The architecture behind Blink.

This page walks through the cryptographic posture and message model that keep Blink private by design. A documented developer surface is on our roadmap — coming soon.

Talk to us

Protocol posture

Deterministic dm_v3 and group_v3 protocols are built on AES-256-GCM authenticated encryption, ECDH P-256 key agreement, and HKDF-SHA256 key derivation, with key epochs that rotate every seven days for forward secrecy.

Ciphertext-only by design

Encryption happens on-device before anything is sent. Servers store only ciphertext in our ScyllaDB database, and media is encrypted client-side before it is uploaded to S3.

Transaction messages

Transaction messages are an immortal record type for receipts and records that never expire, sealed with the same end-to-end encryption as every other message.

On-device keys

Your device holds only derived keys and an encrypted vault. Keys are generated on-device and never leave it.

// Conceptual: every message is sealed on-device before it is sent.
// Servers only ever see ciphertext.

const messageKey = hkdfSha256(ecdhP256(myPrivateKey, peerPublicKey), epochInfo);
const sealed = aes256gcm.encrypt(messageKey, plaintext); // dm_v3 / group_v3

await transport.send(sealed); // server stores ciphertext only

How encryption works