Disk Encryption: XTS-AES256
Secure text and messaging exchange and encryption: We use the Double Ratchet protocol to exchange encrypted messages. X3DH is used for key agreements between parties.
Under the hood, the algorithms used by these protocols are:
EdDSA with Curve225519 (Ed25519)
ECHD with Curve 25519 (X25519)
AEAD encryption scheme using HKDF with AES256-CBC / HMAC-SHA256
Voice Exchange and Encryption: Shared secrets exchanged through the secure messaging channel between devices:
Voice encrypted using AEAD AES256-GCM after deriving using HKDF an AES256-CM_PRF from a shared secret.
Additionally, for network traffic, we layer on TLS 1.3 using ED25519/X25519 and mutual authentication.
XEdDSA and VXEdDSA: Used to create and verify EdDSA-compatible signatures using public key and private key formats initially defined for the X25519 and elliptic curve Diffie-Hellman functions. It also uses 'VXEdDSA,' WHICH EXTENDS XEdDSA to make it a verifiable random function, or VRF.
X3DH: 'Extended Triple Diffie-Hellman' is a key agreement protocol. X3DH establishes a shared secret key between two parties who mutually authenticate each other based on public keys. X3DH provides forward secrecy and cryptographic deniability.
Double Ratchet: The Double Ratchet algorithm, which is used by two parties to exchange encrypted messages based on a shared secret key. The parties derive new keys for every Double Ratchet message so that earlier keys cannot be calculated from later ones. The parties also send Diffie-Hellman public values attached to their message. The result of Diffie-Hellman calculations is mixed into the derived key so that later keys cannot be calculated from earlier ones. These properties give some protection to earlier or later encrypted messages in case of a compromise of a party’s keys.
Sesame: The Sesame algorithm is for managing message encryption sessions in an asynchronous and multi-device setting.