How Minyma stays private.

Minyma is built around hybrid post-quantum end-to-end encryption. Every post-quantum mechanism runs alongside a proven classical mechanism, giving message and attachment content layered protection for today's internet and the post-quantum transition.

Initial key agreement is hybrid PQXDH, combining classical X25519 elliptic-curve Diffie-Hellman with ML-KEM-768 (NIST FIPS 203) post-quantum key encapsulation, with downgrade protection that prevents the post-quantum part from being silently stripped. The Double Ratchet then mixes a fresh ML-KEM-768 secret into the key schedule at every ratchet step, and each message is bound with dual Ed25519 and ML-DSA-65 (NIST FIPS 204) signatures.

The relay handles registration, queueing, push delivery, and attachment relay without needing the private keys required to read plaintext content.

Because confidentiality is hybrid and continuous, recorded ciphertext stays protected against a future cryptographically-relevant quantum computer. Minyma is resistant to "harvest now, decrypt later." This page highlights the working security, delivery, voice, translation, and attachment layers behind Minyma so the technical story stays as clear as the product experience.

Identity

Hybrid post-quantum identity

Each device carries long-lived local identity material and publishes the prekey state needed to bootstrap direct messaging. Every content message is bound with dual signatures - classical Ed25519 and post-quantum ML-DSA-65 (NIST FIPS 204) - so impersonation is resisted even against a quantum adversary.

Sessions

Hybrid key agreement and continuous PQ ratchet

Sessions begin with hybrid PQXDH (X25519 + ML-KEM-768) key agreement with downgrade protection, so the classical and post-quantum parts are bound together instead of being silently weakened. Sessions then run a Double Ratchet that mixes a fresh ML-KEM-768 secret into the key schedule at every step, delivering post-quantum forward secrecy and post-compromise security on an ongoing basis, not just at session start.

Relay

Secure ciphertext delivery

The relay supports registration, queueing, push delivery, and attachment relay. It still sees some operational metadata even though it is not intended to hold plaintext content.

Calling

Private voice and video calling

Minyma combines encrypted signaling, sealed-sender delivery for current call traffic, and WebRTC media transport for voice and video calling on iPhone and iPad.

Voice Agent

Allowlisted local tools

Minyma Voice is designed as an in-app operator. It can understand natural language, but it executes only local tools Minyma exposes. Voice can open chats, New Message, New Group, settings, public read-aloud, WeatherKit weather, language selection, and local pickers, while sensitive actions are staged for review.

Voice Notes

Audio through the attachment path

Voice notes are recorded locally, previewed before sending, encrypted through the existing attachment flow, and designed to expire after first listen.

Identity Device-based identity material
Key agreement Hybrid PQXDH: X25519 + ML-KEM-768 (FIPS 203)
Direct messaging Hybrid continuous Double Ratchet (ML-KEM-768 mixed in at every step)
Identity auth Dual signatures: Ed25519 + ML-DSA-65 (FIPS 204)
Cipher AES-256-GCM authenticated payload protection
Attachments Ciphertext upload and download flow
Voice notes Local recording, encrypted upload, staged playback, and expiry
Voice agent User-started voice sessions with allowlisted local tools
Relay Registration, queueing, push, and delivery
Calls Sealed-sender signaling + WebRTC voice/video
Identity Device-based identity material
Key agreement Hybrid PQXDH: X25519 + ML-KEM-768 (FIPS 203)
Direct messaging Hybrid continuous Double Ratchet (ML-KEM-768 mixed in at every step)
Identity auth Dual signatures: Ed25519 + ML-DSA-65 (FIPS 204)
Cipher AES-256-GCM authenticated payload protection
Attachments Ciphertext upload and download flow
Voice notes Local recording, encrypted upload, staged playback, and expiry
Voice agent User-started voice sessions with allowlisted local tools
Relay Registration, queueing, push, and delivery
Calls Sealed-sender signaling + WebRTC voice/video
Security depth

Layers that already matter

Minyma combines live hybrid post-quantum encryption, network privacy, multi-device session design, relay-backed calling, private call signaling, encrypted voice notes, and voice-agent tool boundaries inside one coherent stack.

  • Hybrid PQXDH key agreement: X25519 + ML-KEM-768 (NIST FIPS 203), with downgrade protection against silently removing the post-quantum component
  • Hybrid continuous ratchet: ML-KEM-768 mixed into every Double Ratchet step for ongoing post-quantum forward secrecy and post-compromise security
  • Dual identity signatures: Ed25519 + ML-DSA-65 (NIST FIPS 204)
  • AES-256-GCM authenticated payload encryption; private keys stay in on-device custody
  • Trust-on-first-use pinning with safety numbers and scan-to-verify QR
  • "Harvest now, decrypt later" resistant: recorded ciphertext stays protected against a future quantum computer
  • Metadata-aware relay design and delivery minimization
  • Linked-device session semantics and visible trust review
  • TURN/STUN-backed calling with WebRTC media transport and sealed-sender call signaling
  • Encrypted voice-note attachments with local recording and playback controls
  • Explicit consent before voice reads or translates private message content
Documents

Public references for how Minyma works

The White Paper is the public starting point for Minyma's hybrid post-quantum encryption story. Minyma is built on the platform's vetted cryptographic implementations of NIST FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA); it is under continuous internal security testing and is queued for independent third-party cryptographic review. From there, the documents lane can expand with protocol notes, release security updates, implementation notes, and review summaries when they are ready to publish.

White Paper A public explanation of what Minyma encrypts, what the relay still handles, and how the current device and session model is put together.
Public references Technical, Privacy, and the White Paper keep Minyma's public security story consistent, readable, and up to date.
Transparency & data A plain account of what the service can and can't see, what routing metadata exists, and how long anything is kept.
Service status Current service health and the full incident history, hosted separately from the messaging service so it stays reachable.
Security updates Future review notes and protocol clarifications can be published without changing the product promise.
Operational boundary

How Minyma handles delivery

Minyma protects message content end to end and keeps the delivery boundary clear. The relay handles routing, queueing, push delivery, and attachment transfer without holding the private keys required to read plaintext content. Optional voice sessions and translation are separate, user-started product actions with explicit boundaries.

  • The relay is not designed to hold plaintext message or attachment content
  • Minyma is not built around public social graphs or ad targeting
  • Minyma does not require a public phone-number directory for Minyma IDs
  • Trust changes are surfaced to users instead of staying silent
  • Weather, voice, and translation are user-started features with separate privacy boundaries
  • Encrypted-media storage is designed for delivery, not long-term server archives
  • Attachments are held as ciphertext for a short delivery window, then deleted
  • Sealed sender hides who sent a message from the envelope the relay routes
  • "Online now" means someone is actually using the app - delivery activity is never shown as presence, and sharing presence is optional
  • Service health is reported on a public status page hosted separately from the relay

Limited delivery metadata supports routing, queueing, push, and attachment transfer so the product stays fast and reliable.