LEWO - Secure Messaging & Marketplace

Back to Security

On this page

Protocol

Algorithms

Libraries

Encrypted

Storage

Technical Documentation

Implementation details for security researchers and developers.

Encryption Protocols

LEWO implements Signal Protocol with Sealed Sender for all communications, providing forward secrecy, post-compromise security, and sender anonymity during relay.

Signal Protocol

Private messages use Double Ratchet with X3DH key exchange. Groups and channels use Signal Sender Key Protocol for efficient broadcast encryption. Each message uses unique encryption keys, so compromising one key does not affect other messages.

X3DH

Extended Triple Diffie-Hellman key exchange

Double Ratchet

Forward secrecy & post-compromise security

Sender Key

Efficient group & channel encryption

Sealed Sender

Hides sender identity during relay

Key Rotation

Automatic scheduled key renewal

Local Keys

Keys never leave your device

Cryptographic Algorithms

XChaCha20-Poly1305

Current

256-bit key, 192-bit nonce, authenticated encryption

Ed25519

Digital signatures for message authentication

X25519

Elliptic curve Diffie-Hellman key agreement

BLAKE2b

Key derivation and hashing

Cryptographic Library

All cryptographic operations use the Noble.js library suite—pure JavaScript implementations that are audited, constant-time (timing-attack resistant), and compatible with React Native's Hermes engine.

@noble/ciphers

XChaCha20-Poly1305, AES-GCM

@noble/curves

X25519, Ed25519

@noble/hashes

BLAKE2b, SHA-256, HKDF

What's End-to-End Encrypted

Private messages

Group messages

Channel broadcasts

Voice calls

Video calls

Voice messages

File attachments

Location sharing

Business chats

Server Storage Policy

Real-time messages are pure relay—they pass through without being stored. If recipient is offline, encrypted messages are temporarily queued and deleted immediately after delivery. Message content is NULL in the main database. We cannot read any messages—they're encrypted and sealed.

Online: Pure relay

• Messages pass through without storage

• Content is NULL in database

• Sealed Sender hides who sent it

• Direct device-to-device encryption

Offline: Temp queue, then deleted

• Encrypted envelope held temporarily

• Deleted immediately after delivery

• Server cannot decrypt content

• Still sealed—sender hidden