Fisher Sovereign Systems ← Portfolio
Interactive Preview · Local browser simulation · No real relay server · Cryptography is demonstrated, not executed
Project 11 · In Development
Interactive Preview
Sovereign Signal
Messages nobody else can read. Not the app, not the relay, not the ISP, not the government, not tomorrow. Signal-grade cryptography (X3DH + Double Ratchet) with libsodium, passkey-locked local vault, and a pure relay server that stores only opaque encrypted blobs.
E2E Encrypted Zero-Knowledge Relay Passwordless Auth
X3DH
Key Exchange
DR
Ratchet
0
Passwords
P2P
Architecture
Signal · Preview
Encrypted
What you'll try below
  1. Click between six conversations in the thread list.
  2. Type a message and press Return. The thread updates instantly.
  3. Watch the deterministic canned response come back for verified threads.
  4. Notice the unverified thread (Jamie Reeves) flags an amber banner.
  5. Open the Vault & Keys button to see safety numbers, device list, and ratchet state.
Your words leave your device encrypted. Nobody between here and the other end can read them. Not the app, not the relay, not the ISP, not the government, not tomorrow.
Signal · Desktop
Session active
 
 
🔒 Ratchet key advances on each send · Forward secrecy preserved
Vault & Keys
local simulation · no real keys displayed
Local Vault
Vault status
🔓 Unlocked · 14m ago
Last authenticated
Touch ID · MacBook Pro
Recovery code
••••-••••-••••-•••• (click to show)
Identity
PGP fingerprint
7F3A 9B2E C4D5 1F8A …
Device name
Lance's MacBook Pro
Device ID
d:mac:7b1f…a93e
Devices
💻
Lance's MacBook Pro
Registered 2 months ago · this device
Active
📱
Lance's iPhone
Registered 6 weeks ago · last seen 2m ago
Active
🖥
Workstation
Registered 3 weeks ago · last seen 14m ago
Active
Session
Ratchet key
#42
DH rotation
47 since start
Pre-key bundle
89 remaining
Session started
2h 14m ago
Safety number (current thread)
Verify this 60-digit number out-of-band (in person or over a trusted channel) before trusting the conversation. Match = both sides share the same root key.
Architecture
🔐
X3DH Key Agreement
Extended Triple Diffie-Hellman establishes a shared secret between two parties without the server ever seeing the keys. One-time prekeys ensure each conversation starts fresh even if a device is compromised later.
🔄
Double Ratchet
Every message uses a new encryption key derived from the previous one. Forward secrecy means past messages stay safe even if current keys are compromised. Break-in recovery means future messages are safe even after a breach.
👁
Zero-Knowledge Server
The relay server stores only opaque encrypted blobs. It routes packets, stores nothing readable, and has no access to message content, sender identity, or recipient identity. No metadata collection.
X3DH + Double Ratchet Protocol Flow
Alice
Generates IK, SPK, OPK
Publish prekeys
Relay Server
Stores public keys only
Fetch Alice’s prekeys
Bob
Computes shared secret
Encrypted initial message
Alice
Derives same secret → DR
Authentication
🖺
WebAuthn / Passkeys
No passwords. Authentication uses biometrics or hardware security keys via the WebAuthn standard. Credentials never leave the device. Phishing-resistant by design.
🔑
Client-Side Key Vault
Private keys are stored locally, encrypted at rest using keys derived from the passkey credential. The server never receives, stores, or touches private key material.
Comprehensive Test Suite
Cryptographic primitives, key derivation functions, ratchet state machines, and protocol flows all covered. Security properties verified independently from application logic.
Stack
TypeScript Next.js libsodium WebAuthn X3DH Protocol Double Ratchet Vitest Node.js Relay
Built on the conviction that private communication is a right, not a feature. Lance W. Fisher