Security & Privacy

Security model (read this first)

solDM cannot read your messages because encryption happens on your device and keys never leave the client. There’s no central message database to subpoena or breach.

What we protect

• Message content confidentiality (E2EE)

• “Harvest now, decrypt later” resilience (post-quantum readiness)

• Inbox integrity and spam resistance (message requests + identity hooks)

What we don’t magically solve

• If your device is compromised, your messages can be compromised

• Metadata minimization ≠ metadata elimination (we keep the on-chain footprint minimal, but some network-level metadata exists in any system)

Cryptography overview

End-to-end encryption

• Each conversation has a shared secret established between participants

• Each message derives a fresh encryption key from the conversation secret + message index (prevents key reuse)

Post-quantum readiness

• Hybrid key agreement: classical elliptic-curve + ML-KEM-768

• Goal: resilience against future quantum attackers who record ciphertext today