End-to-End Encryption

Whisper’s architecture is fundamentally built around end-to-end encryption (E2EE), establishing a default security framework that guarantees exclusive access to message content for the intended sender and recipient only. No intermediary, such as Whisper nodes, infrastructure providers, or third-party services, possesses the capability to decrypt or access message data at any point in its lifecycle.

Default Implementation of Cryptographic Security

• Mandatory Encryption - All communication on Whisper is secured through default encryption protocols. The option to disable encryption or revert to insecure modes is not available. This mitigates the potential for unintentional exposure or misconfiguration by users or developers.

• Asymmetric Key Infrastructure - Whisper utilizes the XMTP protocol, employing asymmetric cryptography grounded in elliptic curve cryptography standards such as secp256k1 for secure key exchange. Every user has a distinct keypair, where private keys are securely stored within their wallet and public keys are disseminated through XMTP’s decentralized identity framework.

Secure Key Exchange

• Off-Chain Key Distribution - Keys are exchanged through a decentralized identity registry within XMTP, which facilitates message encryption while maintaining the confidentiality of private keys and eliminating the need for centralized key management services. The message payloads are encrypted with the recipient's public key, rendering them inaccessible to unauthorized parties, even in the event of interception.

• Forward Secrecy - Whisper sessions are structured to facilitate ephemeral key exchange, ensuring that even if a private key is compromised at a later date, messages sent prior to the compromise maintain their security. This is essential for ensuring long-term message confidentiality and providing resistance to retrospective decryption.

Elimination of Intermediaries

• Node-Level Zero Knowledge - Whisper nodes responsible for message transport do not have access to the plaintext content. All messages undergo client-side encryption and maintain their encrypted status during transit and while at rest. Nodes operate exclusively as relays for sealed payloads, in accordance with the Zero Trust model that underpins Whisper.

• Absence of Server-Side Processing - No server-side message handling, inspection, or storage of decrypted data is implemented. This removes prevalent pathways for surveillance, data leaks, and centralized vulnerabilities that affect traditional messaging systems.

Privacy Preservation During Storage and Transmission

• Encrypted Storage Messages - that are stored locally, such as in a decentralized application (dApp), browser extension, or mobile application, utilize end-to-end encryption for enhanced security. Future iterations of Whisper will incorporate decentralized storage solutions such as IPFS or Arweave, ensuring that encryption is preserved and access to messages is limited exclusively to the parties involved.

• Tamper Resistance - Every message contains cryptographic signatures that confirm the integrity and authorship of the content. Any tampering or alteration that occurs during transmission results in the message being rendered invalid and unreadable to the recipient.

Designed for Durability and Mobility

• Private Forever Upon encryption and transmission, the security of a message is assured throughout its entire lifecycle. Regardless of whether the data is awaiting delivery, retained by the user, or stored in a decentralized manner, the encryption guarantees that no unauthorized entity can decrypt its contents at any point in time, either now or in the future.

• Cross-Device and dApp Compatibility Encryption is linked to the wallet key, enabling users to securely access their private messages from any Whisper-compatible application, browser, or device, without the need for re-authentication using traditional credentials.