Serverless • Post-Quantum Cryptography • Private Payments • Metadata Resistant • Patent Pending Technology • Tor Network

A truly serverless P2P E2EE messaging system that eliminates metadata exposure. While other secure messengers protect your messages, Secure protects your identity, communication patterns, and social network from surveillance. No application servers know who you talk to, when you communicate, or where you are.

"No servers. Metadata resistance. No compromises."

Even the most secure messaging apps today have a fundamental flaw: they protect your messages but expose your metadata.

What's metadata? It's everything except the content of your messages:

• Who you talk to (your social network)
• When you communicate
• How often you message someone
• Your IP address and location
• Your contact list

Why does this matter?

"We kill people based on metadata." — Former NSA Director Michael Hayden

Governments, corporations, and attackers don't need to read your messages. Knowing who you talk to and when tells them almost everything they need to know.

• Journalists: A reporter's sources can be identified just by seeing who contacts them, even if messages are encrypted
• Activists: Protest organizers can be mapped by their communication patterns
• Whistleblowers: Simply connecting with a journalist can expose your identity
• Anyone: Your relationship network, daily routines, and social circle are exposed to whoever runs the messaging servers

Secure eliminates application-level servers entirely. Messages go directly peer-to-peer over Tor.

Traditional secure messengers:

You → Signal Server (sees who, when, where) → Recipient

Secure:

You ←→ Tor Network ←→ Recipient
(No Secure-owned servers in the middle)

No application servers know:

• Who you're messaging
• When you're messaging
• Where you're messaging from
• Who's in your contact list
• Your communication patterns

Hybrid X25519 + ML-KEM-1024 (Kyber-1024) protects against "harvest now, decrypt later" attacks by quantum computers.

• Uses NIST-standardized ML-KEM (FIPS 203) post-quantum key encapsulation
• Combines classical X25519 ECDH with quantum-resistant Kyber-1024
• Secure if EITHER algorithm remains unbroken
• Future-proof encryption for sensitive communications

Three separate Tor hidden services provide complete anonymity:

1. Friend-Request .onion - Three-phase encrypted contact exchange
2. Messaging .onion - Direct peer-to-peer encrypted messaging
3. Voice Calling .onion - Encrypted peer-to-peer voice calls

All .onion addresses are deterministically generated from your seed phrase—your identity is self-sovereign and portable.

How you add contacts securely:

Phase 1 - PIN-Encrypted Initial Request (0x07)

• Friend shares QR code with friend-discovery .onion + 10-digit PIN
• You send encrypted contact request to their friend-request.onion
• PIN prevents spam and unauthorized requests

Phase 2 - Post-Quantum Hybrid Acceptance (0x08)

• Recipient reviews request and sends full contact card back
• Encrypted with X25519 + Kyber-1024 hybrid encryption
• Includes hybrid shared secret for quantum-resistant key chain

Phase 3 - Mutual Acknowledgment (0x08)

• Original sender sends their full contact card
• Both parties now have complete contact information
• Bidirectional messaging enabled with post-quantum key chains

No servers. No central directory. No phone numbers.

Messages only deliver when the recipient is online AND authenticates.

SENDER                          RECIPIENT
  |                                 |
  |- Create encrypted message       |
  |- Store in local queue           |
  |- Send PING token --------------->|
  |   (via Tor hidden service)      |- Receive wake notification
  |                                 |- Authenticate (biometric)
  |<--------------- PONG -----------|
  |   (confirms online + authed)    |
  |- Send encrypted message -------->|
  |   (via Tor)                     |- Decrypt & display
  |<---------------- ACK ------------|
  |- Delete from queue              |

Why this matters:

• No messages sitting on servers waiting to be compromised
• Active consent required for message delivery
• If recipient's device is seized, your message never arrives
• Complete sender control over delivery

Perfect for:

• Sensitive sources and high-risk conversations
• When absolute security matters more than convenience
• Anyone who needs metadata-resistant communication

Bidirectional online presence without servers.

When your device connects to Tor, it broadcasts an encrypted "I'm online" signal to all contacts:

DEVICE A                        DEVICE B
  |                                 |
  |- Tor connects                   |
  |- Send TAP to all contacts ----->|
  |   (port 9151, encrypted)        |- Decrypt TAP
  |<------------- TAP_ACK -----------|- Confirm receipt
  |                                 |- ACH State Machine Checks:
  |                                 |  • Pending Pings FROM A?
  |                                 |  • Pending messages TO A:
  |                                 |    - MESSAGE_ACK received? → Skip
  |                                 |    - PONG_ACK received? → Skip
  |                                 |    - PING_ACK received? → Poll for PONG
  |                                 |    - No PING_ACK? → Retry Ping

TAP triggers immediate retry of pending messages when contacts come online—no polling delays.

