================================================================================ Ultra Mode Encryption Specification – Hydra Apocalypse Ratchet ================================================================================ **Project**: World's Most Secure Messaging App **Mode**: Ultra Secret Mode (opt-in per channel) **Codename**: Hydra Apocalypse Ratchet – Ultra Mode **Author**: JohnΞ (@j3g) **Date**: February 18, 2026 **Version**: 1.0 – Complete, implementation-ready specification for Ultra Mode (Dart + Flutter + Hive + gRPC) **Primary Design Goal (Non-Negotiable)** ======================================= This is the **world's most secure messaging app**. Ultra Mode exists for users who assume nation-states have already backdoored or broken major primitives (AES, Kyber, McEliece, etc.). It forces an attacker to break **many independent cryptographic lineages simultaneously** while guessing a **secret per-channel, per-message cascade sequence** that is never sent over the wire. Ultra Mode is **always stronger** than Normal Mode and **stronger than any known protocol** (Signal, PQXDH, etc.) in the threat model of "one primitive family is secretly rotten". Executive Summary ================= Ultra Mode = **Triple-Compound Ratchet**: 1. Inner configurable PQ Hybrid Double Ratchet (user-defined via CCCData) 2. Massive secret cascade of 16–24 layers (from user-chosen providers + algorithms) 3. Per-message cascade sequence mutation (deterministic, never sent on wire) Everything is defined at **channel creation time** in CCCData. No ratchet_public, no metadata leaks, no server influence. gRPC is used for device ↔ relay transport (but relay remains stateless/ephemeral RAM forwarder). CCCData – Ultra Mode Extension (Dart + Hive) ============================================ .. code-block:: dart @HiveType(typeId: 42) class CCCData extends HiveObject { @HiveField(0) final int version = 1; @HiveField(1) final String mode = 'ultra'; // 'normal' or 'ultra' // Providers (user selects which libraries are allowed) @HiveField(2) final List enabledProviders; // ['wolfssl', 'boringssl', 'libsodium', 'openssl'] // Modular category configs (user picks ordered lists per category) @HiveField(3) final Map> kemConfigs; @HiveField(4) final Map> aeadConfigs; // inner + outer @HiveField(5) final Map> kdfConfigs; @HiveField(6) final Map> hashConfigs; // ULTRA-SPECIFIC SETTINGS (user configurable) @HiveField(20) final int cascadeLength; // 16–24 (default 20) @HiveField(21) final int cascadePoolSize; // 48–64 (default 56) @HiveField(22) final String cascadeOrdering; // 'strongest_first' (default), 'random', 'user_defined' @HiveField(23) final bool cascadeReKeyAfter; // re-key inner root after cascade (default true) @HiveField(24) final int sequenceRatchetStrength; // bits of KMAC output used for permutation seed (default 256) // Shared ratchet settings (same as Normal Mode) @HiveField(7) final int ratchetFrequency; @HiveField(8) final bool symmetricRatchetEveryMessage; @HiveField(9) final int rekeyInterval; @HiveField(10) final String rekeyMode; // Padding & anti-distinguisher @HiveField(11) final int minPaddingBytes; // default 64 @HiveField(12) final int blockSize; // default 64 // Channel identifiers @HiveField(13) final Uint8List groupId; // 32 bytes @HiveField(14) final int createdAt; @HiveField(15) final Uint8List creatorDeviceId; CCCData({ /* all required fields */ }); } @HiveType(typeId: 43) class CryptoSelection extends HiveObject { @HiveField(0) String provider; @HiveField(1) String algorithm; // 'AES256GCM', 'Kyber1024', 'Serpent256CTR', 'ClassicMcEliece460896', etc. @HiveField(2) int priority; // round-robin order } **How the Cascade Pool is Built** (at channel load time): - For every enabledProvider, query the provider's registry for algorithms in these categories: symmetric, aead, pq_kem, pq_signature, hash_based. - Build a flat list of 48–64 unique (provider, algorithm) pairs. - User can override the pool via advanced UI (future). Channel Creation & Sharing ========================== 1. User selects "Ultra Secret" → opens advanced CCCData editor (all fields editable). 2. App generates groupId, groupMasterSeed (512-bit), initial ratchet states. 3. CCCData + groupMasterSeed stored in Hive (encrypted with device master key). 