Sanket Cryptography Whitepaper: Signal Protocol, Key Management, and Zero-Knowledge Design
A technical deep-dive into Sanket's cryptographic architecture: Signal Protocol with Double Ratchet and X3DH key agreement, Perfect Forward Secrecy, hardware-backed key storage, zero-knowledge server design, certificate pinning, and the deployment implications of each security property for organisations evaluating Sanket for sensitive and classified communication.
Tosh Defence
Private Limited
Document info
What's inside
Topics covered in this paper
Signal Protocol: Double Ratchet Algorithm and X3DH Extended Triple Diffie-Hellman key agreement explained
Perfect Forward Secrecy: why session key isolation prevents retroactive decryption even after key compromise
Zero-knowledge server architecture: what the server stores, what it can never access, and why it matters
Hardware-backed key storage: Android Keystore and iOS Secure Enclave integration for private key protection
TLS 1.3 and certificate pinning: transport security and man-in-the-middle attack prevention
Key management in air-gapped environments: how cryptographic operations work without internet connectivity
Threat model: what Sanket's cryptography defeats and what it does not claim to address
Key insights
What you will take away
Signal Protocol - open-source, independently audited cryptography
Perfect Forward Secrecy on every session
Hardware secure enclave key protection on supported devices
Zero-knowledge server - independently verifiable design
Privacy context
The privacy properties described in this whitepaper are structural, not contractual. Zero-knowledge architecture means the privacy guarantee does not depend on trusting the platform provider's privacy policy - it depends on mathematics.
Security relevance
This whitepaper presents Sanket's cryptographic architecture transparently enough to enable independent security review. We include the threat model explicitly - what Sanket defeats and what lies outside the cryptographic boundary - so evaluators can make informed assessments.
For your evaluation
The whitepaper addresses cryptographic properties across all deployment models: Sanket.Chat public app, Sanket.Work whitelabel cloud, and Sanket.Enterprise air-gapped on-premise. Key management differences between deployment models are explained.
Questions about this paper
What is the Double Ratchet Algorithm and why does Sanket use it?
The Double Ratchet Algorithm combines a Diffie-Hellman ratchet and a symmetric-key ratchet to provide both forward secrecy (past sessions cannot be decrypted from future keys) and break-in recovery (if a session key is compromised, subsequent sessions automatically recover security). It is the gold standard for secure messaging cryptography.
What does 'zero-knowledge server' mean technically?
A zero-knowledge server design means the server stores only ciphertext that it cannot decrypt. Private keys exist only on user devices. Server operators - including Tosh Defence - cannot access message content even with full server access, because they do not hold the private keys required for decryption.
Has Sanket's cryptography been independently audited?
Sanket is built on Signal Protocol, which has been extensively independently audited by academic and security research teams. Contact Tosh Defence Private Limited for information about security assessments conducted on the Sanket implementation specifically.
How can I evaluate this whitepaper's claims independently?
Signal Protocol is open-source and its cryptographic properties are verifiable from published academic literature. The zero-knowledge server architecture can be verified through network traffic analysis and source code review during a formal security assessment engagement.
Related papers
Continue your research
Get this paper
Download for your evaluation
Request the full PDF for your security evaluation, procurement research, or compliance team. Free, no spam.