Security Whitepaper

This whitepaper documents every cryptographic implementation used in the BlackVoice Technologies platform, providing full transparency into how user data is protected.

Symmetric Encryption

All message content is encrypted using AES-256-GCM (Galois/Counter Mode) with 256-bit keys and 96-bit random initialization vectors. Key derivation uses PBKDF2-SHA256 with 600,000 iterations. All operations use the Web Crypto API — no custom cryptographic code.

Post-Quantum Cryptography (QuantumVault™ v2.0)

QuantumVault™ implements NIST-standardized post-quantum algorithms: ML-KEM-768 (FIPS 203) for key encapsulation and ML-DSA-65 (FIPS 204) for digital signatures. This provides protection against both classical and future quantum computing attacks.

Perfect Forward Secrecy (Signal Protocol)

Private conversations use the Signal Protocol with X3DH (Extended Triple Diffie-Hellman) key agreement and Double Ratchet algorithm. Each message uses a unique encryption key, so compromising one key cannot decrypt past or future messages.

WebAuthn / FIDO2

Hardware security key authentication via WebAuthn FIDO2 standard. Supports biometric authentication (fingerprint, face recognition) and physical security keys (YubiKey, Titan).

Zero-Knowledge Architecture

The server never has access to plaintext message content or encryption keys. All encryption and decryption happens exclusively in the user's browser. The server stores only encrypted ciphertext.