E2EE design (high level)

Core idea

Devices negotiate cryptographic keys peer-to-peer. Public key material may be relayed by the signaling server, but the server never learns session keys. A shared secret is derived, expanded using a key derivation function (KDF), and used to protect media frames and messages with authenticated encryption (AEAD).

Key schedule (concept)

// Pseudocode (publishable, non-implementation specific)

sharedSecret = X25519(myPrivateKey, theirPublicKey)

// Derive directional keys
sendKey = HKDF_SHA256(
  sharedSecret,
  salt,
  "icallu:e2ee:send:v1",
  32
)

recvKey = HKDF_SHA256(
  sharedSecret,
  salt,
  "icallu:e2ee:recv:v1",
  32
)

// Protect media frames or messages using AEAD
// (e.g., AES-GCM or ChaCha20-Poly1305)
//
// Keys are rotated as needed and destroyed immediately
// when the session ends.

Verification (optional)

To reduce the risk of signaling-layer man-in-the-middle attacks, an optional user-verifiable check may be used. Common approaches include Short Authentication Strings (SAS), QR-code comparison, or fingerprint verification.