How Eris Secures Your Data with End-to-End Encryption
End-to-end encryption sounds technical, but the idea is simple: only you and the person you're talking to can read your messages. Here's how we make that happen without sacrificing speed.
When we say Eris is encrypted, we don’t mean it the way most apps do. Most of them are being technically truthful but practically misleading. Here’s what’s actually going on.
What “encrypted” usually means
Most chat apps encrypt your messages in transit. Your message gets scrambled on the way from your phone to their server, and again from their server to your friend. This is transport encryption (TLS) — the same thing your bank’s website uses.
The catch: the server in the middle sees everything. Your message arrives fully readable. The company can store it, analyze it, hand it over to law enforcement, or use it for ad targeting. “Encrypted in transit” just means nobody’s eavesdropping on the wire. It says nothing about what happens once your message arrives.
A useful comparison: Transport encryption is like sending a letter in a locked mailbox truck. The driver can’t read it, but the post office opens it and reads it before putting it in another locked truck. End-to-end encryption is like writing in a code only you and the recipient understand — nobody in between can make sense of it.
How Eris handles it
Eris uses end-to-end encryption (E2EE) for all direct messages. Your message is encrypted on your device before it goes anywhere. Only the recipient’s device can decrypt it. The server just sees scrambled data passing through.
Here’s the step-by-step:
Step 1: Your identity gets created
When you first use Eris, your device generates a cryptographic keypair — a public key and a private key.
- Public key = your address. Anyone can know it. People use it to send you encrypted messages.
- Private key = the key to your front door. Only you have it. It never leaves your device.
Your identity on Eris is this keypair. No username and password sitting on a server somewhere.
Step 2: Starting a conversation
When you message someone for the first time, your devices perform a key agreement — both sides end up with the same shared secret without ever actually sending that secret over the network.
We use X3DH (Extended Triple Diffie-Hellman) for this, the same protocol Signal uses. It’s been extensively reviewed by cryptographers. The result is a unique shared key that only exists on your device and theirs.
Step 3: Message encryption
Every message gets its own unique key through the Double Ratchet protocol. The ratchet advances with each message, generating a fresh key every time.
This gives you forward secrecy: if someone somehow compromised one message key, they still couldn’t decrypt any other message, past or future. Each one is independently locked.
The encryption itself uses XChaCha20-Poly1305, a modern cipher that’s both fast and well-regarded in the cryptography community.
Step 4: Group messages
One-on-one encryption is relatively straightforward. Group chats are harder — you can’t do 50 separate pairwise encryptions per message without things grinding to a halt.
Eris uses Megolm sessions to solve this. Each sender in a channel has a single encryption session shared by all members. One encryption operation per message, and everyone can decrypt it. When someone joins or leaves, the session rotates so newcomers can’t read history and former members can’t read new messages.
What the server actually sees
| Data | Visible to server? |
|---|---|
| Message content | No — encrypted blob |
| Who sent a message | Yes — needed for routing |
| When it was sent | Yes — needed for ordering |
| Channel membership | Yes — needed for delivery |
| File contents | No — encrypted before upload |
| Voice/video streams | No — frame-level E2EE |
The server knows that you sent a message and where it went, but not what you said. This is metadata, and yes, it has privacy implications. We’re working on minimizing it, but we’d rather be upfront about the current state than pretend the problem doesn’t exist.
Voice and video
Voice and video calls are also end-to-end encrypted. We use frame-level encryption on top of our media server (LiveKit). Each audio and video frame gets encrypted on your device before transmission. The server relays encrypted frames to other participants without being able to decode them.
Your voice calls are as private as your text messages.
Verifiability
You don’t have to take our word for any of this:
- Your keys are visible. You can see your public key fingerprint and verify others’ fingerprints out-of-band. If they match, you’re talking to the right person.
- The protocols are public. X3DH, Double Ratchet, Megolm — these are well-known, peer-reviewed protocols, not proprietary black boxes.
- Server operators can’t cheat. Even a malicious server can’t read encrypted messages. The math simply doesn’t allow it.
No trust required. You don’t have to trust Eris to keep your messages private. Even if every other part of the system were compromised, your message content stays secure. That’s the whole point of E2EE — removing the need for trust.
What we don’t do
- We don’t hold your keys. If you lose your private key without a backup, we can’t recover your account. That’s intentional — if we could recover it, so could an attacker.
- We don’t scan your messages. No content moderation AI reading your chats, no ad targeting, no data mining.
- We don’t have a backdoor. No master key, no law enforcement portal, no “exceptional access” mechanism. We can’t read your messages.
Key backup
“If you lose your key, it’s gone forever” is a scary thought, so Eris includes a passphrase-based key backup system.
You pick a strong passphrase. Your private key gets encrypted with it using Argon2id (a memory-hard hashing algorithm that makes brute-force attacks extremely expensive) and XChaCha20-Poly1305. The encrypted backup can be stored anywhere — even on a server — because without your passphrase, it’s useless.
New device? Enter your passphrase, your key gets decrypted, and you’re back.
The short version
Encryption isn’t something we added on top. It’s the foundation. Every design decision starts with “can the server read this?” — and if the answer is yes, we go back to the drawing board.
Want the full technical details? Check out our architecture documentation.
Published February 12, 2025