Sophisticated message tracking manages the entire delivery lifecycle:

• PING_ACK: Recipient's Tor hidden service is reachable
• PONG_ACK: Recipient authenticated and confirmed availability
• MESSAGE_ACK: Message delivered to recipient's device
• TAP_ACK: Bidirectional heartbeat confirmed

Exponential backoff retry logic and persistent queue management ensure guaranteed offline message delivery.

Multi-chain cryptocurrency wallet integrated into messaging:

• Zcash (ZEC) for maximum privacy with shielded transactions
• Solana (SOL/USDC/USDT) for fast, low-fee payments
• In-chat payment protocol based on NLx402 core logic
• Request money, send payments, view transaction history
• Hardware-backed wallet keys (StrongBox/TEE)

Your Solana wallet is your messaging identity—no phone numbers, no email, no registration.

Multi-Layered Access Control Hierarchy:

• Keys stored in Android StrongBox (Pixel) or Trusted Execution Environment (Knox)
• Biometric authentication required on every app launch
• Argon2id password hashing for database encryption
• Domain-separated key derivation
• Memory zeroization (DOD 5220.22-M 3-pass standard)
• Duress PIN triggers cryptographic data wipe

Duress PIN instantly wipes all evidence:

1. Cryptographic key destruction (DOD 5220.22-M standard)
2. Notifies all contacts to delete queued messages for you
3. Appears like authentication failure (undetectable)
4. Restores from seed phrase when safe

No evidence. No queued messages. No metadata to analyze.

Send encrypted voice recordings directly peer-to-peer.

Secure supports voice messages transmitted via the same Ping-Pong Wake protocol:

• Opus codec: High-quality audio (48kHz, 32kbps CBR), optimized for Tor bandwidth
• Same security model: Voice only transmits after recipient authenticates
• No servers involved: Voice data never touches third-party infrastructure
• Encrypted end-to-end: XChaCha20-Poly1305 AEAD for voice payloads

Why voice over P2P matters:

• Traditional messengers store voice messages on servers (metadata exposure)
• Secure voice messages transit peer-to-peer only when recipient confirms availability
• Prevents voice message "inboxes" that can be surveilled or subpoenaed

Three-Phase Friend Request Protocol over Tor:

1. Friend shares QR code with friend-discovery .onion + 10-digit PIN
2. You scan QR code and send PIN-encrypted request to their friend-request.onion
3. They review and accept, sending back their full contact card encrypted with post-quantum hybrid cryptography
4. You send your full contact card back as mutual acknowledgment
5. Both parties now have each other's messaging .onion addresses

No blockchain. No central directory. Direct peer-to-peer exchange.

1. You: "Hey, ready to receive?" (encrypted PING over Tor)
2. Them: *unlocks phone, sees notification, authenticates*
3. Them: "Ready!" (encrypted PONG over Tor)
4. You: *sends encrypted message/voice directly peer-to-peer*
5. Them: *receives message, sends MESSAGE_ACK*
6. Them: *opens message, sends TAP_ACK (read receipt)*

Nobody in the middle. Messages never sit on a server.

4-Tier ACK System provides granular tracking:

• PING_ACK: Recipient's Tor hidden service is reachable
• PONG_ACK: Recipient authenticated and confirmed availability
• MESSAGE_ACK: Message delivered to recipient's device
• TAP_ACK: Recipient opened and viewed the message

• Cryptography: XChaCha20-Poly1305 + Ed25519 + X25519 + ML-KEM-1024 (post-quantum)
• Anonymity: All traffic through Tor network (triple .onion architecture)
• Hardware Security: Keys in StrongBox/TEE (Android)
• Payments: Zcash (privacy) + Solana (speed)
• Database: SQLCipher with AES-256-GCM encryption

• ✓ Post-Quantum Cryptography — Hybrid X25519 + ML-KEM-1024 (NIST FIPS 203)
• ✓ End-to-end encryption — XChaCha20-Poly1305 AEAD for all messages
• ✓ Per-message forward secrecy — Bidirectional key ratcheting
• ✓ Metadata resistant — No servers track who, when, or where
• ✓ Hardware key storage — Android StrongBox/TEE
• ✓ No phone numbers — Wallet-based identity, no registration
• ✓ Triple .onion architecture — Friend requests, messaging, voice calling

