Cipher - Your Messages. Your Keys. Nothing Else.

Defense in Depth

Cipher's security is not dependent on any single mechanism. We implement multiple layers of protection so that if one layer is compromised, others remain intact:

┌─────────────────────────────────────────────┐
│           CIPHER SECURITY LAYERS            │
├─────────────────────────────────────────────┤
│                                             │
│  Layer 5: Application Security              │
│  ├── Input validation                       │
│  ├── Memory safety (Rust/Swift)            │
│  └── Secure coding practices               │
│                                             │
│  Layer 4: Cryptographic Security            │
│  ├── E2E encryption (Signal Protocol)      │
│  ├── Forward secrecy                        │
│  └── Post-compromise security              │
│                                             │
│  Layer 3: Key Management                    │
│  ├── Secure enclave storage                │
│  ├── Key derivation (BIP-39/44)            │
│  └── Automatic key rotation                │
│                                             │
│  Layer 2: Network Security                  │
│  ├── TLS 1.3 for all connections           │
│  ├── Certificate pinning                    │
│  └── Tor/mix network support               │
│                                             │
│  Layer 1: Device Security                   │
│  ├── Biometric authentication              │
│  ├── Encrypted local storage               │
│  └── Remote wipe capability                │
│                                             │
└─────────────────────────────────────────────┘

Threat Model

Cipher is designed to protect against the following threat actors:

Passive Network Adversary

An attacker who can observe all network traffic (ISP, government)

Protection: E2E encryption ensures they see only encrypted blobs. Metadata protection minimizes what they can learn.

Compromised Server

What if Cipher's infrastructure is hacked?

Protection: We never have access to message content or private keys. At most, attackers could learn public keys and encrypted message ciphertext.

Device Theft

Physical access to your unlocked or locked device

Protection: Biometric lock, encrypted storage, and optional auto-wipe after failed attempts. Secure enclave protects keys from extraction.

Malicious Contact

Someone you're chatting with tries to extract information

Protection: They can only see messages you send them. Verification prevents impersonation. No access to your other conversations.

Zero-Trust Architecture

Cipher operates on a zero-trust model. We assume:

Any server could be compromised
Any network connection could be monitored
Any third-party code could be malicious

This is why all security-critical operations happen on your device:

Key generation: Always local, never on a server
Encryption/decryption: Always local, never on a server
Message storage: Encrypted locally, only temporarily cached on network
Transaction signing: Always local, private keys never transmitted

Secure Key Storage

Your private keys are the crown jewels. Cipher protects them using platform-specific secure storage:

iOS

Secure Enclave

Hardware-isolated key storage

Android

StrongBox/TEE

Hardware-backed Keystore

Desktop

OS Keychain

With optional hardware key

Open Source & Audits

Security through obscurity doesn't work. Cipher's entire codebase is open source, allowing anyone to verify our security claims. We have also undergone independent security audits:

Trail of Bits (2024): Core cryptographic implementation
Cure53 (2024): Mobile application security
NCC Group (Planned 2025): Full protocol audit

All audit reports are published publicly on our GitHub repository.

Bug Bounty Program

We run a bug bounty program with rewards up to $100,000 for critical vulnerabilities. If you discover a security issue, please report it responsibly through our security disclosure process.

Security Architecture