KSMP — Kemet Secure Messaging Protocol

0. Scope & Claims

Guarantees claimed

• End-to-end confidentiality for message and attachment plaintext.
• Cryptographic sender authentication at identity and device level.
• Forward secrecy for previously delivered messages.
• Post-compromise recovery after new clean ratchet traffic.
• Replay resistance via deduplication and ratchet state checks.
• Idempotent convergence for delivery and read transitions.

Explicitly not guaranteed

• Perfect metadata privacy — timing and routing metadata still exist.
• Protection against compromised endpoints with active malware.
• Undetectable communication patterns under global traffic analysis.

1. System Model

We establish KSMP as the authoritative encrypted messaging instrument of the Network. The Organization operates an encrypted relay and durable queue — not a custodian of plaintext. Server infrastructure may observe routing identifiers, timestamps, envelope size classes, and protocol version markers. It cannot forge valid authenticated ciphertext or recover message bodies without client key material.

Identity  — long-lived cryptographic node bound to a Vault-derived key domain
Device    — one installation, one device key domain, auditable enrollment
Conversation — deterministic thread namespace across participant devices

2. Session Lifecycle

Sessions progress through defined states: NEW → ACTIVE → DESYNCED → REKEY_REQUIRED → ACTIVE. We require explicit re-establishment after repeated decrypt failures. Clients that permit insecure fallback when prekey inventory is exhausted are non-compliant with this charter.

3. Message & Attachment Model

Message bodies and attachment metadata are encrypted on the sender device. Routing envelopes carry immutable header fields authenticated under AEAD associated data. Attachments are encrypted client-side before upload; content keys travel inside message plaintext, never in cleartext at the relay layer.

4. Multi-Device & Receipts

Fan-out is per recipient device, not once per user. Delivery and read receipts are idempotent, monotonic events keyed by message identity. The Organization does not use receipt metadata to reconstruct message content.

5. Relationship to KSMP v3 & Developer Reference

KSMP v3 extends the messaging contract with server-authoritative ordering, tickle-only push, and a unified inbox replay model. Both generations uphold the same plaintext boundary: the relay never holds decryptable content.

For implementer-level session requirements, wire events, and checklists, see the KSMP developer reference.