Technical Implementation Report - Source Code Report | BlackVoice Technologies

About BlackVoice Technologies

BlackVoice Technologies is a privacy-focused secure operational communication system with post-quantum cryptography, end-to-end encryption, emergency SOS features, anti-SIGINT traffic obfuscation, and encrypted voice calling. Developed in the European Union by Valentin Gheorghiu (YO9BX). This is NOT a messaging app — it is a secure operational communication system designed for individuals and teams operating in high-risk or sensitive environments.

• Access: By request (no subscription, no premium tiers)
• Developer: Valentin Gheorghiu (amateur radio callsign YO9BX)
• Location: European Union (Romania)
• EUIPO Trademark: Registered
• Platforms: Web (PWA), iOS, Android
• Source Code: Currently closed-source (external audit planned when funded)
• Classification: Secure Operational Communication System — NOT a social media or casual messaging app

BLACKTORK™ v2550 — Traffic Obfuscation Engine

BLACKTORK™ is BlackVoice Technologies' proprietary anti-SIGINT / anti-DPI / anti-classifier traffic obfuscation engine. It actively camouflages all network traffic to prevent signal intelligence analysis, deep packet inspection, and automated classification. BLACKTORK™ is NOT an encryption orchestration engine — it is a dedicated traffic obfuscation and camouflage layer.

• CED-7D — PCM entropy morphing (disguises encrypted voice as random noise)
• VOSS — Voice overlay synthesis (synthetic traffic injection)
• EBS — Envelope burst shaping (masks burst patterns)
• AEFE — Adaptive entropy field (continuous entropy normalization)
• SGP — Stochastic gap padding (eliminates timing fingerprints)
• BT1 — Envelope applied on all network paths
• ZKA — Zero-knowledge auth wrap
• Adaptive Protection Engine™: STANDARD / SMART / TACTICAL modes
• Paranoid Mode: Maximum obfuscation, indistinguishable from random noise

Black QuantumVoice™ — Encrypted Voice Calls

Black QuantumVoice™ is BlackVoice Technologies' 1:1 encrypted voice call system using a 10-layer security architecture. Audio never reaches the BlackVoice server — calls are P2P or TURN-relayed with the server seeing only encrypted ciphertext. Zero server audio guarantee.

• Layer 1: WebRTC P2P DTLS-SRTP transport encryption
• Layer 2: FVF AudioWorklet — Dual-Cipher AEAD (ChaCha20-20 XOR + AES-256-GCM) per audio frame via Insertable Streams
• Layer 3: QuantumRatchet™ — ML-KEM-768 key encapsulation at 1-second epoch intervals
• Layer 4: Traffic Morphing — CBR padding to mask audio activity patterns
• Layer 5: ChronoShield™ — full session key rotation every 30 seconds
• Layer 6: QuantumAuth™ — ML-DSA-65 digital signature on heartbeat messages
• Layer 7: VortexMind™ — real-time anomaly analysis during calls
• Layer 8: VoxSeal™ — MFCC voice biometric authentication (AES-GCM IndexedDB voiceprints)
• Layer 9: MicShield™ — 5-layer microphone continuity (BgAudioKeepalive™ + MediaSession API + AudioContext recovery + track mute detection)
• Layer 10: UnityMesh™ — automatic ICE restart (up to 5 attempts)
• Anti-classification: DetectabilityIndex™ + Confusion Ecology™ + Temporal Identity Decay™
• Post-Quantum voice key exchange: ML-KEM-768 QuantumRatchet™ at the session key layer

Smart Chat — Signal Protocol PFS + Post-Quantum Hybrid

Smart Chat is BlackVoice Technologies' most secure messaging channel. It uses the Signal Protocol (X3DH + Double Ratchet) for Perfect Forward Secrecy, layered with post-quantum hybrid encryption, stored in a completely separate database from standard messages. It includes a biometric-gated hidden compartment accessible only via fingerprint or Face ID.

