Back to home

Security

Our mission is to protect your privacy through proven cryptographic protocols and transparent security practices.

Cryptographic Protocols

PQXDH Key Agreement

Kursal uses the Post-Quantum Extended Diffie-Hellman (PQXDH) protocol to establish shared secrets when initiating conversations.

Sesame + Double Ratchet

All message exchanges use the Sesame algorithm with Double Ratchet, providing both forward secrecy and post-compromise security.

Vulnerability Disclosure

Security is at the core of Kursal. We encourage responsible disclosure of any vulnerabilities and are committed to addressing issues promptly.

siGithub General Issues

For bugs, feature requests, and non-security issues, please open an issue on GitHub:

siGithub Open GitHub Issue

Security Vulnerabilities

For security-sensitive issues that could compromise user privacy or safety, please contact us directly:

kursal@openvoxel.studio
Include detailed steps to reproduce the vulnerability
Allow 90 days to address the issue before public disclosure
We aim to acknowledge receipt within 48 hours, though response times may vary as we're a small team

Our Commitment

Credit in our security acknowledgments (if desired)
Regular updates on our progress addressing the issue
Transparent communication throughout the process

Security Practices

Code Security

All code is open source and publicly auditable
Continuous dependency vulnerability monitoring

Infrastructure

All communications are end-to-end encrypted
Resistant decentralized network

For more details on our cryptographic implementation, read our technical paper or review the source code.