encrypt

Encrypt: A Decentralized End‑to‑End Encrypted Communications System

E. Dantes
montecristo@encryptxos.com

Abstract: We propose Encrypt, a decentralized, privacy-first messaging and calling application built for iOS, leveraging the Solana blockchain to manage cryptographic identities, key discovery, and message verification. In contrast to centralized messengers like WhatsApp, Telegram, or Signal, Encrypt allows users to hold and control their own encryption keys by binding their identity to a Solana wallet. Communication sessions are end-to-end encrypted using ephemeral elliptic curve key pairs authenticated through Solana wallet signatures. Public pre-keys are published to-chain for secure retrieval and verification, while message content is encrypted off-chain and routed through onion-relay networks for metadata resistance. This architecture enables secure communication without centralized intermediaries, offering forward secrecy, resistance to backdoors, and verifiable key provenance. By utilizing the Solana network’s high throughput and low fees, Encrypt achieves scalable, censorship-resistant communication for mainstream mobile users.

1. Introduction

In the aftermath of the Snowden disclosures, public awareness of digital surveillance and the critical importance of encrypted communications surged dramatically (Snowden, 2015). While applications like Signal and WhatsApp popularized end-to-end encryption (E2EE), their centralized infrastructure and metadata exposure have remained persistent concerns (Elkind et al., 2021). For example, WhatsApp encrypts message content, but it collects user contact lists, timestamps, and device identifiers and shares them with its parent company Meta, leaving users exposed to profiling (Netzpolitik.org, 2020). Even Signal, which offers stronger protections and an open-source protocol, requires a phone number for registration and relies on centralized servers for message relay and key exchange (Jefferys et al., 2024).

Encrypt proposes a fully decentralized alternative, in which cryptographic trust is anchored to the user’s own Solana wallet, and key exchanges occur independently of any central server. This model ensures that no single entity, including Encrypt itself, can issue or override encryption keys, access user metadata, or facilitate backdoor decryption. Public key information is stored immutably on the Solana blockchain, providing a verifiable audit trail for identity binding and forward secrecy operations.

Encrypt seeks to address several core limitations of existing secure messengers:

  1. User-controlled key infrastructure: Users authenticate and manage their keys via their Solana wallet, avoiding the need for phone numbers or passwords.

  2. Verifiable key exchange: All public keys and session metadata are discoverable on-chain, making man-in-the-middle attacks detectible and unlikely.

  3. Ephemeral encrypted messaging: Messages are encrypted using ephemeral keys, ratcheted for each session, and delivered over onion-routed relays to prevent metadata leakage.

  4. No central trust anchor: There is no centralized server, phone number registry, or proprietary cloud to trust or attack.

By integrating with the Solana network, Encrypt achieves secure, scalable communication with cryptographic guarantees that can be independently verified by users and auditors alike.

2. System Overview

2.1 Identity via Wallets

Users onboard to Encrypt by connecting an existing Solana wallet, such as Phantom, Solflare, etc. Each wallet’s public key serves as the user’s Encrypt ID. This removes the need for email, passwords, or phone numbers, and ensures that identity is cryptographically verifiable. During setup, the app generates an ephemeral X25519 identity key pair for E2EE communication. The wallet signs this public encryption key, binding it to the user’s wallet address. The signed pre-key bundle is published to a lightweight on-chain registry program (similar to a Solana name service) (Saber, 2022).

This approach guarantees that:

  • The pre-key was generated by the device (not a server),

  • It is verifiably associated with the user’s wallet,

  • The binding cannot be spoofed without access to the private wallet key.

2.2 Session Establishment and Double Ratchet

When Satoshi wants to initiate a conversation with Hal, he queries the on-chain registry for Hal’s signed pre-key bundle. Satoshi’s client verifies the signature using Hal’s wallet public key and performs an X3DH (Extended Triple Diffie-Hellman) handshake to derive a shared secret (Marlinspike & Perrin, 2013). The handshake includes:

  • Satoshi’s ephemeral key

  • Satoshi’s wallet public key (for binding)

  • Hal’s identity key

  • Hal’s ephemeral pre-key

This produces a session key known only to Satoshi and Hal. From this point, all messages are encrypted using a Double Ratchet algorithm, which advances on each message sent or received. Each message uses a new symmetric key, ensuring forward secrecy and post-compromise security (Marlinspike & Perrin, 2013).

2.3 Message Delivery and Metadata Resistance

Encrypt does not use centralized servers for message delivery. Instead, it employs a relay network of onion-routed nodes (similar to Tor or Session) to obfuscate the origin and destination of messages. Messages are encapsulated in multiple layers of encryption, with each relay node decrypting only its own layer to determine the next hop (Dingledine et al., 2004).

Message payloads are encrypted locally on the sender’s device and temporarily stored off-chain using decentralized storage systems such as IPFS or Arweave. The encrypted file hash and metadata pointers (including expiration time and access control conditions) are posted to a Solana program. Recipients retrieve messages by polling their storage swarms anonymously via the relay network, ensuring no node can link sender to recipient. Messages are deleted after receipt or expiration.

