Atlas Associates
WHITEPAPER

Arc Protocol v2.0 β€” Powered by libsignal

Arc Protocol

Security Whitepaper

Version 2.0 β€” April 2026 Β· Atlas Associates Inc. Β· Public

Download PDF (English only)

Abstract

Arc is a privacy-first messenger built on the Signal Protocol (libsignal-client v0.65.2), enhanced with per-message XEdDSA digital signatures, client-side sender anonymization (Sealed Sender), and BLE Mesh offline communication (Bridgefy SDK encryption).

Arc provides end-to-end encryption (E2EE) on every plan, free of charge. Security is never behind a paywall.

1. Design Principles

E2EE for everyone

Full encryption on every plan. No premium paywall for security.

Post-quantum readiness

Hybrid classical + PQC to protect against future quantum computers.

Zero trust architecture

The server never sees plaintext content. Metadata exposure is minimized.

No backdoors

No government or internal request can compromise encryption. Enforced by cryptographic design.

2. Cryptographic Foundation

ComponentAlgorithmStandardKey Size
Key Exchange (Classical)X25519 ECDHRFC 7748256-bit
Key Exchange (Post-Quantum)ML-KEM-1024 (via libsignal)FIPS 203Level 3
Message EncryptionAES-256-GCMNIST SP 800-38D256-bit
Message AuthenticationXEdDSA (libsignal)Signal XEdDSA spec256-bit
Key DerivationHKDF-SHA256RFC 5869256-bit output
Chain Key DerivationHMAC-SHA256RFC 2104256-bit
Protocol BaseSignal ProtocolOpen specificationβ€”

Arc uses libsignal-client v0.65.2 (Rust, via FFI) β€” the same library used by Signal Messenger β€” for core protocol operations.

3. PQXDH: Hybrid Key Exchange

Quantum computers capable of breaking X25519 may exist within 10-15 years. "Harvest now, decrypt later" attacks mean encrypted data captured today could be decrypted in the future. Arc addresses this by combining classical X25519 with post-quantum ML-KEM-1024, the same approach pioneered by Signal in September 2023.

Alice β†’ Bob:
1. Fetch Bob's PreKey Bundle (Identity + Signed PreKey + One-Time PreKey + PQ PreKey)
2. 4Γ— X25519 DH computations
3. ML-KEM-1024.Encaps(Bob's PQ Public Key) β†’ (pq_ciphertext, pq_shared_secret)
4. Root Key = HKDF-SHA256(DH1β€–DH2β€–DH3β€–DH4β€–pq_shared_secret)
5. Send: Alice's keys + PQ ciphertext (1,088 bytes) + encrypted message

An attacker must break both X25519 and ML-KEM-1024 to compromise the key exchange.

ParameterValue
Public Key1,184 bytes
Secret Key2,400 bytes
Ciphertext1,088 bytes
Shared Secret32 bytes
NIST Security LevelLevel 3 (AES-192 equivalent)
NIST StandardFIPS 203 (August 2024)

4. Double Ratchet: Forward Secrecy

After session establishment via PQXDH, all subsequent messages use the Double Ratchet algorithm, providing forward secrecy (compromise of a current key cannot decrypt past messages) and break-in recovery (compromise is automatically healed after a few messages).

DH Ratchet (direction change):
  New Root Key = HKDF-SHA256(current_root_key, X25519_DH_output)

Symmetric Ratchet (per-message):
  Message Key  = HMAC-SHA256(chain_key, 0x01)
  Next Chain   = HMAC-SHA256(chain_key, 0x02)

Every message uses a unique, independently derived key. Chain keys are immediately deleted after deriving the next key. Maximum 1,000 skipped message keys cached per session.

5. AES-256-GCM: Message Encryption

Each message is encrypted with a unique Message Key from the Double Ratchet using AES-256-GCM authenticated encryption.

Ciphertext = AES-256-GCM.Encrypt(
  key:   message_key (32 bytes),
  nonce: random (12 bytes, never reused),
  aad:   ratchet_public_key β€– prev_chain_length β€– message_number,
  plaintext: message content
)

Per-message overhead: nonce (12B) + auth tag (16B) = 28 bytes

6. AEGIS: Message Authentication

ARC'S KEY DIFFERENTIATOR

AEGIS (Arc Enhanced Guard & Integrity System) provides per-message Ed25519 digital signatures. Neither Signal nor WhatsApp sign individual messages.

PropertyDescription
Sender AuthenticationCryptographic proof that a specific user sent the message
Tamper DetectionAny modification after signing is detected
Non-RepudiationSender cannot deny having sent the message
XEdDSA Signing (via libsignal):
  payload   = senderId β€– "|" β€– timestamp β€– "|" β€– content
  signature = XEdDSA.Sign(payload, X25519_private_key)
  β†’ 64 bytes attached to message
  (Converts X25519 key to Ed25519 internally β€” no separate Ed25519 key needed)

Verification:
  XEdDSA.Verify(payload, signature, sender_X25519_public_key)
  β†’ verified | failed | noSignature

7. Sealed Sender: Sender Anonymity

Sealed Sender prevents the server from knowing who sent a message. Signal's implementation uses a sender certificate and delivery token system. Arc uses a simpler ephemeral X25519 ECDH envelope without server-side token validation.

