Silent Text

Silent Text is based on the Silent Circle Instant Messaging Protocol (SCIMP). SCIMP enables you to have a private conversation over instant message transports such as XMPP (Jabber) and is responsible for both encrypting and securing the message content and as well as negotiate the shared secret keys.

Silent Circle Instant Message Protocol

Why Invent SCIMP?

  • Protocol & code is easily analyzed and implemented
  • Strong Encryption throughout
  • NIST-vetted crypto primitives
  • Derived from ZRTP
  • Available as open source uncontaminated by GPL

Modern Crypto

  • Elliptic Curve Diffie–Hellman, NIST 800-56A
  • Advanced Encryption Standard (AES) FIPS-197
  • Counter with CBC-MAC (CCM), NIST 800-38C
  • Key Derivation, NIST 800-108
  • Secure Hash Standard, FIPS 180-4
  • Skein Hash/MAC (optional)
  • FIPS-140 is not out of reach

Algorithms and Ciphers Options

    Suite Hash KDF/MA C Cipher Public Key
    1 SHA-256 HMAC/SHA- 256 AES-128 ECC-384
    2 SHA-512/256 HMAC/SHA- 512 AES-256 ECC-384
    3 SKEIN- 512/256 SKEIN- MAC-512 AES-256 ECC-384

Alice wants to talk to Bob

  • Create a shared secret key to encrypt with:
    • They both generate separate EC-Keys
    • Use Diffie Hellman Key exchange to derive a common shared secret.
  • Mix some shared information to strengthen the secret into a strong crypto key
Alice wants to talk to Bob

They need to protect against...

  • Eavesdropper trying to figure out the secret key
  • Impersonator in the middle of the conversation
  • Decrypting old messages by acquiring the device
They need to protect against...

SCIMP provides

  • Hash Commitment
  • Short Authentication String
  • Key Continuity
  • Perfect Forward Secrecy
  • Opportunistic Encryption

Setting up a secure conversation in four steps

  • Eavesdropper trying to figure out the secret key
  • Impersonator in the middle of the conversation
  • Decrypting old messages by acquiring the device
Setting up a secure conversation step 1

Alice Commits to Bob

  • Hello, I’d like to talk privately
  • Here are options I’d like to use
  • Setting up a secure conversation step 2
  • I’ll show you my secret after you show me yours. But here is something to prove I wont switch it on you.
  • We might have talked before, do you recognize this?
  • Setting up a secure conversation step 3

Bob Replies with DH1

  • Here is a fresh public key
  • I think we talked before too.. does this look familiar?
  • Here is a fresh public key
  • If Bob doesn’t support Alice’s options he ends the conversation and sends his own commit.
  • We might have talked before, do you recognize this?
  • Here is a fresh public key step 2

Alice continues with DH2

  • Here is the public key I promised you.
  • Here is a test to verify that our secrets match
  • Alice continues with DH2
  • If Bob doesn’t support Alice’s options he ends the conversation and sends his own commit.
  • We might have talked before, do you recognize this?
  • Alice continues with DH2

Bob completes the setup

  • Yes our secrets match
  • Here is a test to verify that our secrets match too
  • Bob completes the setup
    Bob completes the setup

Now that we have a shared secret

  • We need to turn it into strong key material
  • strengthen it using what we know and how we plan to use the keys for encrypting and authenticating
  • Now that we have a shared secret

Encrypting a message

  • Sequence numbers with random start index
  • Payload encrypted using CCM-AES with padding
  • Message Authentication Code
  • Different key for each direction
  • Different key for each message
  • Encrypting a message

Perfect Forward Secrecy

  • Each message gets it’s own key in a hash chain and is deleted as soon as possible
  • Seizing the phone will not reveal keys for previously sent messages
  • Perfect Forward Secrecy

Software Library

  • libscimp - C library, Simple API (iOS, OSX)
  • Crypto from LibTomCrypt and LibTomMath
  • Skein and SkeinMAC
  • Handles all protocol and crypto operations