Frequently AskedQuestions

Cipher Messaging is designed to provide unparalleled privacy and security. Unlike traditional messaging apps, Cipher Messaging ensures zero metadata exposure, meaning no one knows who you are talking to, when, or where you are. It operates in a serverless manner, meaning no central servers store your messages, and all communication is encrypted end-to-end. The app uses the Ping-Pong Wake Protocol to ensure messages are only delivered when both parties are authenticated and ready.

The Ping-Pong Wake Protocol ensures that your messages are only delivered when both the sender and the recipient are authenticated and online. When you send a message, the recipient must first authenticate (via PIN or biometric), and only then will the message be delivered securely. This ensures there are no failed deliveries and prevents messages from being sent if the recipient's device is compromised or offline.

To create an account, download the app from the App Store or Google Play. Upon opening the app, you will be prompted to create a self-sovereign identity using your cryptographic key pair. This process is anonymous, and no personal information is required. You will also set up authentication options such as a PIN or biometric data to secure your device.

Zero metadata means that Cipher Messaging does not store any data about your communication beyond the message itself. Traditional messaging apps log information like who you message, when you message them, and your IP address. With Cipher Messaging, none of this data is stored—we don't even know who you are talking to or when you are messaging. This ensures your social graph, communication patterns, and location are never exposed.

Your messages are encrypted using XChaCha20-Poly1305, a military-grade encryption algorithm that ensures no one can read your messages except the intended recipient. Additionally, your identity is tied to a blockchain-based key pair, and all communication is routed through Tor for anonymity. Your data is also protected by hardware security modules (e.g., StrongBox or Secure Enclave) on your device, ensuring that your private keys are never exposed.

No, your messages are encrypted end-to-end, meaning that even if someone intercepts the communication between your device and the recipient's device, they will not be able to read the message. The use of Tor ensures that no one can trace your location or IP address. Only the intended recipient, who possesses the necessary decryption key, can access the message.

We use a combination of modern and highly secure cryptographic algorithms to ensure your privacy: • XChaCha20-Poly1305: For authenticated encryption of messages. • Ed25519: For identity signing and message authentication. • X25519: For secure key exchange between sender and recipient. • Argon2id: For securely hashing user contact data.

Forward secrecy ensures that even if someone manages to compromise your private keys in the future, they cannot decrypt any past communications. This is achieved by using ephemeral keys for each session, meaning that a unique key is used for each communication. Once the session ends, the key is discarded, and it cannot be used to decrypt messages sent in the past.

When you send a message to someone who is offline, the message is encrypted and securely stored on the sender's device. It will only be sent when the recipient's device is online and ready to authenticate. This ensures that your messages are only delivered when the recipient is available and authenticated, ensuring both security and privacy.

Account recovery in Cipher Messaging is based on your cryptographic recovery phrase. If you forget your PIN or lose access to your device, you can use your recovery phrase to restore your identity and settings. Simply follow the prompts in the app to enter your recovery phrase and regain access.

If you forget your duress PIN, you can reset it via the app settings using your recovery phrase. The duress PIN is a security feature designed to wipe your private data in case you are coerced. If you're unable to recover it, you may need to set up a new PIN and recovery phrase.