• ✓ Ping-Pong Wake Protocol — Messages only send when recipient confirms
• ✓ TAP Heartbeat System — Bidirectional online presence with ACH state machine
• ✓ 4-tier ACK tracking — PING_ACK → PONG_ACK → MESSAGE_ACK → TAP_ACK
• ✓ Voice messages — Opus codec over P2P
• ✓ Image sharing — Encrypted image transfer with EXIF stripping
• ✓ Stickers & GIFs — Local animated media packs
• ✓ Reactions — Emoji reactions on messages
• ✓ Voice calls — End-to-end encrypted calling over Tor (Opus, 48kHz)
• ✓ Self-destruct timers — DOD 5220.22-M secure deletion
• ✓ Duress protection — Panic PIN wipes everything instantly
• ✓ Screenshot protection — Prevents screen capture
• ✓ Auto-lock — Configurable inactivity timeout

• ✓ Three-Phase Friend Protocol — PIN + post-quantum hybrid encrypted exchange
• ✓ No exit nodes — All communication stays within Tor network
• ✓ No push notifications — No FCM, no APNs, no third-party infrastructure
• ✓ Tor VPN mode — System-wide Tor routing with OnionMasq (Arti)
• ✓ Pluggable transports — obfs4, Snowflake, webtunnel for censorship circumvention
• ✓ Offline-first design — Messages queue locally, deliver when recipient online

• ✓ Multi-chain wallet — Zcash (ZEC) + Solana (SOL/USDC/USDT)
• ✓ Secure Pay protocol — In-chat payments based on NLx402 core logic
• ✓ Hardware-backed keys — Wallet keys in StrongBox/TEE
• ✓ Payment requests — Request money with custom amounts and memos
• ✓ Transaction history — Encrypted local storage

• Protect source anonymity with metadata resistance
• No server logs to subpoena
• Duress PIN if source is compromised
• Post-quantum encryption for long-term secrecy

• Coordinate without revealing your network
• Works in censored networks (Tor + pluggable transports)
• No metadata for surveillance
• Offline-first messaging for unreliable connectivity

• Attorney-client privilege with technical safeguards
• Hardware-backed key storage for compliance
• Demonstrable security for regulatory requirements
• Secure Pay for client payments

• Wallet-based identity (familiar paradigm)
• Integrated payments without switching apps
• Hardware security for wallet keys
• Privacy-first mindset aligned

• Maximum security for high-risk conversations
• Open source and auditable
• No compromises on privacy
• Community-driven development

Current Phase: Public Beta (v0.7.x) ✓ Next Phase: Stability & Performance Improvements ▸

• [✓] Post-quantum cryptography implementation
• [✓] Triple .onion architecture
• [✓] Three-phase friend request protocol
• [✓] Ping-Pong wake protocol
• [✓] TAP heartbeat system
• [✓] ACH state machine
• [✓] Secure Pay integration
• [✓] Voice messages over P2P
• [✓] Image sharing over P2P
• [✓] Stickers & GIF packs (local)
• [✓] Emoji reactions
• [✓] Voice calls over Tor (Opus)
• [✓] In-process Arti Tor (Rust-native, no C Tor binary)
• [✓] Tor VPN mode
• [✓] Public beta launch (Android app)
• [▸] CRDT group messaging (in progress)
• [▸] Security audit (planned)
• [▸] Performance optimizations
• Desktop client

Trust through transparency.

Security products that ask for your trust need to prove they deserve it. Secure is open source so:

• ◆ Anyone can audit the code for backdoors or vulnerabilities
• ◇ Security researchers can verify our claims
• ◈ Community contributions make it better
• ○ Educational resource for learning secure system design
• ▸ Freedom to run your own infrastructure

"Don't trust, verify."

We believe in honest communication about security limitations:

Not Protected:

• ✗ Hardware implants in the device itself (physical supply chain attacks)
• ✗ Endpoint security failures (keyloggers, screen recorders, clipboard sniffers)
• ✗ Social engineering attacks (phishing, impersonation)
• ✗ Physical coercion ($5 wrench attack - duress PIN provides limited defense)

What We DO Protect:

• ✓ Network surveillance and metadata collection
• ✓ Server compromises (no servers exist with your data)
• ✓ Traffic analysis (Tor hidden services obscure patterns)
• ✓ Future quantum computer attacks (ML-KEM-1024 post-quantum crypto)
• ✓ Key extraction attacks (hardware-backed keys in StrongBox/TEE)

Know your threat model. Use the right tool for your situation.

