Skip to content

Cylrx/Veracity

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

152 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Veracity

MIT License  Python 3.11+  ~20k LOC

Read Full Technical Report (PDF)

Veracity is a desktop end-to-end encrypted messenger with forward secrecy and post-compromise security. X3DH handles asynchronous key agreement; Double Ratchet provides forward secrecy and post-compromise security. Client-side secrets are encrypted at rest via AES-256-GCM-SIV with OS-keyring-backed HKDF key derivation. Authentication pairs Argon2id password hashing with TOTP two-factor.

The interface is styled after the classic Mac OS X Aqua era (Mountain Lion / Mavericks): Lucida Grande typography, gradient buttons with highlight and shadow, source list sidebars, and the brushed-aluminum palette of pre-Yosemite desktop applications.


Security Properties

Property Guarantee
Forward Secrecy Past messages remain safe even if long-term keys are later compromised
Post-Compromise Security Future messages recover within one conversation turn after key compromise
Replay Resistance Structurally rejected by Double Ratchet's one-time key consumption
Length Confidentiality ISO 7816-4 padding to 80-byte blocks prevents exact length inference
Nonce-Misuse Resistance AES-256-GCM-SIV degrades gracefully on accidental nonce reuse
Encryption at Rest Local secrets sealed behind OS keyring with per-purpose HKDF derivation

Cryptographic Primitives

Primitive Role
X25519 Diffie-Hellman key agreement (X3DH + DH Ratchet)
Ed25519 Identity key signatures and signed prekey authentication
HKDF-SHA256 Key derivation for X3DH, ratchet chains, and at-rest sealing
AES-256-GCM-SIV Message encryption and local secret encryption
HMAC-SHA256 Symmetric-key ratchet chain advancement
Argon2id Server-side password hashing (OWASP parameters)
TOTP Time-based one-time password for two-factor authentication

Architecture

client/              PySide6 desktop app — GUI → Controller → Service
  crypto/            X3DH, Double Ratchet, AES-256-GCM-SIV, fingerprinting
  storage/           SQLite with OS Keyring–backed encrypted local state
  protocol/          Envelope framing, ratchet headers, packet encoding
  gui/               Aqua-styled Qt widgets

server/              FastAPI relay — zero knowledge of message plaintext
  services/auth/     Argon2id + TOTP, session management, rate limiting
  services/          Device registry, prekey distribution, packet queue
  routes/            REST API + WebSocket packet stream

Evaluation

Formal verification — 11 security invariants across auth, session, and device-key lifecycles model-checked with TLA+ and Alloy.

Ciphertext analysis — MITM-intercepted traffic analyzed with the NIST SP 800-22 statistical test suite. 104 sequences of 10⁶ bits each, all 15 test suites passed at α = 0.01. No plaintext or statistical fingerprint observed in any relayed payload.


Quick Start

Requires uv and Python 3.11+.

# Terminal 1 — server
cd server
uv sync
uv run python main.py
# Terminal 2 — client
cd client
uv sync
uv run python main.py

License

MIT

About

End-to-end encrypted desktop messenger with forward secrecy and post-compromise security via X3DH and Double Ratchet

Topics

Resources

License

Stars

3 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors