KyberChat Cryptographic Architecture

A Hybrid Post-Quantum Zero-Knowledge Messaging Protocol

The Mission

KyberChat is built to defend your digital destiny against the forces of eavesdropping and the looming shadow of quantum-capable adversaries! It employs a Zero-Knowledge relay model, ensuring the server never sees your plaintext, your keys, or your contacts.

X25519 AES-256-GCM Double Ratchet ML-KEM-768 (Kyber)

Identity & Key Derivation

BIP39 Identity

Your identity is not a phone number or an email—it is a 24-word seed phrase. This master entropy source allows for complete account recovery without central authorities.

CSPRNG (256 bits) -> BIP39 Mnemonic (24 words)
Seed = PBKDF2-HMAC-SHA512(Mnemonic, salt="mnemonic", 2048 iters)

Deterministic Derivation

All protocol keys are derived from the master seed using HKDF-SHA256 with specific domain separation strings:

  • kyberchat-uuid: Generates the persistent User UUID.
  • kyberchat-identity-key: Derives the X25519 Identity Keypair.
  • kyberchat-signing-key: Derives the Ed25519 Signing Keypair.
  • kyberchat-kem-seed: Derives the 64-byte seed for ML-KEM-768.

The Hybrid Handshake (X3DH)

To establish a secure session, KyberChat uses an Extended Triple Diffie-Hellman (X3DH) exchange, hybridized with Post-Quantum Cryptography (PQC) to prevent "Harvest Now, Decrypt Later" attacks.

SK = HKDF-SHA256(DH1 || DH2 || DH3 || DH4 || KEM_SS)

Where:

  • DH1...DH3: Standard X25519 Diffie-Hellman operations between Identity, Signed Pre-Keys, and Ephemeral Keys.
  • DH4: Optional DH using a One-Time Pre-Key (OTPK) for forward secrecy.
  • KEM_SS: A 32-byte shared secret generated via ML-KEM-768 (Kyber) encapsulation against the recipient's public key.

If either the classical (X25519) or the post-quantum (ML-KEM) layer is compromised, the shared secret remains secure as long as the other layer holds!

The Messaging Layer (Double Ratchet)

Once the SK is established, the Double Ratchet protocol takes over. It provides self-healing properties and perfect forward secrecy by rotating keys for every single message.

Diffie-Hellman Ratchet

Every time a reply is sent, a new X25519 exchange occurs, providing "backwards secrecy" (healing from a compromised state).

Symmetric Ratchet

Two chains of keys (Send and Receive) are derived using HMAC-SHA256. Each message uses a unique key that is deleted immediately after use.

MessageKey = HMAC-SHA256(ChainKey, 0x01)
NextChainKey = HMAC-SHA256(ChainKey, 0x02)

Payload & Traffic Defense

Encryption

Messages are encrypted using AES-256-GCM, providing both confidentiality and integrity with an authenticated tag.

Traffic Analysis Defense

To defeat metadata analysis and traffic pattern recognition, every message is padded to a fixed size before it leaves your device.

Fixed Padded Size: 1024 Bytes

An observer watching the network sees a stream of identical 1024-byte packets. They cannot tell if you are sending "Hi" or a 900-character technical manifesto!