Security

Our mission is to protect your privacy through proven cryptographic protocols and transparent security practices.

Cryptographic Protocols

Kursal uses the Post-Quantum Extended Diffie-Hellman (PQXDH) protocol to establish shared secrets when initiating conversations.

All message exchanges use the Sesame algorithm with Double Ratchet, providing both forward secrecy and post-compromise security.

Security is at the core of Kursal. We encourage responsible disclosure of any vulnerabilities and are committed to addressing issues promptly.

For bugs, feature requests, and non-security issues, please open an issue on GitHub:

If you've discovered a security issue that might impact user privacy or safety, we'd greatly appreciate your help in reporting it.

Please provide detailed steps so we can reproduce and verify the issue.

We kindly ask for 90 days to release a fix before public disclosure.

We're a small team, but we'll try our best to acknowledge your report within 48 hours.

Credit in our security acknowledgments (if desired)

Regular updates on our progress addressing the issue

Transparent communication throughout the process

All code is open source and publicly auditable

Continuous dependency vulnerability monitoring

All communications are end-to-end encrypted

Resistant decentralized network

For more details on our cryptographic implementation, read our technical paper or review the source code.