π Security Deep Dive: Signal Protocol
Military-grade encryption and Zero-Knowledge privacy within the Evegram ecosystem.
At Evegram Inc., we consider privacy a fundamental human right. The security architecture of Evegram Messenger is built upon the Signal Protocol, the "gold standard" of end-to-end encryption, ensuring that no one β not even Evegram β can access your messages.
ποΈ Cryptographic Foundationsβ
The Signal Protocol protects the integrity of your conversations through three primary technological pillars:
1. X3DH (Extended Triple Diffie-Hellman)β
This establishes a shared secret key between two users, even if one of them is offline.
- Identity Key: Every account generates a long-term key tied to their identity.
- Pre-loading: The client generates sets of ephemeral keys (One-Time Prekeys) deposited on the server.
- Handshake: When Alice writes to Bob, she fetches Bob's keys from the server and establishes an instantaneous shared secret.
2. Double Ratchet Algorithmβ
It manages the continuous renewal of encryption keys for every single message.
- KDF Ratchet (Symmetric): With every message sent or received, the encryption key is "rotated." A key used for Message A can never decrypt Message B.
- DH Ratchet (Asymmetric): Periodically, clients exchange new Diffie-Hellman parameters to reset the "Root Key," constantly regenerating security.
3. Guaranteed Security Propertiesβ
| Property | Technical Description |
|---|---|
| Forward Secrecy | If an attacker compromises the device today, they can never decrypt messages sent in the past. |
| Post-Compromise Security | If a key is compromised, the attacker loses access to future messages as soon as the first Ratchet exchange occurs. |
| Message Repudiation | Signatures guarantee authenticity between parties but do not constitute legal proof of authorship toward third parties. |
π Session Logic Flow (UML)β
The following diagram illustrates how Evegram handles session configuration and secure message exchange.
π οΈ Specific Implementation in Evegramβ
Evegram Inc. has evolved the standard implementation to adapt it to the Web3 and Multichain world:
Wallet-Centric Identityβ
Evegram decouples security from phone numbers:
Key ID: The cryptographic identity is derived deterministically from your wallet (SON, LUNC, SOL, or TON).
Sovereign Identity: You own the keys. Recovery occurs via Seed Phrase, ensuring that your identity is never held by a central server.
Sealed Sender (Metadata Privacy)β
We drastically reduce the metadata visible to our servers:
The Evegram server knows where to deliver a packet but does not need to know who the sender is to perform the delivery.
This prevents the creation of social graphs or communication pattern analysis.
Integrated Wallet Securityβ
Financial transactions are signed locally within the device's Secure Enclave.
The wallet's private key is never transmitted to the server, nor shared with the messaging module in plain text.
π‘οΈ User Best Practicesβ
Verify Safety Numbers: Compare the security QR code with your interlocutor to rule out "Man-in-the-Middle" attacks.
App Lock: Enable biometric locking (FaceID/TouchID) to prevent unauthorized physical access to your messages.
Disappearing Messages: Use the self-destruct timer for sensitive data, ensuring no physical traces remain on the devices.
:::info Technical Note Evegram Inc. utilizes verified open-source libraries for the implementation of the Signal Protocol (libsignal). This guarantees the absence of backdoors and compliance with the most rigorous international mathematical standards. :::