Security
Cryptography you can
verify.
Veils uses a layered cryptographic architecture designed to protect your messages against both current and future threats. Every protocol choice is deliberate, every algorithm is battle-tested or NIST-standardized.
Architecture Overview
How your messages are protected at every stage.
Your Device
Keys generated and stored locally. Messages encrypted before leaving. SQLCipher-encrypted database.
Blind Relay Server
Forwards encrypted blobs it cannot decrypt. No message content, no sender identity, no metadata.
Recipient Device
Decrypts with locally-held keys. Verifies sender identity. Message never exists in plaintext outside devices.
Protocol Deep Dive
Each layer of the encryption stack, explained.
PQXDH Key Exchange
The Post-Quantum Extended Diffie-Hellman protocol combines classical X25519 elliptic curve key exchange with ML-KEM-768 (Kyber) post-quantum key encapsulation. This hybrid approach ensures that even if one scheme is broken, the other maintains security. Key agreement produces a shared secret that is computationally infeasible to derive for any adversary — classical or quantum.
Classical
X25519
Post-Quantum
ML-KEM-768
Key Size
256-bit + 768-bit
Security Level
NIST Level 3
Double Ratchet Protocol
After the initial key exchange, every message uses the Double Ratchet protocol to derive unique encryption keys. The symmetric ratchet advances with each message, while the Diffie-Hellman ratchet rotates with each round-trip. This provides forward secrecy (past messages can't be decrypted if keys are compromised) and break-in recovery (future messages become secure again after a compromise).
Symmetric Ratchet
HMAC-SHA256
DH Ratchet
X25519
Forward Secrecy
Per-message
Recovery
Automatic
Hybrid Digital Signatures
Identity verification uses a hybrid signature scheme combining Ed25519 (classical) with ML-DSA-65 (Dilithium, post-quantum). Both signatures must verify for authentication to succeed. This ensures that device identity and message authenticity remain unforgeable even against quantum adversaries.
Classical
Ed25519
Post-Quantum
ML-DSA-65
Signature Size
64 + 3293 bytes
Verification
Dual-required
Sealed Sender
Standard encrypted messaging protects message content but exposes metadata — who is talking to whom. Veils uses sealed sender envelopes: the sender's identity is encrypted inside the message payload using the Noise Protocol (NK pattern). The server relays messages without knowing the sender, providing true metadata protection.
Protocol
Noise NK
Metadata
Fully encrypted
Server Knowledge
None
Sender Identity
Hidden
BLE Offline Protocol
When internet connectivity is unavailable, Veils can send encrypted messages over Bluetooth Low Energy. The BLE protocol uses the same cryptographic primitives as the online protocol — messages are encrypted with AES-256-GCM using keys derived from the Double Ratchet. Proximity-based key verification adds an additional layer of trust.
Transport
Bluetooth LE
Encryption
AES-256-GCM
Key Derivation
Double Ratchet
Range
~100 meters
Technical Specifications
Complete cryptographic algorithm reference.
| Category | Algorithm | Standard | Strength |
|---|---|---|---|
| Key Exchange | X25519 + ML-KEM-768 | NIST FIPS 203 | Level 3 |
| Signatures | Ed25519 + ML-DSA-65 | NIST FIPS 204 | Level 3 |
| Symmetric Encryption | AES-256-GCM | NIST SP 800-38D | 256-bit |
| Key Derivation | HKDF-SHA256 | RFC 5869 | 256-bit |
| Message Authentication | HMAC-SHA256 | RFC 2104 | 256-bit |
| Ratchet Protocol | Double Ratchet | Signal Protocol | Per-message |
| Metadata Protection | Noise NK | Noise Framework | 256-bit |
| Local Storage | SQLCipher | AES-256-CBC | 256-bit |