Security Model Detail
Overview of Our Security Model
Our messenger is designed with a comprehensive security model that incorporates multiple layers of protection to ensure the confidentiality, integrity, and authenticity of your communications. Below is a detailed breakdown of our 6-layer encryption approach and the 4-condition simultaneous satisfaction model that sets us apart from other messaging platforms.
For Non-Technical Users (The "Safe-Within-a-Safe" Analogy)
Imagine you are sending a highly confidential letter. Instead of just putting it in one envelope, we protect it using six distinct layers:
Layer 1: The Invisible
Ink (Device Level): Before the message even leaves your phone, it is scrambled so that only the intended recipient can read it.
Layer 2: The Inner Safe (NaCl Box)
The message is placed inside a digital "safe" that requires a unique key pair to open.
Layer 3: The Outer Vault (AES-GCM)
That safe is then placed inside a second, military-grade vault for extra protection during transit.
Layer 4: The Sealed Truck (Tunneling)
The vault is transported through a private, sealed tunnel that prevents anyone on the outside from even seeing that a vault is being moved.
Layer 5: Identity Shielding
We strip away any identifying markers from the outside of the package so a "snooper" wouldn't know who sent it or who is receiving it.
Layer 6: The Deadbolt (Authentication)
Upon arrival, the recipient must prove their identity using a specific digital "handshake" before the first safe can even be touched.
| Layer Component | Primitive/Standard | Purpose |
|---|---|---|
| Symmetric Encryption | AES-256-GCM | Provides high-speed, hardware-accelerated authenticated encryption to ensure data confidentiality and integrity. |
| Asymmetric Encryption | NaCl (Networking and Cryptography library) | Utilizes Curve25519, Salsa20, and Poly1305 high-security key exchange and authenticated encryption. |
| Key Derivation | Argon2 / PBKDF2 | Ensures that keys derived from user passwords or internal seeds are resistant to brute-force and GPU-based attacks. |
| Transport Security | Mutual TLS (mTLS) / Custom Tunneling | Secures the communication channel itself, preventing Man-in-the-Middle (MITM) attacks. |
| Identity Isolation | N-Account Sandboxing | Ensures that even if one account's local cache is compromised, other accounts on the same device remain isolated. |
| Integrity Verification | HMAC-SHA256 | Provides a cryptographic signature for every packet to verify that the data has not been tampered with during transit. |