TECHNICAL

Security

End-to-End Encryption

All messages are encrypted using open, audited cryptographic standards. This means:

  • • Messages are encrypted on your device before leaving it
  • • Only the intended recipient can decrypt messages
  • • Even Lakrion cannot read your messages
  • • Forward secrecy: compromising one key doesn't expose past messages

Cryptographic Standards

We use proven, widely-audited cryptography:

  • Key Evolution — Keys change with every message for forward secrecy
  • Secure Key Exchange — Cryptographic handshake establishes shared secrets
  • Elliptic Curve Cryptography — Modern, efficient public key operations
  • AES-256 — Industry standard message encryption
  • Message Authentication — Tamper-proof message integrity

Server-Blind Architecture

Our servers are designed to know as little as possible:

  • Cannot read messages — Only encrypted blobs pass through
  • Minimal contact visibility — We don't store contact graphs or social connections
  • Cannot identify users — Account keys, not personal info
  • Cannot comply with impossible requests — We don't have what we don't collect

Key Management

  • • Private keys never leave your device
  • • Keys are generated locally using cryptographically secure random
  • • Device keys are unique per device
  • • Account key is a cryptographic credential, not a password

Dormant Architecture (LDA)

Lakrion introduces the Lakrion Dormant Architecture — a novel security pattern designed to protect against zero-click exploits like those used by Pegasus.

  • Code not loaded can't be exploited — High-risk subsystems remain completely unloaded until needed
  • Mutual consent activation — Neither party can unilaterally trigger code on the other's device
  • Time-bounded operation — Active subsystems automatically return to dormant state
  • Minimal attack surface — When dormant, high-risk code is not loaded

Read the full LDA specification →

Verification

Users can verify each other's identity through safety numbers — a unique fingerprint derived from both parties' keys. Comparison can be done in-person via QR code or by comparing numbers manually.

Infrastructure Security

  • • TLS 1.3 for all connections
  • • Certificate pinning in applications
  • • Independent security audits planned
  • • Minimal data retention
  • • Geographic distribution for resilience

Open Questions

We're committed to transparency. Our protocol implementation will be available for security researchers to audit. If you discover a vulnerability, please report it through our contact page.

What We Can't Protect Against

No system is perfect. Encryption doesn't protect against:

  • • Device compromise (malware on your phone)
  • • Screenshots by recipients
  • • Physical access to unlocked devices
  • • Weak device security (no PIN/biometric)
  • • Social engineering

Security is a chain. We provide the strongest link we can — the rest depends on you.

Last updated: January 2026

← Back to home