Skip to main content


The SDK enables clients to establish secure, unfalsifiable relationships between identities in which only the parties can decrypt messages sent between them.

The protocol design accommodates asynchronous offline communication and secure storage of messages. First, wallets sign and advertise a set of regularly rotated keys that can be used to establish shared secret keys with another wallet. The secret keys are then used to encrypt and authenticate messages between these wallets. Each secret key is used for one message only, so that messages can be decrypted with no additional input but the wallet keys that were used to encrypt it.


We have purposely designed the protocol with the ability to replace algorithms or expand the set of supported algorithms in a backward-compatible manner.

Our initial choice of algorithms was driven by fairly pragmatic criteria. The algorithms we chose:

  • are tried and true and in widespread use
  • are well-supported in client languages, e.g. JavaScript
  • are available in standard browser APIs, rather than third-party dependencies
  • were reused to minimize the number of algorithms and dependencies

As such, the cryptographic primitives were built around the standard Web Crypto API and the @noble libraries, using components of Signal's X3DH protocol for secure offline communication. The algorithm choices include:

  • EC Public/Private Keys (secp256k1)
  • ECDSA signatures and signing of public keys (ECDSA & EIP-191)
  • shared secret derivation (ECDH/X3DH)
  • authenticated symmetric encryption (AEAD: AES-256-GCM)
  • symmetric key derivation (HKDF-SHA-256)
  • X3DH-style key bundles (