Securing the Conversation: End-to-End Encryption

A deep dive into the encryption protocols that protect every conversation from eavesdropping.

End-to-end encryption (E2EE) is the gold standard for private communication. It ensures that only the sender and the
intended recipient can read the content of a message or hear a call.

What E2EE Protects Against

Imagine sending a letter. Anyone who handles the letter along its route—the mail sorter, the delivery person—could
potentially open and read it. This is like communication without E2EE. The service provider (like your email provider
or most chat apps) can access your content on their servers.

With E2EE, it's like putting your letter in a locked box, and only you and the recipient have the key. Even if the mail
carrier (the server) gets the box, they cannot open it.

E2EE protects your data from:

  • The service provider (us).
  • Hackers who might breach the service provider's servers.
  • Any third party trying to intercept your communications on the network.

How E2EE Works in Mercury

Mercury uses a multi-layered approach to encryption for every P2P session.

1. The Secure Tunnel (DTLS)

Before any data is exchanged, your device and your contact's device establish a secure channel using DTLS (Datagram
Transport Layer Security). This is the same family of protocols that secures your web browsing (HTTPS). During the
DTLS handshake, the two devices:

  • Verify each other's identity (though this is handled at a higher level in Mercury).
  • Negotiate a shared, secret session key.
  • This process itself is secure, preventing an attacker from seeing the negotiated key.

Once the DTLS tunnel is established, all communication (signaling for media, data channel packets) is encrypted using
the negotiated session key.

2. Per-Message Encryption (The Data Channel)

For text messages and other data sent over the data channel, Mercury adds an additional layer of security.

  • Key Exchange (X25519): When a data channel opens, your device and your peer's device generate temporary,
    single-session key pairs (known as ephemeral keys). They exchange the public parts of these keys.
  • Shared Secret: Using an algorithm called Elliptic Curve Diffie-Hellman (ECDH), both devices can independently
    compute an identical shared secret using their own temporary private key and the peer's temporary public key. An
    eavesdropper who only sees the public keys cannot compute this secret.
  • AES-256-GCM Encryption: This shared secret is then used as the key for a strong, authenticated symmetric
    encryption algorithm (AES-256-GCM). Every message you send is encrypted with this key before being sent through the
    already-secure DTLS tunnel. The peer's device uses the same key to decrypt it.

This "double-wrapping" ensures that even in the unlikely event the main DTLS channel key were compromised, an attacker
would still face another layer of robust encryption specific to the chat session.