Project 11 — In Development
Sovereign Signal
A peer-to-peer encrypted messaging platform built on Signal-grade cryptography. Messages are encrypted on the sender's device and can only be decrypted by the intended recipient. The server functions as a pure relay with zero ability to read message content.
E2E Encrypted Zero-Knowledge Server Passwordless Auth
X3DH
Key Exchange
DR
Ratchet
0
Passwords
P2P
Architecture
Sovereign Signal
Encrypted
S
Sarah K.
Sounds good
🔒 Verified
J
James R.
Let me check
🔒 Verified
M
Mia T.
On my way
🔒 Verified
Sarah K.
Ratchet key #47
Hey, did you review the proposal?
🔒 2:14 PM
Yes, looks solid. Sending my notes now.
2:15 PM 🔒
Perfect. Let's connect at 4.
🔒 2:16 PM
Sounds good.
2:16 PM 🔒
Architecture
🔐
X3DH Key Agreement
Extended Triple Diffie-Hellman establishes a shared secret between two parties without the server ever seeing the keys. One-time prekeys ensure each conversation starts fresh even if a device is compromised later.
🔄
Double Ratchet
Every message uses a new encryption key derived from the previous one. Forward secrecy means past messages stay safe even if current keys are compromised. Break-in recovery means future messages are safe even after a breach.
👁
Zero-Knowledge Server
The relay server stores only opaque encrypted blobs. It routes packets, stores nothing readable, and has no access to message content, sender identity, or recipient identity. No metadata collection.
X3DH + Double Ratchet Protocol Flow
Alice
Generates IK, SPK, OPK
Publish prekeys
Relay Server
Stores public keys only
Fetch Alice’s prekeys
Bob
Computes shared secret
Encrypted initial message
Alice
Derives same secret → DR
Authentication
🖺
WebAuthn / Passkeys
No passwords. Authentication uses biometrics or hardware security keys via the WebAuthn standard. Credentials never leave the device. Phishing-resistant by design.
🔑
Client-Side Key Vault
Private keys are stored locally, encrypted at rest using keys derived from the passkey credential. The server never receives, stores, or touches private key material.
Comprehensive Test Suite
Cryptographic primitives, key derivation functions, ratchet state machines, and protocol flows all covered. Security properties verified independently from application logic.
Stack
TypeScript Next.js libsodium WebAuthn X3DH Protocol Double Ratchet Vitest Node.js Relay
Built on the conviction that private communication is a right, not a feature. — Lance W. Fisher