Complete Security Architecture
Stvor implements a two-layer security model: industry-standard E2E encryption + advanced Defense-in-Depth mechanisms from peer-reviewed KAIST research.
🔒 Layer 1: End-to-End Encryption
Industry Standard
- ✅ Double Ratchet Protocol - Forward & Backward Secrecy
- ✅ Post-Quantum Hybrid - ML-KEM-768 + X25519
- ✅ AES-256-GCM - 256-bit symmetric encryption
- ✅ Ed25519 + ML-DSA-65 - Digital signatures
- ✅ HKDF-SHA-384 - Key derivation
- ✅ Session Management - IndexedDB persistence
Protects: Message content encryption, Forward secrecy, Post-quantum attacks
🛡️ Layer 2: Defense-in-Depth
Research-Based (KAIST)
- ✅ Network Integrity - EREBUS relay pinning
- ✅ Metadata Obfuscation - Message padding
- ✅ Behavior Privacy - Typing/read receipt protection
- ✅ Traffic Analysis - Jitter & batching
- ✅ Side-Channel - Opt-in controls
- ✅ User Consent - Privacy enforcement
Protects: Network attacks, Traffic patterns, Behavior inference
🎯 Why Two Layers? E2E encryption protects message content. Defense-in-Depth protects metadata (size, timing, behavior patterns) that attackers can observe even with perfect encryption. Together they provide comprehensive protection against:
- Network-level attackers (ASes, ISPs, relay operators)
- Traffic analysis attacks (packet size classification)
- User behavior inference (keystroke timing, presence)
- Cryptographic protocol attacks (EREBUS partitioning)