Security Design
SecureChat's security is built on one principle: we cannot read your messages, even if compelled by a court order. The architecture makes this technically impossible, not just a policy promise.
Three Rules — Never Broken
🔒 No internet permission by default. SecureChat never makes network calls without explicit user action. Kaspa identity anchoring requires one-time opt-in.
🔒 Private keys never leave hardware. All key generation and crypto operations happen inside Android Keystore (StrongBox or TEE). Keys are not exportable.
🔒 Fail Secure. On any error, the app encrypts — never decrypts. No plaintext fallback. No silent degradation.
Cryptographic Algorithms
| Algorithm | Use Case | Parameters | Library |
|---|---|---|---|
| XChaCha20-Poly1305 | Message encryption | 256-bit key, 192-bit nonce, AEAD | lazysodium-android |
| X25519 ECDH | Key exchange | Curve25519, ephemeral per-session | lazysodium-android |
| Double Ratchet | Forward secrecy | HKDF-SHA256, RFC 5869 | lazysodium-android |
| Ed25519 | Identity signing | 64-byte signatures | lazysodium-android |
| Argon2id | Key derivation | 64MB memory, 3 iterations, 4 threads | lazysodium-android |
| Android Keystore | Key storage | StrongBox/TEE, per-use auth | Android API 26+ |
| HMAC-SHA256 | IFR cache integrity | 256-bit key from Keystore | Android Keystore |
Threat Model
Protected against: Network eavesdropping, relay server compromise, metadata analysis (with message padding), key theft (hardware-backed), screenshot/recording (FLAG_SECURE).
Out of scope (by design): Compromised OS (rooted device with malware), physical observation side-channels, attacker who already has the key, Kaspa chain-level metadata (who communicates with whom — only content is protected).
External audit: Trail of Bits recommended before public release. Audit report will be published publicly.