Zero-Knowledge Architecture

End-to-end encryption with complete server opacity and client-side cryptography

Zero-Knowledge Principles

🔒 Complete Server Opacity

Taps.IM servers operate with zero knowledge of message content. All cryptographic operations occur client-side, and servers only handle opaque ciphertext bytes. This architecture ensures that even server administrators cannot access message content.

🔐

Client-Side Encryption

All encryption and decryption happens on user devices using NaCl secretbox implementation

🚫

Server Blindness

Servers cannot decrypt, analyze, or index message content under any circumstances

🔑

Key Sovereignty

Encryption keys never leave client devices and are never transmitted to servers

Cryptographic Implementation

Client-Side Encryption

Messages are encrypted on the client using the NaCl (Networking and Cryptography Library) secretbox implementation, providing authenticated encryption with associated data (AEAD).

function encryptMessage(message, groupKey) {
const nonce = nacl.randomBytes(24)
const ciphertext = nacl.secretbox(message, nonce, groupKey)
return { nonce, ciphertext }
}

Encryption Algorithm

  • XSalsa20 stream cipher
  • Poly1305 MAC for authentication
  • 256-bit keys with perfect forward secrecy
  • 192-bit nonces to prevent replay

Security Properties

  • Semantic security against chosen plaintext
  • Authenticity with integrity verification
  • Non-malleability prevents tampering
  • Forward secrecy with key rotation

Server-Side Handling

Servers receive and process encrypted content as opaque byte arrays, never attempting decryption or content analysis.

type EncryptedEvent struct {
EventID string
Sender string
Content []byte
ContentHash string
Signature string
Timestamp time.Time
}

⚠️ Server Limitations

  • Cannot decrypt message content under any circumstances
  • Cannot index messages by content for search functionality
  • Cannot filter content for moderation purposes
  • Cannot analyze messages for spam or abuse detection

Key Management

Group Key Distribution

Group encryption keys are distributed using a secure key exchange protocol between group members, with keys never touching the server infrastructure.

1

Key Generation

Group creator generates a 256-bit symmetric key using cryptographically secure random number generator

2

Secure Distribution

Keys distributed to group members using Elliptic Curve Diffie-Hellman (ECDH) key exchange

3

Key Rotation

Automatic key rotation ensures forward secrecy with new keys generated periodically

4

Key Derivation

Per-message keys derived from group key using HKDF to prevent key reuse

🔑 Key Properties

  • 256-bit AES keys for maximum security
  • Ephemeral keys with automatic rotation
  • Perfect forward secrecy implementation
  • Post-quantum resistance planning

🔐 Security Guarantees

  • No key escrow - keys never stored centrally
  • Client-only access to decryption keys
  • Automatic expiration of old keys
  • Secure deletion of rotated keys

Threat Model & Protections

Adversary Scenarios

The zero-knowledge architecture protects against various threat scenarios, including compromised servers, nation-state surveillance, and insider threats.

🚨 Compromised Server

Attack Vector

Attacker gains full administrative access to Taps.IM servers, including database and memory access.

Protection

Zero impact on message confidentiality. Servers only contain encrypted ciphertext that cannot be decrypted.

👁️ Government Surveillance

Attack Vector

Government agencies demand access to user communications through legal compulsion or warrant.

Protection

Cryptographic impossibility of compliance. Servers cannot provide plaintext access even under legal compulsion.

🕴️ Insider Threat

Attack Vector

Malicious Taps.IM employees or administrators attempt to access user communications.

Protection

Technical controls prevent access. Even privileged users cannot decrypt messages or access keys.

🌐 Network Surveillance

Attack Vector

Network-level attackers intercept communications between clients and servers.

Protection

TLS 1.3 transport encryption plus client-side encryption provides multiple layers of protection.

Implementation Verification

🔍 Cryptographic Audit

The zero-knowledge implementation has undergone comprehensive security auditing by independent cryptography experts to verify the correctness of our encryption implementation and server opacity guarantees.

🧪 Property Testing

  • Fuzz testing of cryptographic primitives
  • Side-channel resistance verification
  • Timing attack prevention testing
  • Memory safety validation

📋 Compliance Validation

  • FIPS 140-2 cryptographic module validation
  • Common Criteria security evaluation
  • SOC 2 Type II operational security
  • ISO 27001 information security
func verifyContentIntegrity(content []byte, expectedHash string) bool {
actualHash := computeContentHash(content)
valid := actualHash == expectedHash
if !valid {
log.Printf("Content integrity failure")
}
return valid
}

Performance & Scalability

The zero-knowledge architecture is designed for high performance while maintaining cryptographic security guarantees.

Fast Encryption

NaCl secretbox provides hardware-accelerated encryption with minimal CPU overhead

  • • XSalsa20: ~2.5 GB/s throughput
  • • Poly1305: ~1.8 GB/s authentication
🔄

Efficient Transport

Servers handle encrypted bytes without processing, enabling high throughput

  • • Zero-copy byte handling
  • • Minimal server CPU usage
📈

Linear Scaling

Cryptographic operations scale linearly with message volume

  • • O(1) per-message complexity
  • • Parallelizable operations

Related Documentation

Federated Architecture

Overview of the federated network architecture and server communication protocols.

Encryption Standards

Detailed specifications of cryptographic algorithms and security implementations.

Security Audits

Independent security audits and penetration testing reports validating our implementation.

Technical Whitepapers

Comprehensive technical documentation and research papers on our security architecture.