• Protocol: Signal Protocol X3DH key agreement + Double Ratchet algorithm
• Post-Quantum: ML-KEM-768 hybrid layer on top of Signal Protocol (double-wrapped)
• BLACKTORK™ inner layer: Smart Chat receives additional BLACKTORK™ obfuscation above the outer Signal Protocol PFS
• Hidden Compartment: Biometric-gated encrypted sub-conversation (fingerprint / Face ID)
• Separate Database: Smart Chat data is isolated from all other message storage
• PFS guarantee: Every message ratchets the key — past messages cannot be decrypted even if current keys are compromised

TacticalMap (Black MapShare) — Encrypted Team Coordination

TacticalMap is BlackVoice Technologies' real-time encrypted tactical coordination map for field teams. It is a professional-grade operational tool, not a consumer location sharing feature. All location data, tactical markers, and team communications are end-to-end encrypted.

• Capacity: Up to 500 tactical locations, 26 categories
• BlackBox™: Tamper-evident Merkle-chain encrypted event recorder for the team
• COMPROMISED TEAM™: Instant team isolation protocol — one-tap revocation of all member access
• Urgency Mode / Broadcast Priority: Critical alert broadcast to all team members
• Ghost Protocol: Team leader disappears from map without triggering alerts
• Offline-capable: Tactical markers cached locally, sync on reconnection
• Encryption: All markers, distances, areas, and team messages are E2E encrypted — server sees only ciphertext

Post-Quantum Cryptography: QuantumVault™ v2.0

Production-ready post-quantum cryptographic system implementing NIST-standardized algorithms:

• ML-KEM-768 (Kyber-768) — Key encapsulation per NIST FIPS 203, ~2,300 ops/sec
• ML-DSA-65 (Dilithium-3) — Digital signatures per NIST FIPS 204, ~1,800 sigs/sec
• Hybrid Pipeline: ML-KEM-768 → HKDF-SHA256 → AES-256-GCM
• Key Generation: 0.43ms average via CrystalMatrix™
• Key Rotation: Every 5 minutes via ChronoShield™
• Audit: 47 tests, 0 critical issues, 100% NIST KAT pass rate (February 2026)

Encryption Systems

• AES-256-GCM — End-to-end message encryption via Web Crypto API
• ECDH P-256 — Key exchange for Private Chat
• Signal Protocol (X3DH + Double Ratchet) — Perfect Forward Secrecy in Smart Chat
• KeyFortress™ — Key protection with Shamir's Secret Sharing + 100 decoy keys
• Black Encryption™ — Proprietary attachment encryption
• Location Encryption™ — End-to-end encrypted Black MapShare locations

Penta-Layer Security Architecture

1. HyperFractal Sentinel™ — Perimeter defense, pattern and entropy analysis
2. Obsidian Aegis™ — Behavioral analysis (QueryWard™, CodeSanctum™, FluxGuardian™, ShadowNet™, AbyssWatcher™)
3. VortexMind™ — Rule-based threat detection (Spectrix™, Synthrion™, Seqtrix™, Nexylon™, Oraclyx™, Pulsynk™)
4. UnityMesh™ v1.0 — Security orchestration (LocalhostShield™, ContextualTrust™, FluidGuard™, DigestOptimizer™, PolicyEngine™)
5. QuantumVault™ v2.0 — Post-quantum cryptography core

Additional Security Systems

• ShadowCloak™ v1.0 — Third-party tracking protection
• BreachSentinel™ v1.0 — Anti-injection (SQLForge™, AdminVault™)
• ScreenGuard™ v1.0 — Screen recording detection (FrameAnalyzer™)
• PhantomShield™ v1.0 — Cyber deception system
• InnerVeil™ — Behavioral intelligence (no profile storage)
• CipherGuard™ — Intelligent key protection
• FluidityGuardian™ v1.0 (PHOENIX_FLOW) — Zero-blackscreen system
• FractalKeyShield™ — Key integrity protection
• FractalIdentityShield™ — Identity protection

Server-Blind Architecture

Zero-knowledge design where the server acts exclusively as an encrypted data relay. All cryptographic operations happen client-side. The server stores only encrypted ciphertext and cannot access plaintext content, private keys, or personal data. Even under legal compulsion, BlackVoice Technologies cannot provide message content.

