Security Considerations

Draft

This section is under construction and requires additional research.

Threat Model

SimpleX is designed to resist:

Server compromise: Servers cannot read message content (triple encryption)
Traffic analysis: Fixed 16KB block size prevents size-based correlation
User correlation: No user identifiers; each queue uses unique keys
Network surveillance: TLS 1.3 protects transport; private routing adds 2-hop onion

Private Message Routing

SimpleX supports 2-hop onion routing where messages traverse two SMP servers, preventing any single server from knowing both sender and recipient.

Forward Secrecy

The Double Ratchet provides forward secrecy: compromise of current keys does not reveal past messages. Each message uses a unique message key derived from the chain KDF.

Post-Quantum Extensions

E2E Encryption version 3 adds post-quantum KEM (Key Encapsulation Mechanism) to the ratchet, providing resistance against future quantum computers.

Threat Model​

Private Message Routing​

Forward Secrecy​

Post-Quantum Extensions​

Threat Model

Private Message Routing

Forward Secrecy

Post-Quantum Extensions