Sender:
1. Generate ephemeral X25519 keypair
2. DH = X25519(ephemeral_private, recipient_identity_public)
3. AES_Key = HKDF-SHA256(DH, info="Arc Sealed Sender v1")
4. Envelope = AES-256-GCM(senderId + "\0" + payload, AES_Key)

β†’ Sealed Message = ephemeral_pub(32B) β€– nonce(12B) β€– ciphertext β€– mac(16B)

Available for 1:1 chats where both participants have the Intelligence plan.

8. Group Encryption: Sender Keys

Arc uses Signal Protocol's Sender Key mechanism for efficient group encryption. Each member generates a personal Sender Key, distributed via encrypted 1:1 channels. Messages are encrypted once (not N times for N members).

Encryption (libsignal group_encrypt):
  Chain Key β†’ Message Key β†’ AES-256-GCM  (libsignal internal)
  HMAC signature                          (libsignal internal)
  β†’ Output: SenderKeyMessage bytes

Decryption (libsignal group_decrypt):
  Signature verify β†’ Replay detect β†’ Decrypt (libsignal internal)

All crypto operations delegated to libsignal β€” no custom primitives.

9. Key Management

KeyAlgorithmLifetimeStorage
Identity KeyX25519Account lifetimePlatform Secure Storage
Signing KeyXEdDSA (libsignal)90-day rotationPlatform Secure Storage
Signed PreKeyX25519Weekly rotationPlatform Secure Storage
One-Time PreKeyX25519Single usePlatform Secure Storage
PQ PreKeyML-KEM-1024Single usePlatform Secure Storage (via libsignal)

Private keys are stored in iOS Keychain / Android EncryptedSharedPreferences. Never in Hive, SharedPreferences, plain files, or cloud storage.

Elixir PreKey Server

PreKey bundles (Signed PreKey, One-Time PreKeys, PQ PreKeys) are managed by an Elixir-based PreKey server that handles bundle distribution, one-time key depletion tracking, and automatic replenishment signaling to clients.

10. Key Sync: Multi-Device

Arc uses independent key sets per device (no primary/linked hierarchy). To decrypt messages from the original device on a new device, users scan a QR code containing an ephemeral X25519 public key. Both devices perform ECDH, derive an AES-256-GCM key via HKDF, and securely transfer identity keys. Session TTL: 5 minutes.

11. BLE Mesh: Offline E2EE

Arc's BLE Mesh Network enables encrypted offline communication via Bridgefy SDK transport encryption β€” unique among major messengers. The BLE range limitation (10-30m) provides an additional physical security layer, making Signal Protocol unnecessary for this use case. Ideal for natural disasters, remote areas, and privacy-critical environments.

12. Threat Model

AdversaryCapabilityMitigation
Passive ObserverIntercepts all trafficE2EE: all content encrypted
Active MITMModifies trafficAES-GCM auth + XEdDSA signatures
Server CompromiseFull Firestore accessNo plaintext stored; keys client-only
Quantum ComputerBreaks X25519Hybrid PQXDH with ML-KEM-1024
Key CompromiseObtains session keyDouble Ratchet forward secrecy
Replay AttackResends messagesIteration tracking + unique nonces

What Arc Cannot Protect Against

  • β€’ Compromised/rooted device with malware
  • β€’ Screenshots by recipient
  • β€’ Server-side metadata analysis (mitigated by Sealed Sender)
  • β€’ Social engineering

13. Standards Compliance

StandardStatus
NIST FIPS 203 (ML-KEM)Implemented via libsignal-client
RFC 7748 (X25519)Implemented
XEdDSA (Signal spec)Implemented via libsignal-client
RFC 5869 (HKDF)Implemented
NIST SP 800-38D (AES-GCM)Implemented

14. Comparison with Signal & WhatsApp

FeatureSignalWhatsAppArc
Protocol BaseSignal ProtocolSignal Protocol (licensed)Signal Protocol (libsignal)
Post-Quantum Key ExchangePQXDH (ML-KEM-1024, 2023)PQXDH (via Signal Protocol)PQXDH (ML-KEM-1024, via libsignal)
Post-Quantum RatchetSPQR Triple Ratchet (Oct 2025)Not confirmedPlanned
Per-Message SignaturesDH authentication onlyDH authentication onlyXEdDSA (libsignal) ✦
Sealed SenderCert + delivery tokenNot implementedEphemeral ECDH envelope ✦
Offline E2EENot supportedNot supportedBLE Mesh (Bridgefy SDK) ✦
Multi-DevicePrimary + LinkedPrimary + LinkedIndependent keys + Key Sync ✦
Key SeparationXEdDSA conversionXEdDSA conversionXEdDSA (same as Signal) β€” unified key pair ✦
Open SourceFully open sourcePartialWhitepaper published

Transparency note: Signal pioneered PQXDH in September 2023 and advanced to SPQR Triple Ratchet in October 2025. Arc's PQC capability is inherited from Signal's open-source libsignal library. Arc's genuine differentiators are marked with ✦.

15. Conclusion

Arc Protocol builds on the proven Signal Protocol foundation and extends it with three proprietary security layers:

XEdDSA (libsignal)

Per-message Ed25519 signatures provide explicit sender authentication, tamper detection, and non-repudiation β€” absent from Signal and WhatsApp.

Client-Side Sealed Sender

Sender anonymity via ephemeral ECDH envelope, entirely on the client.

BLE Mesh (Bridgefy SDK Transport Encryption)

Encrypted offline communication via Bridgefy SDK over Bluetooth β€” unique among major messengers.

We welcome security research and responsible disclosure from the community.

Download PDF

Enter your details to download the Arc Protocol Whitepaper.

Version 2.0 β€” April 2026 Β· Atlas Associates Inc.