Arc Protocol v2.0 — Powered by libsignal
Arc Protocol
Livre blanc sécurité
Version 2.0 — April 2026 · Atlas Associates Inc. · Public
Abstract
Arc est une messagerie axée sur la confidentialité, basée sur le protocole Signal, avec signatures Ed25519 (AEGIS), anonymisation côté client et E2EE hors ligne via BLE Mesh.
Arc offre le chiffrement de bout en bout (E2EE) sur tous les plans, gratuitement. La sécurité n'est jamais derrière un paywall.
1. Principes de conception
E2EE pour tous
Chiffrement complet sur tous les plans. Pas de paywall pour la sécurité.
Prêt pour le post-quantique
Hybrid classical + PQC to protect against future quantum computers.
Architecture zero trust
The server never sees plaintext content. Metadata exposure is minimized.
Pas de portes dérobées
No government or internal request can compromise encryption. Enforced by cryptographic design.
2. Fondation cryptographique
| Composant | Algorithme | Norme | Taille de clé |
|---|---|---|---|
| Key Exchange (Classical) | X25519 ECDH | RFC 7748 | 256-bit |
| Key Exchange (Post-Quantum) | ML-KEM-1024 (via libsignal) | FIPS 203 | Level 3 |
| Message Encryption | AES-256-GCM | NIST SP 800-38D | 256-bit |
| Message Authentication | XEdDSA (libsignal) | Signal XEdDSA spec | 256-bit |
| Key Derivation | HKDF-SHA256 | RFC 5869 | 256-bit output |
| Chain Key Derivation | HMAC-SHA256 | RFC 2104 | 256-bit |
| Protocol Base | Signal Protocol | Open specification | — |
Arc uses libsignal-client v0.65.2 (Rust, via FFI) — the same library used by Signal Messenger — for core protocol operations.
3. PQXDH : Échange de clés hybride
Les ordinateurs quantiques capables de casser X25519 pourraient exister dans 10-15 ans. Arc combine X25519 classique avec ML-KEM-1024 post-quantique — la même approche que Signal a introduite en septembre 2023.
Alice → Bob: 1. Fetch Bob's PreKey Bundle (Identity + Signed PreKey + One-Time PreKey + PQ PreKey) 2. 4× X25519 DH computations 3. ML-KEM-1024.Encaps(Bob's PQ Public Key) → (pq_ciphertext, pq_shared_secret) 4. Root Key = HKDF-SHA256(DH1‖DH2‖DH3‖DH4‖pq_shared_secret) 5. Send: Alice's keys + PQ ciphertext (1,088 bytes) + encrypted message
Un attaquant doit casser à la fois X25519 et ML-KEM-1024 pour compromettre l'échange de clés.
| Parameter | Value |
|---|---|
| Public Key | 1,184 bytes |
| Secret Key | 2,400 bytes |
| Ciphertext | 1,088 bytes |
| Shared Secret | 32 bytes |
| NIST Security Level | Level 3 (AES-192 equivalent) |
| NIST Standard | FIPS 203 (August 2024) |
4. Double Ratchet : Secret persistant
After session establishment via PQXDH, all subsequent messages use the Double Ratchet algorithm, providing forward secrecy (compromise of a current key cannot decrypt past messages) and break-in recovery (compromise is automatically healed after a few messages).
DH Ratchet (direction change): New Root Key = HKDF-SHA256(current_root_key, X25519_DH_output) Symmetric Ratchet (per-message): Message Key = HMAC-SHA256(chain_key, 0x01) Next Chain = HMAC-SHA256(chain_key, 0x02)
Every message uses a unique, independently derived key. Chain keys are immediately deleted after deriving the next key. Maximum 1,000 skipped message keys cached per session.
5. AES-256-GCM : Chiffrement des messages
Chaque message est chiffré avec une clé unique dérivée du Double Ratchet en utilisant AES-256-GCM.
Ciphertext = AES-256-GCM.Encrypt( key: message_key (32 bytes), nonce: random (12 bytes, never reused), aad: ratchet_public_key ‖ prev_chain_length ‖ message_number, plaintext: message content ) Per-message overhead: nonce (12B) + auth tag (16B) = 28 bytes
6. AEGIS : Authentification des messages
AEGIS fournit des signatures numériques Ed25519 par message. Ni Signal ni WhatsApp ne signent les messages individuels.
| Property | Description |
|---|---|
| Sender Authentication | Cryptographic proof that a specific user sent the message |
| Tamper Detection | Any modification after signing is detected |
| Non-Repudiation | Sender cannot deny having sent the message |
XEdDSA Signing (via libsignal): payload = senderId ‖ "|" ‖ timestamp ‖ "|" ‖ content signature = XEdDSA.Sign(payload, X25519_private_key) → 64 bytes attached to message (Converts X25519 key to Ed25519 internally — no separate Ed25519 key needed) Verification: XEdDSA.Verify(payload, signature, sender_X25519_public_key) → verified | failed | noSignature
7. Sealed Sender : Anonymat de l'expéditeur
Sealed Sender prevents the server from knowing who sent a message. Signal's implementation uses a sender certificate and delivery token system. Arc uses a simpler ephemeral X25519 ECDH envelope without server-side token validation.
Sender: 1. Generate ephemeral X25519 keypair 2. DH = X25519(ephemeral_private, recipient_identity_public) 3. AES_Key = HKDF-SHA256(DH, info="Arc Sealed Sender v1") 4. Envelope = AES-256-GCM(senderId + "\0" + payload, AES_Key) → Sealed Message = ephemeral_pub(32B) ‖ nonce(12B) ‖ ciphertext ‖ mac(16B)
Available for 1:1 chats where both participants have the Intelligence plan.
