How Encryption Works
Last updated: March 15, 2026
The short version: When you use end-to-end encryption on DiscAlt, your messages are encrypted on your device before they leave it. The server never sees the plaintext. Only the intended recipients can read what you send.
What is End-to-End Encryption?
End-to-end encryption (E2EE) means your messages are scrambled into unreadable data on your device and only unscrambled on the recipient's device. The DiscAlt server relays the encrypted data but cannot decrypt it. Even if someone gained access to our servers, they would see only gibberish.
Where E2EE is Available
- Direct messages — 1-on-1 DMs have E2EE auto-enabled on creation (as long as both participants have set up device keys, which modern clients do automatically). Sealed sender is supported.
- Group DMs — Multi-party direct messages have E2EE auto-enabled on creation, using pairwise encryption between all participants.
- Space channels — Text channels within spaces can optionally enable end-to-end encryption. Space owners or admins decide whether to turn this on.
- Voice and video calls — E2EE is on automatically whenever you connect to a voice channel. Each participant generates a symmetric media key, distributes it pairwise through the existing encrypted session, and encrypts each audio/video frame before it reaches our media server. The server forwards opaque ciphertext only.
How It Works — The Basics
When you create a DiscAlt account, your device generates a set of cryptographic keys — long strings of random data used for encryption. Your private keys never leave your device. Your public keys are uploaded to the server so other people can send you encrypted messages.
When you message someone for the first time, the two devices perform a key exchange — a mathematical process that lets both sides agree on a shared secret without ever transmitting that secret over the network. From that point on, every message is encrypted with a key derived from this shared secret.
Forward Secrecy
DiscAlt doesn't just use one key for all your messages. The encryption keys change with every message through a process called ratcheting. Each message gets its own unique key, and old keys are deleted after use.
This means that even if an attacker somehow obtains a key for one message, they cannot use it to decrypt any other message — past or future. This property is called forward secrecy.
Sealed Sender
In standard encrypted DMs, the server knows who sent a message (so it can deliver it), even though it can't read the content. With sealed sender, even the sender's identity is encrypted inside the message itself. The server sees only that a message was sent to a particular conversation — it does not know which participant sent it.
The recipient decrypts the sealed envelope to learn who the message is from, then decrypts the message content as usual.
Group Encryption
In encrypted space channels, each participant generates a sender key — a symmetric encryption key shared with all other members of the channel. When you send a message, it's encrypted once with your sender key rather than individually for each recipient. This makes group encryption efficient regardless of how many people are in the channel.
Sender keys are distributed to other members through the same secure pairwise channels used for DMs, so the server never sees them.
Voice and Video Encryption
Voice and video calls on DiscAlt are end-to-end encrypted. They route through a media relay (an SFU) for efficiency — so we can forward one participant's audio to many listeners without each person's device having to upload the same stream multiple times — but the relay never sees the audio or video itself.
When you join a voice channel, your device generates a random media key and sends it, pairwise-encrypted, to every other participant through the existing secure session. Each encoded audio or video frame is then encrypted with XChaCha20-Poly1305 before it leaves your device. The SFU sees only opaque bytes and forwards them. When someone joins or leaves the call, the remaining participants rotate their keys so the new member cannot decrypt old frames and the leaving member cannot decrypt new ones.
Frame encryption runs in a dedicated Web Worker (off the main thread) via RTCRtpScriptTransform where supported, falling back to a main-thread transform on older browsers.
Key Verification
To confirm you're actually communicating with the person you think you are (and not an impersonator), DiscAlt lets you compare key fingerprints. Each device has a unique fingerprint derived from its identity key. You can compare fingerprints with someone over a phone call, in person, or through any trusted channel. If they match, you know the encryption is secure between your specific devices.
What the Server Can and Cannot See
The server cannot see:
- The content of your encrypted messages
- Your private encryption keys
- Who sent a message (when sealed sender is active)
- Attached files in encrypted conversations (encrypted alongside the message)
The server can see:
- That a message was sent and when (timestamps)
- The size of encrypted messages
- Which conversations you participate in (channel membership)
- Your public keys (by design — other users need these to encrypt messages to you)
Your Keys, Your Devices
Your encryption keys live in your browser's local storage. They are not stored on the server in a way that the server can read. This means:
- If you clear your browser data or lose access to your device, your encryption keys are lost and you won't be able to decrypt old messages on a new device unless you've created a key backup.
- Key backups are encrypted before leaving your device. The server stores only the encrypted blob — it cannot decrypt your backup without your recovery key.
- Each device has its own keys. If you use DiscAlt on multiple devices, each one maintains its own identity. Messages are encrypted separately for each of your devices.
What E2EE Does Not Protect Against
Encryption is a powerful tool, but it's important to understand its limits:
- Device compromise — If someone has access to your unlocked device, they can read your messages just as you can. E2EE protects data in transit and at rest on the server, not on an unlocked device.
- Screenshots and copy/paste — A recipient can always share a decrypted message by other means.
- Metadata — While sealed sender hides who sent a message, the server still knows message timing and conversation membership. Encryption hides content, not all metadata.
The Cryptography
For those interested in the technical details, DiscAlt's encryption is built on well-established, peer-reviewed cryptographic protocols:
- X3DH (Extended Triple Diffie-Hellman) for initial key exchange between devices
- Double Ratchet for per-message forward secrecy in direct messages
- Sender Key for efficient group encryption
- XSalsa20-Poly1305 (NaCl secretbox) for symmetric message encryption
- XChaCha20-Poly1305 (IETF AEAD, libsodium) for voice/video frame encryption
- X25519 for Diffie-Hellman key agreement
- Ed25519 for digital signatures
- BLAKE2b for key derivation
These are the same families of protocols and primitives used by Signal and other respected encrypted messaging systems.
Questions?
If you have questions about how DiscAlt protects your data, reach out at security@discalt.com.