Deep-dive into our post-quantum, zero-knowledge security protocols.
KyberChat is built to survive the transition into the quantum computing era. Traditional encryption standards (like RSA, ECC, and ECDH) rely on mathematical complexities that could be cracked in seconds by a sufficiently powerful quantum computer. KyberChat implements a zero-knowledge relay model, ensuring that the server never holds, reads, or exposes your messages, contacts, or encryption keys.
Our core cryptographic shield implements ML-KEM-768 (FIPS 203), a lattice-based post-quantum key agreement algorithm. By layering ML-KEM on top of existing ECDH protocols, we prevent "Harvest Now, Decrypt Later" threats—where state-sponsored entities collect encrypted internet traffic today to decrypt it once quantum hardware matures.
Your identity is not linked to sensitive personal info like phone numbers or emails. Instead, it is a 24-word seed phrase. This master entropy source is generated locally on your device and enables complete account recovery without central databases.
CSPRNG (256 bits) -> BIP39 Mnemonic (24 words)
Seed = PBKDF2-HMAC-SHA512(Mnemonic, salt="mnemonic", 2048 iters)
Every key used in our chat protocol is deterministically derived from your master seed using HKDF-SHA256, separating security domains clearly:
kyberchat-uuid: Generates your persistent User UUID.kyberchat-identity-key: Derives your X25519 Identity Keypair.kyberchat-signing-key: Derives your Ed25519 Signing Keypair.kyberchat-kem-seed: Derives the 64-byte private seed for ML-KEM-768.To establish secure sessions without an online third party, KyberChat executes a customized Extended Triple Diffie-Hellman (X3DH) handshake, hybridized with post-quantum key encapsulation:
Where:
Once the initial session key (SK) is established, the Double Ratchet protocol rotates keys for every message, ensuring perfect forward secrecy and cryptographic self-healing:
Every response triggers an ECDH exchange, constantly introducing new, un-predictable entropy to heal the connection if any previous keys were compromised.
Separate message keys are derived for sending and receiving using HMAC-SHA256, and are immediately deleted from device memory once a message is processed:
MessageKey = HMAC-SHA256(ChainKey, 0x01)
NextChainKey = HMAC-SHA256(ChainKey, 0x02)
Authenticated GCM Encryption: Plaintexts are encrypted using AES-256-GCM, providing tamper-resistant, authenticated confidentiality.
Traffic Analysis Defense: To defeat network-level pattern and length matching, every encrypted frame is padded to exactly 1024 Bytes before transmitting. An eavesdropper watching the network sees only a uniform stream of identical packets—protecting your communication profile from traffic metadata analyses.