2.4 Forward Secrecy and Key Rotation

To maintain forward secrecy, Encrypt implements the Double Ratchet mechanism, ensuring that if a device is compromised, past and future messages remain protected. Additionally, users can periodically rotate their identity key pairs by generating new pre-key bundles, signing them with their wallet, and publishing the update to the on-chain registry.

Any contact attempting to establish a new session will automatically fetch the latest pre-keys. Since the wallet signature is required, malicious actors cannot impersonate users by publishing rogue keys. Users are notified in-app when a contact’s pre-key changes, and can verify key fingerprints via out-of-band channels if desired.

3. Solana Network Integration

2.1 Identity via Wallets

Encrypt relies on Solana not as a storage layer for messages, but as a decentralized coordination layer for:

  • Key registration and rotation

  • Message metadata anchoring

  • Identity and signature verification

Solana’s high throughput (~65,000 TPS), fast block finality (~400ms), and negligible transaction costs (~0.00001 SOL) make it feasible to store small pieces of metadata or signatures directly on-chain without compromising performance (Yakovenko, 2020). By avoiding full message storage on-chain and limiting writes to pre-key updates and hashes, Encrypt minimizes blockchain load while gaining the immutability and auditability benefits of a decentralized ledger.

Key advantages of Solana include:

  • Efficient public key lookup: On-chain key directories are indexed by wallet address.

  • Low latency messaging setup: Pre-keys and session metadata can be accessed with sub-second confirmation.

  • Immutable audit trail: Users can inspect and verify all key events, ensuring there is no covert key rotation or tampering.

4. Security Considerations

Encrypt’s security model assumes a strong attacker with access to parts of the network or compromised devices. The architecture resists several key threats:

  • Compromised Relays: Onion routing ensures that no single node sees both sender and receiver. Even if a node is malicious, it cannot decrypt message content or link identities.

  • Man-in-the-Middle Attacks: All session initiations are verified against on-chain signatures, making it computationally infeasible to spoof key exchanges.

  • Device Compromise: Forward secrecy mechanisms ensure that previous messages cannot be decrypted even if a user’s device is breached.

  • Censorship Resistance: There is no central server to block. Relay nodes are globally distributed, and fallback storage (e.g., Arweave) is censorship-resistant.

Importantly, users retain full control of their encryption identity. Unlike WhatsApp or Signal, no provider can force key changes, reset accounts, or insert backdoors. Any compromise would require the user to sign malicious data from their own wallet – an event visible and auditable by the user.

5. User Experience

Encrypt is built natively for iOS using Swift and integrates with leading Solana wallets via WalletConnect and Solana Mobile Stack. Upon installing the app, users:

  1. Connect their wallet (Phantom, Solflare, Backpack).

  2. Generate encryption keys and sign them with their wallet.

  3. Publish their signed public keys on-chain.

  4. Begin encrypted messaging with others by referencing wallet addresses or aliases (e.g., via SNS).

Message sending and key exchange are seamless, with the wallet interface appearing only for signing operations. For everyday use, Encrypt functions like any other messenger – with push notifications, media attachments, and group chats – but all data is encrypted, routed privately, and independently verifiable.

6. Conclusion

Encrypt presents a practical and secure messaging architecture grounded in cryptographic principles and decentralized infrastructure. By using Solana for identity, key registration, and coordination, Encrypt eliminates the need to trust any intermediary while maintaining usability suitable for mainstream adoption. It achieves end-to-end encryption with full user custody of keys, forward secrecy through double ratchets, and metadata resistance via onion routing and decentralized storage. In doing so, Encrypt reclaims the privacy and control that modern centralized messengers have eroded.

As surveillance threats grow and trust in central services declines, Encrypt demonstrates how blockchain technology – when applied judiciously – can reimagine secure communication for the 21st century.

References

1. Dingledine, R., Mathewson, N., & Syverson, P. (2004). Tor: The second-generation onion router. USENIX Security Symposium.

2. Elkind, P., Gillum, J., & Silverman, C. (2021). How Facebook undermines privacy protections for its 2 billion WhatsApp users. ProPublica.

3. Jefferys, K., et al. (2024). Session: End-to-End Encrypted Conversations with Minimal Metadata Leakage. Session Whitepaper.

4. Marlinspike, M., & Perrin, T. (2013). The Double Ratchet Algorithm. Open Whisper Systems.

5. Netzpolitik.org. (2020). Hacks and spying: Is WhatsApp safe for diplomats?

6. Saber Labs. (2022). Solana Name Service: A decentralized identity protocol.

7. Snowden, E. (2015). Permanent Record. Metropolitan Books.

8. Yakovenko, A. (2020). Solana: A new architecture for a high performance blockchain. Solana Labs Whitepaper.