4. Invite: encrypt entire CCCData + groupMasterSeed under recipient's public key → send as single blob. 5. Recipient imports → verifies groupId matches → stores in Hive → both have identical crypto config forever. gRPC Wire Protocol (RelayMessage) ================================= .. code-block:: proto service RelayService { rpc SendMessage(RelayMessage) returns (Empty); rpc SubscribeToChannel(ChanSubscribe) returns (stream RelayMessage); } message RelayMessage { uint32 from_rly_user_id = 1; uint32 to_rly_chan_id = 2; uint32 options = 3; // backwards compat (will be removed) bytes data = 4; // FULL E2EE ciphertext blob uint64 server_seq = 5; // backwards compat (will be removed) } **data** field contains (serialized, then encrypted): - timestamp (for UI) - message JSON / content - padding - rekey payload (if any) - Everything else Ultra Mode Triple-Compound Ratchet (Dart Implementation) ======================================================== ```dart class UltraRatchet { final CCCData ccc; final Uint8List groupMasterSeed; // Per-sender chains (inner Double Ratchet) Map sendingChains = {}; Map receivingChains = {}; // Current sequence seed (mutates per message) Uint8List currentSequenceSeed = Uint8List(32); Uint8List getBaseMessageKey(int fromRlyUserId, int senderCounter, bool isSending) { // 1. Advance inner symmetric ratchet final chain = isSending ? sendingChains[fromRlyUserId]! : receivingChains[fromRlyUserId]!; Uint8List baseKey = KDF(ccc.kdfConfigs, chain.currentKey, senderCounter.toBytes()); // 2. Derive seq_seed for this message final seqSeed = KMAC256(baseKey, utf8.encode('seq-seed') + groupId + senderCounter.toBytes(8)); // 3. Generate secret cascade permutation (16-24 layers) final cascadeSequence = deterministicPermutation(seqSeed, ccc.cascadePoolSize, ccc.cascadeLength); // 4. (Optional) re-key inner root after cascade later in flow return baseKey; } List deterministicPermutation(Uint8List seed, int poolSize, int length) { final rng = ChaCha20(seed); // seeded CSPRNG var indices = List.generate(poolSize, (i) => i); // Fisher-Yates shuffle using rng for (int i = poolSize - 1; i > 0; i--) { final j = rng.nextInt(i + 1); final temp = indices[i]; indices[i] = indices[j]; indices[j] = temp; } return indices.sublist(0, length); // return ordered indices into pool } Uint8List cascadeEncrypt(Uint8List plaintext, List sequence, Uint8List baseKey, int senderCounter) { Uint8List ct = plaintext; for (int i = 0; i < sequence.length; i++) { final selection = cascadePool[sequence[i]]; // global pool built from CCCData final layerInfo = utf8.encode('layer-$i') + groupId + senderCounter.toBytes(8); final layerKey = HKDF(ccc.kdfConfigs, baseKey, layerInfo, selection.keyLength); ct = encryptOneLayer(selection.provider, selection.algorithm, layerKey, ct); } return ct; } // Decrypt is reverse order } ``` Message Sending Flow (Ultra Mode) – Step-by-Step ================================================ 1. Load CCCData + build cascadePool from enabledProviders. 2. Advance inner ratchet → base_message_key + seqSeed. 3. Generate secret cascadeSequence (16–24 layers). 4. Pad plaintext: padToMultipleOf(ccc.blockSize) + random(ccc.minPaddingBytes) from KDF(baseKey). 5. Inner AEAD: round-robin using ccc.aeadConfigs on padded plaintext → innerCt. 6. Cascade encrypt innerCt → cascadeCt. 7. If ccc.cascadeReKeyAfter: newInnerRoot = KMAC256(cascadeCt + oldRoot). 8. Outer AEAD (fast fixed from aeadConfigs) on cascadeCt → finalData. 9. Build RelayMessage → send via gRPC. Message Receiving Flow ====================== 1. Receive RelayMessage via gRPC stream. 2. Immediately persist raw RelayMessage to Hive 'messages' box (key = groupId + fromRlyUserId + senderCounter). 3. Load CCCData → advance receiving inner ratchet → derive baseKey + seqSeed + cascadeSequence. 4. Decrypt finalData (outer AEAD) → cascadeCt. 5. Cascade decrypt (reverse order) → innerCt. 6. Inner AEAD decrypt → plaintext + timestamp. 7. If RekeyPayload present → apply new root secrets. Local Hive Storage (Ultra Mode) =============================== Same as Normal Mode + extra fields for debugging: - rawRelayMessage (full protobuf bytes) - encryptedBaseMessageKey (AES-GCM under device master key) - cascadeSequenceCache (optional, for fast reload – encrypted) - plaintextCache (optional) Rekey Flow (PCS) ================ - Triggered by user button or ccc.rekeyInterval. - Generate fresh hybrid KEM secret (using ccc.kemConfigs). - Create RekeyPayload inside the encrypted data field. - Recipient applies after decrypt → future messages use new root. Security Analysis – Why Ultra Mode Is Unbeatable ================================================= - Attacker must break 16–24 diverse primitives (different providers, different math) in unknown secret order that changes every message. - Combinatorial explosion per message per channel. - No public material on wire → zero metadata beyond absolute minimum. - User controls every provider and algorithm. - Survives secret break of any single family (AES, Kyber, McEliece, etc.). Implementation Checklist (Dart/Flutter + gRPC + Hive) ===================================================== 1. Extend CryptoProvider registry with all libraries (wolfssl_flutter, boringssl, libsodium_flutter, etc.). 2. Hive adapters for CCCData, CryptoSelection, StoredMessage. 3. UltraRatchet class with cascadePool builder + deterministicPermutation. 4. gRPC client/service with RelayMessage. 5. Channel creation screen with Ultra toggle + advanced tabs for cascade settings. 6. Cascade encrypt/decrypt dispatcher (test with 4 layers first, then full 20). 7. Rekey UI button + auto logic. 8. Full end-to-end tests with different CCCData combinations. 9. Performance benchmarking on real devices (Ultra mode is heavy – show battery warning).