Here [1] is a related trick in the old Unix to run either `foo`, `/bin/foo` or `/usr/bin/foo` (apparently before `PATH` convention existed):

    char string[10000];
    strp = string;
    for (i=0; i<9; i++)
        *strp++ = "/usr/bin/"[i];
    p = *argv++;
    while(*strp++ = *p++);

    // string == "/usr/bin/foo"
    execv(string+9, args); // foo (execv returns only in case of error, i.e. when foo does not exist)
    execv(string+4, args); // /bin/foo
    execv(string, args);   // /usr/bin/foo

[1] https://github.com/dspinellis/unix-history-repo/blob/Researc...

You can get yourself a vanity key using https://github.com/AlexanderYastrebov/wireguard-vanity-key tool:

   % wireguard-vanity-key -prefix=NAS/
   private                                      public                                       attempts   duration   attempts/s
   EiBsDB8zt/G4+VWGvxW2ZznNXYmcslcIyJimNR2PpF4= NAS/aex8+IFzLePBYVNGMsSo/1/XeUZcam+Hn8wbNB4= 22619537   0s         112587360

While it's cool, something about vanity keys in general stroke me the wrong way. I feel like in principle you should never use a very short part of a public key for ocular identification, and it attempts to solve something that should be solved outside of wireguard, i.e. the "friendly naming" of public keys.

Official stance about supporting interpreter mode for the reference https://github.com/golang/go/issues/24118

You can generate yourself a vanity .onion address using https://github.com/AlexanderYastrebov/onion-vanity-address tool. It can also generate vanity client authorization keypair.

Be careful with vanity address generators. A cryptocurrency market maker once lost around $160,000,000 in a vanity Ethereum address because the generator they used was only seeded with 32 bits of entropy.

https://www.forbes.com/sites/jeffkauflin/2022/09/20/profanit...

Indeed, be careful with anything that involves secret bits.

This tool uses proper crypto/rand initialisation of the starting key https://github.com/AlexanderYastrebov/onion-vanity-address/b...

Check out my other vanity generators (they all use crypto/rand):

https://github.com/AlexanderYastrebov/wireguard-vanity-key

https://github.com/AlexanderYastrebov/age-vanity-keygen

https://github.com/AlexanderYastrebov/ethereum-vanity-addres...

Unfortunately I got a hard crash on go 1.25.3 when running this: https://github.com/AlexanderYastrebov/onion-vanity-address/i...

WireGuard over WireGuard (WireGuard end-to-end encrypted hub and spoke) example https://www.procustodibus.com/blog/2021/12/wireguard-e2ee-hu...

  // hashItem computes the slot an item hashes to, given a total number of slots.
  func hashItem(item string, nslots uint64) uint64 {
    digest := md5.Sum([]byte(item))
    digestHigh := binary.BigEndian.Uint64(digest[8:16])
    digestLow := binary.BigEndian.Uint64(digest[:8])
    return (digestHigh | digestLow) % nslots
  }

Should be using XOR: (digestHigh ^ digestLow) % nslots

Thanks for spotting this, what a silly typo :)

... Fixed

Prefix check is a fast operation compared to candidate key generation so checking several prefixes adds a small overhead compared to checking just one.

Wildcard support has low value for the use case in my opinion, compare:

    helloyebjctfjivalxn343gppksrzdpm33qzmeeq4qnqwgrgqy75zoqd.onion
    qbtlzwabvvkvmogjy2wdvnn6gq55463jhellobwtnjsinvtxsur67oad.onion

It also supports distributed search, e.g. you can run it in Kubernetes without exposing the secret key to the cluster, see https://github.com/AlexanderYastrebov/onion-vanity-address?t...

Thanks, great question!

In short: I got obsessed by making it as fast as possible and read a ton of elliptic curve cryptography papers.

It was a journey that started from reading WireGuard kernel sources, then I was thinking about deriving IPv6 address from peer key, left a random comment on a dated gist https://gist.github.com/artizirk/c91e4f8c237dec07e3ad1b286f1... from which I learned about vanity key concept.

I naturally enjoy doing performance optimization work so when I discovered incremental approach idea here https://github.com/warner/wireguard-vanity-address/pull/15 I decided to create my own tool.

I've implemented first version of https://github.com/AlexanderYastrebov/wireguard-vanity-key and then continuously profiled it to improve performance. From profiling I saw that field inversion and multiplication are the main operations.

I realized I need to reduce unnecessary computation to make it faster and for that I need to understand the underlying math which is actually quite simple.

I read RFCs for Curve25519 and papers from D. J. Bernstein who invented it.

You can see how my understanding evolved from the commit history https://github.com/AlexanderYastrebov/wireguard-vanity-key/c...

Once I have the fastest algorithm to generate vanity Curve25519 keypairs I can apply it to other things that use Curve25519 (https://ianix.com/pub/curve25519-deployment.html) or Ed25519 (https://ianix.com/pub/ed25519-deployment.html) which is an equivalent curve.

See also my other related projects: * [age-vanity-keygen](https://github.com/AlexanderYastrebov/age-vanity-keygen) — Fast vanity age X25519 identity generator. * [vanity25519](https://github.com/AlexanderYastrebov/vanity25519) — Efficient Curve25519 vanity key generator.

You can create prefixed keys (aka vanity key) for each peer using https://github.com/AlexanderYastrebov/wireguard-vanity-key

    $ wireguard-vanity-key --prefix=mac/
    private                                      public                                       attempts   duration   attempts/s
    Mtvsq5urRK/HRE1EfqTkZ9dtBNNBjSVPbqYBZ/BL4Qw= mac/t3wcAUhyZUti7OM4KsGQ7/V00HPRmzI3agaSplM= 37258118   1s         70119328

    $ wireguard-vanity-key --prefix=ipad/
    private                                      public                                       attempts   duration   attempts/s
    hJXdv5FKyem2WqWzduSaEhEw1H4b+6BGTIqJeYu9H1c= ipad/s6w2nBEDhmuEl/xyLeohEbfc5MWUy5D8dJHgAs= 158299886  2s         69564916