privyx/privyx

 *Building **PRIVYX** — The Next Era of Communication*      ## About PRIVYX **Privacy-first, end-to-end encrypted communication platform.** No compromises on security. No trade-offs on experience. Built for the **post-quantum era** — combining classical and lattice-based cryptography to protect against current and future threats, including harvest-now-decrypt-later attacks. ## Architecture  | Layer | Stack | Details | |-------|-------|---------| | Mobile Client | React Native 0.82 | Cross-platform iOS & Android, TurboModules, WalletConnect / AppKit Auth | | Backend Server | Node.js + Express + Socket.IO | REST API, real-time message relay, no plaintext storage | | Native Crypto | Rust (compiled to native) | X25519 ECDH, ML-KEM-768 KEM, AES-256-GCM, SHA-256 | | WebRTC / TURN | STUN/TURN Signaling | Peer-to-peer audio & video, NAT traversal, ICE via Socket.IO | Data flow: **Client > Rust Crypto > Socket.IO Relay > Backend > MongoDB** ## Cryptographic Protocol Hybrid post-quantum key exchange combining **X25519** (classical) with **ML-KEM-768** (NIST FIPS 203). If either algorithm is broken, the other still protects your data. | Algorithm | Type | Purpose | Status | |-----------|------|---------|--------| | X25519 | Classical ECDH | Key agreement | Current standard | | ML-KEM-768 | Post-Quantum KEM | Key encapsulation | NIST FIPS 203 | | AES-256-GCM | Symmetric AEAD | Message encryption | Quantum-resistant at 256-bit | | SHA-256 | Hash Function | Hybrid secret derivation | NIST standard | Protocol flow: Key Generation > Public Key Exchange > Hybrid Secret Derivation > AES-256-GCM Encryption > Relay & Decrypt ## Features - **Encrypted Messaging** — E2E encrypted 1:1 chat via X25519 + ML-KEM-768 hybrid key exchange with AES-256-GCM. Local-only storage via AsyncStorage. - **Secure Voice & Video Calls** — WebRTC peer-to-peer calls with STUN/TURN signaling and ICE candidate exchange via Socket.IO. - **Wallet-Based Authentication** — Ethereum wallet login via WalletConnect v2 / Reown AppKit. No phone or email required. - **Chat Request System** — Public keys attached to requests. Recipient approval required. Rate-limited to 10 pending requests. - **Ghost Mode** — True anonymity. No personal identifiers, no metadata collection. Cryptographic identity only. - **Vault Transfer** — Encrypted file sharing up to 5GB with client-side quantum-resistant encryption. ## Security - **Zero-Knowledge Server** — Backend acts as encrypted relay. No plaintext message storage. - **Zero-Log Policy** — No message content, metadata, or conversation logs stored server-side. - **Post-Quantum Protection** — ML-KEM-768 hybrid key exchange protects against quantum computing attacks. - **Local-First Storage** — Messages and keys stored locally using AsyncStorage. No central point of compromise. ## Tech Stack