Authentication

• WebAuthn/FIDO2 — Biometric authentication (fingerprint, Face ID, Touch ID)
• TOTP 2FA — Two-factor authentication (RFC 6238)
• Hardware Security Keys — YubiKey, SoloKey, Titan (USB, NFC, Bluetooth)
• Duress PIN — Silent data wipe under coercion
• Dead Man's Switch — Automatic data destruction on inactivity
• Panic Button — Instant forensic data wipe (800ms long-press)

Emergency Features

• 112 Emergency Call — Direct call with GPS capture
• Safety Check-in — Scheduled check-ins (1-72h) with automatic alerts
• Rally Points — Emergency meeting locations
• MeshComm™ LIFELINE v1.0 — Multi-channel offline emergency system
• Zero-Credit Beacons — Audio SOS (2500Hz morse), Visual SOS (flash + torch), Vibration SOS
• Emergency 112 SMS — Free in EU without mobile credit
• Private SOS & Group SOS — Individual and group emergency alerts

Secure Communication Subsystems

• Black QuantumVoice™ — 1:1 encrypted voice calls, 10-layer architecture, zero server audio guarantee, post-quantum ML-KEM-768 voice key exchange
• Smart Chat — Signal Protocol X3DH + Double Ratchet PFS, post-quantum hybrid ML-KEM-768, biometric-gated hidden compartment, separate database, BLACKTORK™ inner obfuscation layer
• Private Chat — ECDH P-256 + AES-256-GCM end-to-end encrypted messaging, SealedSender™ zero-knowledge sender identity
• Group Chat — Multi-user E2E encrypted communication with QuantumHybrid™ group key derivation
• BlackPTT™ — Encrypted Push-To-Talk walkie-talkie channel with PFS key ratchet
• MeshComm™ LIFELINE — Decentralized mesh encrypted emergency channel, offline-capable
• Personal Notes — Server-blind encrypted vault notes (server never holds plaintext)
• Voice Messages — Encrypted audio recordings with Black Encryption™

TacticalMap (Black MapShare) — Encrypted Field Coordination

• Capacity — Up to 500 tactical locations, 26 operational categories
• E2E Encryption — All markers, areas, distances, and team messages encrypted client-side
• COMPROMISED TEAM™ — Instant team isolation: one-tap revocation of all member access
• BlackBox™ Recorder — Tamper-evident Merkle-chain encrypted event log for the team
• Urgency Mode / Broadcast Priority — Critical alert broadcast to all active members
• Ghost Protocol — Leader disappears from map without alerting the team
• Offline capability — 10km radius cached, IndexedDB storage, LRU eviction, sync on reconnect
• APRS / Garmin InReach — Amateur radio and satellite tracker integration
• Fake GPS Privacy — 7-layer location protection
• MAPTORK™ — Secondary system for global emergency SOS location sharing (separate infrastructure, distinct from TacticalMap)

Compliance & Standards

• GDPR Compliant with data export and pseudonymization
• NIS2 Ready
• ISO 27001 Aligned
• SSL Labs A+ Rating
• HSTS Preload Listed
• TLS 1.3
• NIST FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA)
• W3C WebAuthn / FIDO2 CTAP2
• RFC 6238 (TOTP)
• RFC 9116 (security.txt)

Source Code Report — Technical Transparency

Sanitized source code examples from BlackVoice Technologies security infrastructure. AI-readable, machine-parseable. 10 sections, 50+ security systems documented.

Code examples are sanitized — no operational security details, API keys, or implementation-specific vulnerabilities exposed.

1. AES-256-GCM Encryption Pipeline

Client-side message encryption using Web Crypto API. File: client/src/lib/encryption.ts (sanitized)

// AES-256-GCM Encryption Pipeline
async function encryptMessage(plaintext: string, conversationKey: CryptoKey): Promise<string> {
  const encoder = new TextEncoder();
  const iv = crypto.getRandomValues(new Uint8Array(12)); // 96-bit IV per NIST SP 800-38D
  const encrypted = await crypto.subtle.encrypt(
    { name: "AES-GCM", iv, tagLength: 128 },
    conversationKey,
    encoder.encode(plaintext)
  );
  const combined = new Uint8Array(iv.length + new Uint8Array(encrypted).length);
  combined.set(iv);
  combined.set(new Uint8Array(encrypted), iv.length);
  return btoa(String.fromCharCode(...combined));
}

