Crypto Protocol Specification
SecureChat's entire cryptographic stack runs on a single library: lazysodium-android (libsodium wrapper for Android). No AES-GCM. No BouncyCastle. No custom crypto. One audited library for all operations across the StealthX platform.
XChaCha20-Poly1305 — Symmetric Encryption
Algorithm
XChaCha20-Poly1305 AEAD (Authenticated Encryption with Associated Data). All message content, attachments, and metadata are encrypted with this cipher before leaving the device.
- Key size: 256-bit
- Nonce size: 192-bit (extended nonce eliminates IV reuse risk)
- Auth tag: 128-bit Poly1305 MAC
- Library: lazysodium-android (crypto_aead_xchacha20poly1305_ietf)
- Purpose: Encrypt all message payloads, file attachments, and local database
X25519 ECDH — Key Exchange
Algorithm
X25519 Elliptic-Curve Diffie-Hellman for ephemeral key agreement. Each session generates fresh key pairs so that compromise of one session does not affect others.
- Curve: Curve25519
- Key size: 256-bit (32 bytes)
- Shared secret: 256-bit, fed into HKDF for session keys
- Library: lazysodium-android (crypto_kx / crypto_scalarmult)
- Purpose: Derive shared secrets for symmetric encryption without transmitting keys
Double Ratchet — Forward Secrecy
Algorithm
Double Ratchet protocol combining a Diffie-Hellman ratchet with a symmetric-key ratchet. Every message uses a unique key. Compromise of a single message key cannot decrypt past or future messages.
- DH ratchet: X25519 key pair rotated on each reply
- Symmetric ratchet: HMAC-based key derivation chain
- Message keys: Unique per message, deleted after decryption
- Library: lazysodium-android (crypto_kx + crypto_auth)
- Purpose: Forward secrecy and break-in recovery — past messages stay safe even if current keys leak
Argon2id — Key Derivation
Algorithm
Argon2id password-based key derivation function. Used to derive encryption keys from user passwords for local database encryption and backup protection.
- Variant: Argon2id (hybrid: side-channel resistant + GPU resistant)
- Memory: 256 MB
- Iterations: 3
- Parallelism: 4
- Output: 256-bit key
- Library: lazysodium-android (crypto_pwhash)
- Purpose: Derive encryption keys from user passwords for local storage and backup encryption
Ed25519 — Digital Signatures
Algorithm
Ed25519 for identity signing. Each device generates an Ed25519 key pair that signs key bundles, identity proofs, and Kaspa-anchored public keys.
- Curve: Edwards25519
- Key size: 256-bit (32-byte seed, 64-byte signature)
- Deterministic: Same message + key always produces the same signature
- Library: lazysodium-android (crypto_sign_ed25519)
- Purpose: Sign identity key bundles, verify contact authenticity, sign Kaspa identity anchors
Android Keystore — Hardware Key Storage
Platform
Long-term private keys are stored in Android Keystore hardware. Keys are generated inside the secure element and never leave the chip — not even the OS can extract them.
- Preferred: StrongBox (Titan M / SE) — dedicated tamper-resistant hardware
- Fallback: TEE (Trusted Execution Environment) — isolated ARM TrustZone
- Key types stored: Ed25519 identity key, X25519 long-term key
- Extraction: Impossible — private keys never leave the hardware
- Library: Android Keystore API + lazysodium-android for operations
- Purpose: Tamper-proof storage of identity and long-term cryptographic keys
Design Principles
Single Library Policy
The entire SecureChat crypto stack uses one library: lazysodium-android. This is the same library used by SecureCall and Chameleon across the StealthX platform. One audited stack means fewer attack surfaces, consistent behavior, and simpler security reviews.
- No AES-GCM — XChaCha20-Poly1305 is safer (192-bit nonce vs 96-bit)
- No BouncyCastle — too large, too many legacy algorithms
- No custom crypto — every primitive comes from libsodium
- Single library: lazysodium-android — one dependency to audit
- Message padding to 256-byte blocks prevents traffic analysis