Read Full Technical Report (PDF)
Veracity is a desktop end-to-end encrypted messenger with forward secrecy and post-compromise security. X3DH handles asynchronous key agreement; Double Ratchet provides forward secrecy and post-compromise security. Client-side secrets are encrypted at rest via AES-256-GCM-SIV with OS-keyring-backed HKDF key derivation. Authentication pairs Argon2id password hashing with TOTP two-factor.
The interface is styled after the classic Mac OS X Aqua era (Mountain Lion / Mavericks): Lucida Grande typography, gradient buttons with highlight and shadow, source list sidebars, and the brushed-aluminum palette of pre-Yosemite desktop applications.
| Property | Guarantee |
|---|---|
| Forward Secrecy | Past messages remain safe even if long-term keys are later compromised |
| Post-Compromise Security | Future messages recover within one conversation turn after key compromise |
| Replay Resistance | Structurally rejected by Double Ratchet's one-time key consumption |
| Length Confidentiality | ISO 7816-4 padding to 80-byte blocks prevents exact length inference |
| Nonce-Misuse Resistance | AES-256-GCM-SIV degrades gracefully on accidental nonce reuse |
| Encryption at Rest | Local secrets sealed behind OS keyring with per-purpose HKDF derivation |
| Primitive | Role |
|---|---|
| X25519 | Diffie-Hellman key agreement (X3DH + DH Ratchet) |
| Ed25519 | Identity key signatures and signed prekey authentication |
| HKDF-SHA256 | Key derivation for X3DH, ratchet chains, and at-rest sealing |
| AES-256-GCM-SIV | Message encryption and local secret encryption |
| HMAC-SHA256 | Symmetric-key ratchet chain advancement |
| Argon2id | Server-side password hashing (OWASP parameters) |
| TOTP | Time-based one-time password for two-factor authentication |
client/ PySide6 desktop app — GUI → Controller → Service
crypto/ X3DH, Double Ratchet, AES-256-GCM-SIV, fingerprinting
storage/ SQLite with OS Keyring–backed encrypted local state
protocol/ Envelope framing, ratchet headers, packet encoding
gui/ Aqua-styled Qt widgets
server/ FastAPI relay — zero knowledge of message plaintext
services/auth/ Argon2id + TOTP, session management, rate limiting
services/ Device registry, prekey distribution, packet queue
routes/ REST API + WebSocket packet stream
Formal verification — 11 security invariants across auth, session, and device-key lifecycles model-checked with TLA+ and Alloy.
Ciphertext analysis — MITM-intercepted traffic analyzed with the NIST SP 800-22 statistical test suite. 104 sequences of 10⁶ bits each, all 15 test suites passed at α = 0.01. No plaintext or statistical fingerprint observed in any relayed payload.
Requires uv and Python 3.11+.
# Terminal 1 — server
cd server
uv sync
uv run python main.py# Terminal 2 — client
cd client
uv sync
uv run python main.py