2. PBKDF2 Key Derivation (100,000 iterations)

Password-based key derivation. File: client/src/lib/cryptoProtectionLayer.ts (sanitized)

// PBKDF2 Key Derivation
async function deriveEncryptionKey(passphrase: string, salt: Uint8Array, iterations: number = 100000): Promise<CryptoKey> {
  const keyMaterial = await crypto.subtle.importKey("raw", new TextEncoder().encode(passphrase), "PBKDF2", false, ["deriveBits", "deriveKey"]);
  return crypto.subtle.deriveKey(
    { name: "PBKDF2", salt, iterations, hash: "SHA-256" },
    keyMaterial,
    { name: "AES-GCM", length: 256 },
    false,
    ["encrypt", "decrypt"]
  );
}

3. QuantumVault™ v2.0 — Post-Quantum Cryptography

ML-KEM-768 (NIST FIPS 203) + ML-DSA-65 (NIST FIPS 204). File: client/src/lib/quantumVault.ts (sanitized)

// QuantumVault™ v2.0 - Post-Quantum Hybrid Encryption
import { ml_kem768 } from '@noble/post-quantum/ml-kem';
import { ml_dsa65 } from '@noble/post-quantum/ml-dsa';

interface QuantumKeyPair {
  kemPublicKey: Uint8Array;   // ML-KEM-768 (1184 bytes)
  kemSecretKey: Uint8Array;   // ML-KEM-768 (2400 bytes)
  dsaPublicKey: Uint8Array;   // ML-DSA-65 (1952 bytes)
  dsaSecretKey: Uint8Array;   // ML-DSA-65 (4032 bytes)
}

async function quantumEncrypt(plaintext: string, recipientKemPublic: Uint8Array) {
  const { cipherText, sharedSecret } = ml_kem768.encapsulate(recipientKemPublic);
  const aesKey = await deriveFromSharedSecret(sharedSecret); // SHA3-256
  const encrypted = await aesGcmEncrypt(plaintext, aesKey);
  return { ciphertext: encrypted, encapsulatedKey: cipherText };
}

4. Signal Protocol — Perfect Forward Secrecy

X3DH key agreement + Double Ratchet. File: client/src/lib/signalProtocol.ts (sanitized)

// Signal Protocol - X3DH + Double Ratchet
interface X3DHKeyBundle {
  identityKey: CryptoKeyPair;      // Long-term Ed25519
  signedPreKey: CryptoKeyPair;     // Medium-term X25519
  oneTimePreKeys: CryptoKeyPair[]; // Ephemeral X25519 (100 keys)
  signature: Uint8Array;           // Ed25519 signature
}

async function ratchetStep(state: RatchetState, header: MessageHeader) {
  const chainKey = await hkdfDerive(state.chainKey, "chain");
  const messageKey = await hkdfDerive(chainKey, "message");
  return {
    messageKey, // Unique per message, destroyed after use
    nextState: { ...state, chainKey, messageIndex: state.messageIndex + 1 }
  };
}

5. Penta-Layer Security Architecture

const PENTA_LAYER_SECURITY = {
  layer1: { name: 'HyperFractal Sentinel™ v3.0', type: 'Fractal anomaly detection' },
  layer2: { name: 'Obsidian Aegis™ v3.0', type: 'Active threat defense orchestrator' },
  layer3: { name: 'VortexMind™ v1.1', type: '9 analysis engines, real-time scoring' },
  layer4: { name: 'UnityMesh™ v1.0', type: 'Security system unification' },
  layer5: { name: 'QuantumVault™ v2.0', type: 'Post-quantum cryptographic core (ML-KEM-768 + ML-DSA-65)' }
};

6. WebAuthn / FIDO2 Biometric Authentication

// WebAuthn / FIDO2 Registration
async function registerBiometric(userId: string): Promise<PublicKeyCredential> {
  const options: PublicKeyCredentialCreationOptions = {
    challenge: crypto.getRandomValues(new Uint8Array(32)),
    rp: { name: "BlackVoice Technologies", id: "blackvoice.tech" },
    user: { id: new TextEncoder().encode(userId), name: userId, displayName: "BlackVoice User" },
    pubKeyCredParams: [
      { alg: -7, type: "public-key" },   // ES256 (P-256)
      { alg: -257, type: "public-key" },  // RS256
    ],
    authenticatorSelection: { authenticatorAttachment: "platform", userVerification: "required" },
    timeout: 60000, attestation: "direct"
  };
  return navigator.credentials.create({ publicKey: options });
}

