Security
Honest assessment of what ZChat protects and what it does not.
Threat Model
ZChat protects against
- Server-side message interception. Messages are on-chain, not on our servers.
- On-chain metadata analysis. Zcash shielded transactions hide sender, receiver, and amount.
- Message content exposure. Encrypted memos + optional E2E layer.
ZChat does NOT protect against
- Network-level surveillance. IP addresses are visible unless you use Tor or a VPN.
- Compromised device. If your phone is compromised, messages are readable.
- Zcash protocol vulnerabilities. If Zcash's cryptography were broken.
- Application-layer bugs. No third-party audit has been performed.
Metadata Analysis
What data is visible, partially visible, or hidden when you use ZChat.
| Data Point | Hidden? | How |
|---|---|---|
| Message content | Yes | Zcash encrypted memo + optional E2E (AES-256-GCM) |
| Sender address | Yes | Zcash shielded pool (Orchard) |
| Receiver address | Yes | Zcash shielded pool (Orchard) |
| Transaction amount | Yes | Zcash shielded pool |
| Message timestamp | Partial | Block time visible (~75s resolution), exact send time hidden |
| IP address | No | Visible to network observers, lightwalletd server. Use Tor/VPN. |
| Message frequency | Partial | Transaction count on-chain is visible, but cannot be linked to specific users |
| Device fingerprint | No | Standard Android HTTP headers sent to lightwalletd |
| Contact list | Yes | Stored locally only, never transmitted |
| Backend knows your IP | Yes | Lightwalletd sees connecting IPs. [TBD: logging policy] |
Encryption Stack
Transport Layer
Zcash shielded transactions (Orchard pool, Halo2 proving system)
Application E2E
secp256r1 ECDH key agreement + AES-256-GCM
Key Derivation
HKDF (RFC 5869) with V1/V2 versioning
Group Encryption
ECIES (per-recipient key wrapping)
Key Exchange
KEX protocol with digital signatures (MITM prevention)
Memo Limit
512 bytes (ZIP 231), chunking via ZMSG v4c for larger messages
Key Management
- BIP39 seed phrase generates Zcash keys.
- Android: EncryptedSharedPreferences (AES-256-GCM, hardware-backed keystore where available).
- E2E keys derived from seed via HKDF.
- No key escrow, no recovery mechanism. Lose your seed, lose your identity.
Backend Transparency
Backend runs
zebrad (full node), lightwalletd (gRPC interface).
Backend stores
Whitelist entries and download codes (landing page admin only). Nothing is stored for Android users — the app talks directly to lightwalletd for blockchain data.
Backend does NOT store
Messages, keys, seed phrases, contact lists.
[TBD: detailed logging policy -- what IPs/metadata are logged and for how long]
Audit Status
- ZChat has NOT received a third-party security audit.
- The Zcash protocol (Orchard, Halo2) has been audited by multiple firms.
- ZChat's application layer (ZMSG protocol, E2E implementation, Android app) is unaudited.
- We plan to seek an audit when the product reaches maturity. Until then, do not use ZChat for high-stakes communications.
Responsible Disclosure
Found a vulnerability? Please report it responsibly.
Known Limitations
- No third-party audit
- No forward secrecy (key compromise exposes past messages)
- No Tor integration (IP visible to lightwalletd)
- Message frequency patterns potentially observable on-chain
- 512-byte memo limit requires chunking for longer messages
- Single developer team
- Beta software -- expect bugs