Encryption model

Letro employs the Signal Protocol to ensure strict End-to-End Encryption (E2EE).

Insights That Drive Secure Communication Forward

Table of content

01
So what is a Zero-knowledge Protocol?

Encryption State

  • In Transit: All data is encrypted using TLS 1.3 (transport layer) AND Signal Protocol (application layer). This means even if the SSL/TLS layer is breached, the data remains unreadable.
  • At Rest (Server): We store nothing but temporary, undecryptable blobs.
  • At Rest (Device): Data on your device is encrypted using AES-256-GCM via SQLCipher, protected by the device’s secure enclave (Keystore/Keychain).

Scope of Encryption

  • Messages & Attachments: Fully E2EE. Only the sender and recipient possess the ephemeral keys to decrypt.
  • Metadata: Sealed Sender technology is used to minimize metadata exposure. The server knows that a message is being sent, but cryptographically hides who is sending it to whom where possible.

Key Management

  • Ownership: You control the keys. Private keys are generated on-device and never leave it.
  • Rotation: We use the Double Ratchet Algorithm.
    • Session Keys: Rotated with every single message. If a key is compromised, it cannot decrypt past messages (Forward Secrecy) or future messages (Post-Compromise Security).
  • Separation of Duties: Letro acts only as a key directory service (publishing Public Keys/Pre-keys). We cannot access Private Keys.

Related

Because Letro is built on a Trustless and Decentralized-first architecture, the concept of "data residency" differs from traditional centralized apps.

Data Residency & Infrastructure

Read More
Letro is built as a Proof-of-Service / Digital Registered Delivery platform.

Security Overview

Read More
Automated anomalies in relay traffic or reports from our Bug Bounty program.

Incident Response Outline

Read More