System Architecture

Classification: Technical · Last updated: April 2026

SecureChat uses a 3-layer architecture that separates identity, transport, and cryptography into independent, replaceable components. No single layer has access to all information.

SecureChat — Full Architecture ═══════════════════════════════════════════════════════ LAYER 1 — IDENTITY (Kaspa BlockDAG) ─────────────────────────────────── KaspaIdentityManager ├── Public key anchored once on-chain (Kaspa tx) ├── ContactDiscovery by Kaspa address ├── KeyBundle signed with Ed25519 (in Keystore) └── No message content ever touches the chain NodeIncentives ├── Relay operators earn KAS micropayments ├── Community-operated, permissionless └── Anyone can run a relay node LAYER 2 — TRANSPORT (Ephemeral Relay Nodes) ──────────────────────────────────────────── SMP-style Message Queues ├── Unidirectional queues (sender cannot see recipient ID) ├── Unique queue ID per connection pair ├── Messages deleted immediately after delivery └── Server never sees plaintext — only encrypted blobs Onion Routing (2-hop) ├── Sender IP hidden from recipient's relay ├── Recipient IP hidden from sender's relay └── No single relay knows both parties LAYER 3 — CRYPTO (Device-side only) ──────────────────────────────────── ChameleonCrypto (lazysodium) ├── XChaCha20-Poly1305 — symmetric encryption ├── X25519 ECDH — key exchange (ephemeral per-session) ├── Double Ratchet — forward secrecy ├── Ed25519 — identity signing └── Argon2id — password key derivation Android Keystore ├── StrongBox (Titan M) — preferred ├── TEE — fallback └── Private keys NEVER leave the chip ═══════════════════════════════════════════════════════ StealthX Platform Integration SecureCall ← shared XChaCha20 + X25519 stack Chameleon ← overlay encryption for SecureChat messages IFR Token ← unified lifetime access, same contract

Layer 1 — Kaspa Identity

Identity Layer

Why Kaspa?

Traditional messengers use phone numbers or email as identity — both require a central authority. Kaspa's BlockDAG allows anchoring a public key once as a transaction, creating a decentralized, server-free identity that you own permanently.

10 blocks per second — fast enough for identity operations
PoW security — same model as Bitcoin, no stake requirements
Minimal fees — identity anchor costs fractions of a cent
No smart contracts needed — simple UTXO transactions suffice
Community run — no single company controls the network

Layer 2 — Transport

Transport Layer

Ephemeral Relay Nodes

Inspired by SimpleX's SMP protocol. Message queues are unidirectional — the relay knows a queue exists but not who is communicating. Messages are deleted immediately after delivery. Relay operators are incentivized with KAS micropayments.

No user accounts on relay — only anonymous queue IDs
Separate queue IDs for each contact pair
2-hop onion routing hides both parties' IPs
Anyone can run a relay — permissionless network
Minimal server storage — messages gone after delivery

Layer 3 — Device Crypto

Crypto Layer

All crypto happens on your device

The relay never sees plaintext. The Kaspa chain never sees message content. All cryptographic operations use lazysodium (libsodium wrapper), the same library used by SecureCall and Chameleon — one audited stack across the entire StealthX platform.

XChaCha20-Poly1305: 192-bit nonce eliminates IV reuse risk
Double Ratchet: break-in recovery + forward secrecy
Message padding to 256-byte blocks — prevents size analysis
Keys generated on-device, stored in Android Keystore hardware
STEALTH-DELETE wipes all keys and messages in under 1 second