8. Chiffrement de groupe : Sender Keys
Arc uses Signal Protocol's Sender Key mechanism for efficient group encryption. Each member generates a personal Sender Key, distributed via encrypted 1:1 channels. Messages are encrypted once (not N times for N members).
Encryption (libsignal group_encrypt): Chain Key → Message Key → AES-256-GCM (libsignal internal) HMAC signature (libsignal internal) → Output: SenderKeyMessage bytes Decryption (libsignal group_decrypt): Signature verify → Replay detect → Decrypt (libsignal internal) All crypto operations delegated to libsignal — no custom primitives.
9. Gestion des clés
| Key | Algorithme | Lifetime | Storage |
|---|---|---|---|
| Identity Key | X25519 | Account lifetime | Platform Secure Storage |
| Signing Key | XEdDSA (libsignal) | 90-day rotation | Platform Secure Storage |
| Signed PreKey | X25519 | Weekly rotation | Platform Secure Storage |
| One-Time PreKey | X25519 | Single use | Platform Secure Storage |
| PQ PreKey | ML-KEM-1024 | Single use | Platform Secure Storage (via libsignal) |
Private keys are stored in iOS Keychain / Android EncryptedSharedPreferences. Never in Hive, SharedPreferences, plain files, or cloud storage.
Elixir PreKey Server
PreKey bundles (Signed PreKey, One-Time PreKeys, PQ PreKeys) are managed by an Elixir-based PreKey server that handles bundle distribution, one-time key depletion tracking, and automatic replenishment signaling to clients.
10. Key Sync : Multi-appareils
Arc uses independent key sets per device (no primary/linked hierarchy). To decrypt messages from the original device on a new device, users scan a QR code containing an ephemeral X25519 public key. Both devices perform ECDH, derive an AES-256-GCM key via HKDF, and securely transfer identity keys. Session TTL: 5 minutes.
11. BLE Mesh : E2EE hors ligne
Le réseau BLE Mesh d'Arc permet la communication E2EE sans Internet — unique parmi les messageries majeures.
12. Modèle de menace
| Adversaire | Capacité | Atténuation |
|---|---|---|
| Passive Observer | Intercepts all traffic | E2EE: all content encrypted |
| Active MITM | Modifies traffic | AES-GCM auth + XEdDSA signatures |
| Server Compromise | Full Firestore access | No plaintext stored; keys client-only |
| Quantum Computer | Breaks X25519 | Hybrid PQXDH with ML-KEM-1024 |
| Key Compromise | Obtains session key | Double Ratchet forward secrecy |
| Replay Attack | Resends messages | Iteration tracking + unique nonces |
Ce qu'Arc ne peut pas protéger
- • Compromised/rooted device with malware
- • Screenshots by recipient
- • Server-side metadata analysis (mitigated by Sealed Sender)
- • Social engineering
13. Conformité aux normes
| Norme | Statut |
|---|---|
| NIST FIPS 203 (ML-KEM) | Implemented via libsignal-client |
| RFC 7748 (X25519) | Implemented |
| XEdDSA (Signal spec) | Implemented via libsignal-client |
| RFC 5869 (HKDF) | Implemented |
| NIST SP 800-38D (AES-GCM) | Implemented |
14. Comparaison avec Signal & WhatsApp
| Fonctionnalité | Signal | Arc | |
|---|---|---|---|
| Protocol Base | Signal Protocol | Signal Protocol (licensed) | Signal Protocol (libsignal) |
| Post-Quantum Key Exchange | PQXDH (ML-KEM-1024, 2023) | PQXDH (via Signal Protocol) | PQXDH (ML-KEM-1024, via libsignal) |
| Post-Quantum Ratchet | SPQR Triple Ratchet (Oct 2025) | Not confirmed | Planned |
| Per-Message Signatures | DH authentication only | DH authentication only | XEdDSA (libsignal) ✦ |
| Sealed Sender | Cert + delivery token | Not implemented | Ephemeral ECDH envelope ✦ |
| Offline E2EE | Not supported | Not supported | BLE Mesh (Bridgefy SDK) ✦ |
| Multi-Device | Primary + Linked | Primary + Linked | Independent keys + Key Sync ✦ |
| Key Separation | XEdDSA conversion | XEdDSA conversion | XEdDSA (same as Signal) — unified key pair ✦ |
| Open Source | Fully open source | Partial | Whitepaper published |
Note de transparence : Signal a implémenté PQXDH en 2023 et le Triple Ratchet SPQR en 2025. La capacité PQC d'Arc provient de la bibliothèque open-source libsignal de Signal. Les différenciateurs uniques d'Arc sont marqués ✦.
15. Conclusion
Le protocole Arc s'appuie sur le protocole Signal éprouvé et l'étend avec trois couches de sécurité propriétaires :
XEdDSA (libsignal)
Per-message Ed25519 signatures provide explicit sender authentication, tamper detection, and non-repudiation — absent from Signal and WhatsApp.
Client-Side Sealed Sender
Sender anonymity via ephemeral ECDH envelope, entirely on the client.
BLE Mesh (Bridgefy SDK Transport Encryption)
E2EE via Bluetooth without internet — unique among major messengers.
Nous accueillons la recherche en sécurité et la divulgation responsable.
Download PDF
Enter your details to download the Arc Protocol Whitepaper.
Version 2.0 — April 2026 · Atlas Associates Inc.