HushNetHushNet

Encryption — Overview

HushNet is built on a modern and auditable cryptographic foundation combining X3DH (Extended Triple Diffie-Hellman) for session establishment and Double Ratchet for message-by-message key updates. This architecture — pioneered by the Signal protocol — ensures confidentiality, integrity, forward secrecy, and post-compromise security.

X3DH — Key agreement (simplified)

AliceBob (pubkey server)1) Fetch bundle (IK_B, SPK_B, OPK_B)2) Send (IK_A, EK_A) + metadata3) DH1(IK_A, SPK_B) • DH2(EK_A, IK_B) • DH3(EK_A, SPK_B) • DH4(EK_A, OPK_B)KDF → initial shared secret

Conceptual diagram. IK = Identity Key, SPK = Signed PreKey, OPK = One-Time PreKey, EK = Ephemeral Key.

1. X3DH — Session Establishment

The Extended Triple Diffie-Hellman (X3DH) protocol bootstraps a secure session between two devices that have never communicated before. It uses four key pairs:

  • IK: long-term identity key (Ed25519).
  • SPK: signed pre-key, refreshed periodically.
  • OPK: one-time pre-key, deleted after first use.
  • EK: ephemeral key generated for each handshake.

These are combined through multiple Diffie-Hellman computations to derive a shared master secret, ensuring mutual authentication and protection even if one party is offline during initiation.

Double Ratchet — Per-message key evolution

Root chainSending chainReceiving chainMK1MK2MK3MK4MK5KDF(chain, DH)DH rotation

Each message derives a fresh key. Periodic DH rotations refresh the root chain for PFS and future secrecy.

2. Double Ratchet — Continuous Encryption

Once a session is established, the Double Ratchet algorithm takes over. Each new message derives a fresh symmetric key using a pair of ratchets:

  • DH ratchet: updates the root key when new Diffie-Hellman outputs arrive.
  • KDF ratchet: advances per-message chain keys with a key derivation function (HKDF).

This means every message uses a unique encryption key, providing forward secrecy (past messages remain safe even if keys are leaked) and post-compromise security (future messages recover secrecy after compromise).

Security properties

  • Forward secrecy (PFS) — Compromise of past keys does not expose future messages.
  • Post-compromise security — Even if a device is breached, new messages become secure again after a few exchanges.
  • Authenticity — Identity keys are verified, preventing man-in-the-middle attacks.
  • Confidentiality — End-to-end encryption by design; even your node cannot read message contents.
  • Integrity — Message Authentication Codes (MACs) prevent undetected modification.
  • Anti-replay & ordering — Message counters and header numbers prevent replay or reordering attacks.

HushNet never stores emails, phone numbers, or passwords. All user identities are public-key based, ensuring pseudonymity and cryptographic trust instead of traditional credentials.