The architecture behind Blink.

A look at the cryptographic posture and message model that keep Blink private by design. A documented developer surface is on our roadmap — coming soon.

Talk to us

Protocol posture

Deterministic dm_v3 and group_v3 protocols built on AES-256-GCM, ECDH P-256, and HKDF-SHA256, with 7-day epoch forward secrecy.

Ciphertext-only by design

Encryption happens on-device before anything is sent. Servers store only ciphertext in ScyllaDB; media is encrypted client-side to S3.

Transaction messages

An immortal record type (TTL=0) for receipts and records that never expire — sealed with the same end-to-end encryption as every message.

On-device keys

Your device holds only derived keys and an encrypted vault. Keys are generated on-device and never leave it.

// Conceptual: every message is sealed on-device before it is sent.
// Servers only ever see ciphertext.

const messageKey = hkdfSha256(ecdhP256(myPrivateKey, peerPublicKey), epochInfo);
const sealed = aes256gcm.encrypt(messageKey, plaintext); // dm_v3 / group_v3

await transport.send(sealed); // server stores ciphertext only

How encryption works