated before need to establish a confidential channel. The MCP server operator and the Secure Courier service have no prior shared secret. How do they talk privately?
Schneier covers this in Chapter 22 as the Diffie-Hellman key exchange protocol. The modern variant we use is Elliptic Curve Diffie-Hellman (ECDH) over the secp256k1 curve — the same curve Bitcoin and Nostr use.
Here's how it works in the Secure Courier:
- The server publishes an ephemeral Nostr public key (npub) via the
request_credential_channeltool. - The operator encrypts their credentials to that public key using their Nostr client.
- The server decrypts with the corresponding private key (nsec).
No shared secret was pre-arranged. No passwords were exchanged out-of-band. The mathematics of elliptic curves handle it. This is exactly the scenario Schneier describes: key agreement without prior trust.
Algorithm 2: Digital Envelopes (Chapter 2.7)
ECDH gives us a shared secret, but the Secure Courier needs something more: metadata privacy. It's not enough that the credential payload is encrypted — we also need to hide who sent the message from the relay operators who carry it.
This is where NIP-17, the Nostr gift-wrapping protocol, enters the picture. And NIP-17 is a direct implementation of what Schneier calls the digital envelope — a hybrid cryptosystem pattern described in Chapter 2.7.
The structure is layered:
- The inner seal contains the actual credential payload, encrypted to the recipient's public key using the ECDH-derived shared secret.
- The outer gift wrap is signed by an ephemeral throwaway key — not the sender's real identity.
The result is that relay operators can see that something was sent, but they can't see who sent it or what it contains. Asymmetric crypto protects the key exchange. Symmetric crypto protects the payload. The ephemeral outer wrapper protects the sender's identity.
This is Schneier's hybrid cryptosystem, deployed over a modern decentralized relay network for a purpose that was difficult to foresee in 1996.
Algorithm 3: The Interlock Protocol (Chapter 3.1)
Diffie-Hellman has a well-known weakness: it's vulnerable to man-in-the-middle attacks. If an adversary can intercept the initial key exchange, they can substitute their own keys and relay messages between the two parties, reading everything.
Schneier describes the Interlock Protocol in Chapter 3.1 as a countermeasure. The core idea is that both parties must commit to their identities before the exchange begins, making key substitution detectable.
The Secure Courier's two-phase flow maps onto this pattern:
-
Channel establishment (
request_credential_channel): The server commits to a specific ephemeral identity by publishing its npub. This commitment is visible to the operator. -
Credential delivery (
receive_credentials): The operator's encrypted message is bound to that specific identity. It can only be decrypted by the holder of the corresponding nsec.
Critically, the channel has a TTL (time-to-live). The ephemeral keypair expires after a short window. This creates a temporal bound that limits replay attacks — even if an adversary captures the encrypted message, they can't replay it after the channel expires.
What This Means for the MCP Ecosystem
The Secure Courier combines these three classical primitives into something we haven't seen elsewhere in the MCP ecosystem:
- ECDH key agreement bootstraps trust between strangers.
- Digital envelopes provide payload confidentiality and metadata privacy.
- Interlock-style commitment with TTL bounds defeats man-in-the-middle and replay attacks.
Your API credentials travel in a diplomatic pouch. They never appear in the chat interface. They never pass through the AI model's context window. They arrive encrypted at the MCP server, get decrypted into the passphrase vault, and the relay copy is destroyed.
A Different Problem Than What Others Are Solving
It's worth noting what the other approaches to API monetization focus on — and where credential provisioning falls outside their scope.
L402 (formerly LSAT) is a protocol for per-request payment using Lightning Network macaroons. It solves the "pay for each API call" problem. It does not address how credentials get from a human operator into a server process.
x402 is an HTTP-native payment protocol using status code 402. Same story — it's about payment negotiation per request, not about credential bootstrapping.
The DPYC Secure Courier solves a fundamentally different problem. We're not competing on the payment mechanism (though our pre-funded balance model is superior to per-request friction). We're solving the trust bootstrapping problem that few in the ecosystem have prioritized yet.
Standing on the Shoulders of Giants
There's something deeply satisfying about building a 2026 protocol on foundations laid in a 1996 textbook. The mathematics haven't changed. Elliptic curves are still hard to crack. Diffie-Hellman still works. The hybrid cryptosystem pattern is still the right architecture when you need both asymmetric key exchange and symmetric payload encryption.
What's new is the application context: a decentralized relay network (Nostr) carrying encrypted credential exchanges for AI agent infrastructure (MCP servers) in a Bitcoin-denominated economic system (DPYC Tollbooth).
Bruce Schneier gave us the primitives. Nostr gave us the transport. Bitcoin gave us the economics. We just put them together.
Try It Yourself
The Secure Courier is live and shipping in excalibur-mcp, our X/Twitter posting MCP service. To experience the diplomatic pouch:
- Connect to excalibur-mcp in Claude Desktop or claude.ai.
- Ask Claude to help you register your X API credentials.
- Claude will open a Secure Courier channel and send you a welcome DM on Nostr.
- Reply to that DM with your credentials from your Nostr client.
- Your credentials arrive in the vault. They never touched the chat.
The source code is open. The protocol is documented. The cryptography is classical.
The only thing that's new is the courage to build it this way.
The DPYC Tollbooth is a Lightning Network-based API monetization system built on Austrian economics principles. Learn more at our GitHub repositories or connect with us on Nostr.