Want the technical details? Check out our documentation:

• ▸ Android App — Kotlin/Java Android application
• ◈ Crypto Library — Open-source Rust cryptography, CRDT, Tor/Arti, audio, wallet
• ○ Download Beta — Try it yourself
• ◇ Documentation — Technical architecture
• ▣ Roadmap — Development timeline

Signal is excellent for message content encryption, but it runs centralized servers that see metadata. Secure eliminates application servers entirely with direct peer-to-peer communication over Tor.

Session is decentralized but all messages route through service nodes that can see timing patterns. Secure's Ping-Pong protocol with TAP heartbeat has zero intermediaries for maximum security.

The Solana wallet key serves as your messaging identity. This means:

1. No registration with personal info
2. Unforgeable identity (cryptographic proof)
3. Self-sovereign identity (you control it, not a company)
4. Integrated payments for Secure Pay

The app is free. Messaging has no costs (peer-to-peer over Tor). Payments use standard blockchain transaction fees (fractions of a cent on Solana, ~$0.01 for Zcash shielded transactions).

CRDT-based group messaging is actively in development. It uses conflict-free replicated data types for decentralized consensus — no server needed to coordinate group state.

The code is open source. Get a security audit from a firm you trust. Verify the cryptography. Don't trust—verify.

If those apps meet your threat model, use them! Secure is for people who need metadata resistance and post-quantum security together — no servers that can log who you talk to, and encryption that survives future quantum computers. That's not everyone. Use the right tool for your needs.

• ◆ Star this organization if you support privacy technology
• ◇ Download the beta at securelegion.org/download
• ○ Share with journalists, activists, and privacy advocates
• ▸ Report issues if you find problems

• ◈ Contribute code — See repository CONTRIBUTING.md files
• ◆ Security review — Help us find vulnerabilities
• ◇ Documentation — Make this accessible to everyone
• ○ Testing — Ensure reliability across devices

• ▸ Cryptographic review — Verify our crypto implementation
• ◈ Penetration testing — Help us harden the system
• ◆ Academic research — Publish papers on the protocols
• ◇ Responsible disclosure — Email dev@securelegion.org

• ○ Spread awareness of metadata privacy issues
• ▸ Policy advocacy — Support strong encryption laws
• ◈ Education — Teach others about threat models

• Website: securelegion.org
• Email: contact@securelegion.org
• Twitter/X: @SecureLegion
• GitHub: Secure-Legion
• Address: 1309 Coffeen Avenue STE 1200, Sheridan, Wyoming 82801

Security Issues: dev@securelegion.org (48-hour response for critical vulnerabilities)

PolyForm Noncommercial License 1.0.0

Commercial licensing available — contact@securelegion.org

Secure builds on the work of privacy and cryptography pioneers:

Post-Quantum Cryptography:

• NIST - ML-KEM-1024 standardization (FIPS 203)
• pqc_kyber - Rust implementation

Cryptography:

• RustCrypto - XChaCha20-Poly1305 implementation
• Dalek Cryptography - Ed25519 and X25519 primitives
• Argon2 - Password hashing

Networking:

• Tor Project - Anonymous routing infrastructure
• Guardian Project - tor-android and OnionMasq
• IPtProxy - Pluggable transports

Blockchain:

• Zcash - Privacy-focused cryptocurrency
• Solana - High-performance blockchain
• Electric Coin Company - Zcash Android SDK

Payment Protocol:

• PCEF (Perkins Coie Entrepreneur Fund) - 501(c)(3) nonprofit; NLx402 payment protocol core logic

Special thanks to the journalists, activists, and whistleblowers who inspired this project by risking everything to expose truth.

"Privacy is not about having something to hide. Privacy is about protecting everything you are."

Secure exists because privacy is a human right, not a luxury. We believe:

• ○ Everyone deserves private communication
• ◆ Security tools should be open and auditable
• ◇ Different threats need different tools
• ◈ Users should understand their security, not just trust it
• ▸ Privacy technology should empower, not exploit

We're building the messenger we wish existed when we needed it most.

Secure — Private by Design
No servers. Metadata resistance. No compromises.

◆ Star this organization if you believe in privacy ◆

Donate to support privacy technology:

• Solana (SOL): 7i3oi9YFquREM3LgD6KgAxxBsoSooSBRxwKKnKLLKJY2 - Bitcoin (BTC): bc1q3wdxa7tw6nr93r2tmrg488h4k6jrsj8hk5nzxd
• Ethereum (ETH): 0xbD12aF5bf24ded147FBAae1F5795CE9357131F8B

                                                            Powered by $SECURE