cryptogram

Encoded messenger

Download on the App Store

Perfect secrecy

The symmetric cryptosystem one-time pad (OTP) is perfect secrecy which was proved by the “information theory’s father” Claude Shannon in 1949. It means that the attacker can not obtain any information about the plaintext, by observing the ciphertext. Between the known secrets the OTP is one of the most perfect ways to protect the data. OTP can not be compromised theoretically nor practically if we follow its requirements. And we do.

Post quantum

OTP is safer than the open asymmetric open key approach. Open keys are used in almost all other messengers. But the open key secret is theoretically solvable, it means it can be broken by a third party if it has enough time and computing power. Anyway, it may be compromised very fast in post-quantum reality. A part in the middle can keep your message for years and then open it in seconds if quantum computers become available.

Weaknesses?

Has OTP any weaknesses? The only theoretical source of weakness is a not perfectly random key generator on your device. We solve this limitation by adding your keys extra entropy generated by a physical process - magnetic field ripple around you.

Exchange the keys

If the OTP is so safe, why everybody around does not use it? The problem with the OTP is the key exchange procedures. You must share your key with someone, during a personal face to face meeting, and never use the internet or local network to share it. That’s why the Cryptogram app creates a peer-to-peer protected TLS connection with an effective range up to 5-8 meters between the two nearby devices and exchanges the keys over this connection. Cryptogram uses neither your local Wi-Fi network nor mobile connection to send the keys, but the Wi-Fi module of your iPhone must be active to provide the tool for the secure peer-to-peer connection between the two devices. The password is available over the onscreen QR-code. Nobody else within or beyond those 8 meters can obtain the password and receive the keys, but only the partner who has scanned your QR-code at the moment.

Limitations

What are the limitations of the Cryptogram? Every key is random, unique, used once and destroyed immediately after the message has been sent or delivered. Every next message consumes the next key. Thus you can send as many messages as many keys you have for a specific addressee, but you are limited with the physical memory of your device.

Length of message

The message length is limited. To provide perfect secrecy, the key must be longer than the text. The envelop you send is always wider than your message. It also contains some nonce and consistency code. Nobody can know the real length of you message inside the envelope or spoil it. Thus the length of your text can not be more than 200 symbols.