White Paper

Minyma End-to-End Encryption Overview

Public technical overview Updated April 17, 2026 Minymata, Inc.

Minyma is designed so message and attachment contents are encrypted on sender devices and decrypted on recipient devices. The service participates in delivery, but it is not intended to hold the private keys required to read plaintext message content.

Technical Privacy

What Minyma does today

The current product uses device-based cryptographic identity, prekey-based bootstrap for direct messaging, a verified PQXDH post-quantum-strengthened direct-message bootstrap path on the current verified direct-message path, AES-GCM payload protection, and a Double Ratchet path for established direct sessions.

Minyma also uses sealed-sender delivery for current call signaling across direct and group call flows, paired with WebRTC media transport for voice and video calling on iPhone and iPad.

The relay supports device registration, prekey distribution, message queueing, push delivery, and attachment relay. That means Minyma can operate as a real messaging product with a delivery path that stays clear, practical, and privacy-aware.

What is end-to-end encrypted

  • Message text
  • Message edits and deletes carried in encrypted payloads
  • Receipts carried inside encrypted message payloads
  • Attachment contents
  • Attachment keys shared inside encrypted message payloads

Operational data used for delivery

Minyma uses a limited set of service metadata to route messages, attachments, push notifications, and calls. That includes which user or device is sending, which user or device is receiving, timing and message frequency, ciphertext sizes, push registration and delivery timing, and limited attachment transfer metadata such as encrypted size, upload and download timing, and delivery state.

The accurate public claim is that Minyma protects message and attachment content from relay-side plaintext access while continuing to reduce relay-visible metadata and strengthen private delivery paths.

How the current system works at a high level

  1. Each device holds long-lived local identity keys.
  2. Each device publishes signed prekeys and one-time prekeys to the service.
  3. A sender fetches a recipient device's prekey bundle and derives a shared bootstrap secret.
  4. Established direct messaging sessions can then move into a Double Ratchet mode for stronger forward secrecy.
  5. Private key material stays on user devices rather than on the relay.

Current security posture

Minyma operates with real end-to-end encryption for message and attachment content, sealed-sender delivery for current call signaling, and a direct-session design built around PQXDH bootstrap plus Double Ratchet established sessions.

  • Minyma protects message content end to end and continues reducing relay-visible metadata
  • Current call signaling uses sealed-sender delivery across direct and group call flows
  • The strongest current direct-message path uses a verified PQXDH bootstrap followed by Double Ratchet established sessions
  • Minymata's security program includes independent review alongside public technical documentation

Security program

Minymata continues publishing deeper protocol documentation, strengthening notification privacy, refining group cryptographic design, and advancing independent security review as part of the broader Minyma security program.

Short public description

Minyma uses device-based end-to-end encryption for message and attachment content. Messages are encrypted on sender devices and decrypted on recipient devices. The relay stores and forwards ciphertext and routing metadata, but does not hold the private keys required to read plaintext. The current verified direct-message path includes a PQXDH post-quantum-strengthened bootstrap, established direct sessions use a Double Ratchet implementation, and current call signaling uses sealed-sender delivery across direct and group call flows.