Whispeer Logo WhisPeer Messaging App

End-to-End encrypted messaging using Signal Protocol implementation

Java Signal Protocol End-to-End Encryption Double Ratchet X3DH UDP Networking
View on GitHub

Project Overview

A secure, end-to-end encrypted chat application implemented with Java. The system implements a hybrid of Signal Protocol's Double Ratchet algorithm and X3DH key agreement protocol for maximum security and forward secrecy.

Key Security Features

End-to-End Encryption

Messages are encrypted on sender's device and only decrypted on recipient's device using AES-256-GCM. Even server cannot read your messages.

Forward Secrecy

Compromise of long-term keys doesn't compromise past messages. Each message uses a unique encryption key.

Mutual Authentication

Two-way authentication using Diffie-Hellman key exchange with nonce-based challenge-response.

System Architecture

Client

X3DH Key Agreement
Double Ratchet
Message Encryption

Server

Message Routing
Key Distribution
Authentication

Database

User Management
Public Key Storage
Offline Messages

Technical Implementation

X3DH Key Agreement

Initial key establishment between two parties using Signal Protocol specification:

Shared Secret:
KDF(DH1 || DH2 || DH3 || DH4)
where:
DH1 = DH(IK_A, SPK_B) // Identity × Signed PreKey
DH2 = DH(EK_A, IK_B) // Ephemeral × Identity
DH3 = DH(EK_A, SPK_B) // Ephemeral × Signed PreKey
DH4 = DH(EK_A, OPK_B) // Ephemeral × OneTime PreKey

Double Ratchet Algorithm

Provides forward and backward secrecy with a new key for each message:

Step 1: Derive message key from chain key
KDF Diagram
Step 2: Encrypt current message with AES-GCM
Step 3: Update chain key for forward secrecy
Step 4: User Authentication - Encrypted credentials with PBKDF2 password hashing

Authentication Flow

Step 1: Diffie-Hellman Key Exchange - Establishes shared session key
Step 2: Two-way Challenge-Response - Prevents replay attacks using nonces and timestamps
Step 3: Digital Signatures - ECDSA signatures on signed pre-keys for authenticity
Step 4: User Authentication - Encrypted credentials with PBKDF2 password hashing

Security Analysis

Protected Against

  • Eavesdropping - All messages encrypted E2E
  • Man-in-the-Middle - Digital signatures prevent key substitution
  • Replay Attacks - Nonces and timestamps in authentication
  • Forward Compromise - Forward secrecy through key ratcheting
  • Server Compromise - Server cannot decrypt messages
  • Password Attacks - Strong policy + PBKDF2 + salt

Technology Stack

  • Language: Java 11+
  • Database: SQLite
  • Encryption: AES-256, ECC P-256
  • Key Exchange: Diffie-Hellman, ECDH
  • Signatures: ECDSA
  • Hashing: PBKDF2, HMAC-SHA256

Installation & Usage

Installation

# Compile server
javac ChatServer.java

# Compile client  
javac ChatClient.java

# Start server
java -cp ".:lib/sqlite-jdbc-3.49.1.0.jar" ChatServer 9090

#or 
./run.sh

# Connect client
java ChatClient <server_ip> 9090

Usage Examples

# Direct end to end message
@username Hello, this is a private message!

# Broadcast end to end message
broadcast Hello everyone!

# Or just type for broadcast
Hello everyone!

# Exit application
exit

Explore the Implementation

This project demonstrates enterprise-grade security practices and modern cryptographic protocols. Check out the complete source code and technical documentation on GitHub.

View Source Code Back to Projects