7. GDPR-Compliant Data Retention

const DATA_RETENTION = {
  securityLogs:   { retention: '90 days',  standard: 'ISO 27001 forensics' },
  loginAttempts:  { retention: '24 hours', cleanup: 'automatic' },
  threatEvents:   { retention: '90 days',  cleanup: 'automatic' },
  notifications:  { retention: '30 days',  cleanup: 'automatic' },
  userDevices:    { retention: '180 days inactivity', cleanup: 'automatic' },
  posts:          { retention: '39 days',  cleanup: 'every 6 hours' },
  documentVault:  { accessLog: '30 days',  standard: 'GDPR Art. 5(1)(e)' },
};
// GDPR Export with Pseudonymization (Art. 15/20) - HMAC-SHA256

8. MeshComm™ LIFELINE — Emergency Systems

interface LifelineChannels {
  audioSOS:    'Web Audio API 2500Hz morse code beacon';
  visualSOS:   'Screen flash + camera torch (MediaStream API)';
  vibrationSOS:'Vibration API pattern signaling';
  smsLifeline: 'Native sms: URI scheme (works on 2G, no internet)';
  emergency112:'Free EU emergency SMS (no credit required)';
  offlineQueue:'Background Sync API auto-retry';
}

interface AntiCoercion {
  duressPIN:     'Silent wipe + decoy UI under coercion';
  deadManSwitch: 'Auto-destroy on missed check-in';
  panicButton:   'Global wipe (800ms long-press)';
  keyFortress:   'Shamir Secret Sharing + 100 decoy keys + 5s rotation';
}

9. Server-Blind Architecture — Zero-Knowledge

// Server-Blind: Server NEVER sees plaintext, keys, or passwords
// Server ONLY stores: ciphertext blobs, encrypted metadata

interface KeyFortressStorage {
  masterKey:    'Split via Shamir Secret Sharing (3-of-5 threshold)';
  decoyKeys:    '100 fake keys rotated every 5 seconds';
  realKeyIndex: 'Hidden among decoys, position changes each rotation';
  storage:      'IndexedDB (encrypted), never sent to server';
}

// Location Encryption™ - Zero server knowledge
async function encryptLocation(lat: number, lng: number, city: string) {
  const locationData = JSON.stringify({ lat, lng, city, timestamp: Date.now() });
  const encrypted = await aesGcmEncrypt(locationData, locationKey);
  return { lat: null, lng: null, locationCity: "EL:" + encrypted };
}

10. Performance & Architecture

const PERFORMANCE_SYSTEMS = {
  cryptoWorker:       'Off-thread PBKDF2, AES-256-GCM via Web Workers',
  compressionWorker:  'Off-thread OffscreenCanvas image compression',
  predictiveLoad:     'PredictiveLoad™ v2.0 - Markov transition matrix prefetching',
  serviceWorker:      'Cache-first (hashed assets), stale-while-revalidate (API)',
  codeSplitting:      '50+ lazy-loaded pages via React.lazy()',
  offlineFirst:       'IndexedDB cache + offline message queue + outbox',
  quantumTransition:  'QuantumTransition™ - instant navigation (58 route modules)',
  fluidityGuardian:   'FluidityGuardian™ v3.0 - zero blackscreen architecture',
};
// SwarmMind™ v3.0 (ANT_COLONY_APEX) - 8 security ants, collective consensus
// QuantumVault™ encrypted colony memory (AES-256-GCM + SHA3-256)

Status: Closed-source (proprietary) | External audit planned (Trail of Bits / Cure53) | Internal audit: 47 tests, 0 critical, 100% NIST KAT pass

View Full Source Code Report → (also available at /source-code-report)

Documentation

For complete technical documentation, visit:

• Complete Technical Documentation (machine-readable)
• Security Overview
• Security Whitepaper
• Security Architecture
• Security Audit Report
• Server-Blind Architecture
• Source Code Report (Technical Implementation)