{"slug": "show-hn-source-available-post-quantum-messenger-crypto-core-on-github", "title": "Show HN: Source-available post-quantum messenger – crypto core on GitHub", "summary": "Veilus Digital released the cryptographic core of its Phantom Chat messenger as source-available code on GitHub, allowing independent verification of its post-quantum security claims. The package includes implementations of ML-KEM-768, SHA-3, the Signal Double Ratchet, and a hybrid key exchange, all passing interoperability tests against Apple's CryptoKit. The company invites security researchers to review the code, though it has not yet undergone a paid third-party audit.", "body_md": "The cryptographic core of **Phantom Chat** (Veilus Digital), extracted verbatim\nfrom the iOS app so it can be **read, compiled, and run** by anyone — reviewers,\njournalists, security researchers — without taking our word for anything.\n\nSource-available for review.You may read, build, and run this code to verify our claims. You maynotreuse it in another product. See`LICENSE`\n\n.\n\nThe rest of the app and the backend remain closed-source; this package is the part where the security actually lives.\n\n| File | What it is |\n|---|---|\n`Sources/PhantomChatCrypto/Kyber768.swift` |\nML-KEM-768 (FIPS 203) — post-quantum KEM, pure Swift |\n`Sources/PhantomChatCrypto/Keccak.swift` |\nKeccak-f[1600] + SHA3-256/512 + SHAKE128/256 (FIPS 202) |\n`Sources/PhantomChatCrypto/PQXDHHybrid.swift` |\nHybrid combiner: classical X3DH secret + Kyber secret → root key |\n`Sources/PhantomChatCrypto/DoubleRatchet.swift` |\nSignal-protocol Double Ratchet (per-message keys, forward secrecy) |\n\nThese files are **byte-for-byte identical** to the app's `CryptoService.swift`\n\n/\n`DoubleRatchet.swift`\n\n(only the `import`\n\nlines differ). The companion document\n`phantom-chat-claim-audit.md`\n\nmaps each marketing claim to these files.\n\n```\nswift test\n```\n\nThat runs (all must pass):\n\n**FIPS 202 known-answer tests**— SHA3-256/512 and SHAKE128/256 against the published NIST reference values.** NTT correctness**— polynomial multiply checked against a schoolbook negacyclic convolution.** Reduction correctness**— Barrett reduction checked congruent across the entire`Int16`\n\ninput range; canonical encoding verified.**ML-KEM-768 round-trips**— KeyGen → Encaps → Decaps agree; tampered ciphertext triggers implicit rejection.** Double Ratchet**— encrypt/decrypt round-trip.** PQXDH hybrid combiner**— deterministic and transcript-bound.** FIPS-203 conformance vs Apple CryptoKit**(`FIPSInteropTests`\n\n, requires macOS 26+): Phantom's Kyber and Apple's vetted`MLKEM768`\n\nexchange shared secrets**both directions**, and for the** same seed**Phantom's public key is** byte-identical**to Apple's. This is the strongest possible evidence that this is genuinely standard ML-KEM-768, not a look-alike.\n\n- This is a\n**clean-room Swift implementation** of published standards (FIPS 202, FIPS 203, Signal Double Ratchet/X3DH),**not** libsignal or liboqs. The algorithms are standard; the implementation is ours. - It has\n**not** had a paid third-party audit yet — that's on the roadmap. We're publishing it precisely so it can be reviewed. - The interop tests use Apple's CryptoKit as the reference oracle; they need macOS 26 or later to run (older OSes will skip them).\n- Found a problem?\n`support@veilusdigital.co`\n\n. We'd rather hear it from you.", "url": "https://wpnews.pro/news/show-hn-source-available-post-quantum-messenger-crypto-core-on-github", "canonical_source": "https://github.com/VeilusDigital/PhantomChatCrypto", "published_at": "2026-06-24 04:16:36+00:00", "updated_at": "2026-06-24 04:44:35.896047+00:00", "lang": "en", "topics": ["artificial-intelligence", "large-language-models", "ai-safety", "ai-policy", "ai-ethics"], "entities": ["Veilus Digital", "Phantom Chat", "GitHub", "Apple", "CryptoKit", "NIST", "Signal", "ML-KEM-768"], "alternates": {"html": "https://wpnews.pro/news/show-hn-source-available-post-quantum-messenger-crypto-core-on-github", "markdown": "https://wpnews.pro/news/show-hn-source-available-post-quantum-messenger-crypto-core-on-github.md", "text": "https://wpnews.pro/news/show-hn-source-available-post-quantum-messenger-crypto-core-on-github.txt", "jsonld": "https://wpnews.pro/news/show-hn-source-available-post-quantum-messenger-crypto-core-on-github.jsonld"}}