decentrl.
Mediators

Security Properties

Mediator blindness, spam prevention, authentication, and the threat model that underpins the protocol.

Formal specs: Security considerations are defined in each RFC — see DCTRL-0004 Section 12 and DCTRL-0005 Section 15.

Mediator Blindness

Mediators handle only ciphertext. They cannot:

  • Derive root secrets — requires ephemeral private keys that never leave client devices
  • Derive storage keys — never transmitted to anyone
  • Forge event signatures — requires the sender's Ed25519 private key
  • Tamper with events undetected — event-level signatures bind content to metadata

A mediator sees sender/recipient DIDs, timestamps, and opaque encrypted tags. It performs authorization checks (valid command signatures, active contracts) without accessing message content.

Spam Prevention

The TWO_WAY_PRIVATE channel requires a valid bilateral communication contract on the recipient's mediator. Without a contract, the mediator rejects the message immediately.

This means unsolicited messages are impossible. The sender must have established a mutually accepted contract first. Spam is architecturally eliminated, not filtered.

Authentication

Every command and every event carries an Ed25519 signature. The mediator:

  1. Resolves the sender's DID to extract their public signing key
  2. Verifies the signature over the canonical JSON payload
  3. Checks for active registration and (for TWO_WAY_PRIVATE) active bilateral contracts

Event-level signatures provide end-to-end authentication that remains verifiable even if the mediator is compromised.

Tag Privacy

Encrypted tags are Ed25519 signatures of plaintext tag strings. They function as deterministic pseudo-random values — only the identity's signing key can produce a matching tag for a given string. The mediator performs exact-match indexing and lookup on these opaque blobs without any knowledge of what they represent.

Threat Model

The protocol assumes:

  • Users maintain control over their devices and private keys
  • Ed25519, X25519, and AES-256-GCM remain secure against practical attacks
  • At least one mediator per identity operates honestly (for availability, not confidentiality)

The protocol does not assume:

  • Mediator confidentiality — mediators are assumed to be curious
  • Network transport security — all security comes from end-to-end encryption
  • Coordination between service providers — mediators operate independently

All security guarantees derive from end-to-end cryptographic protection, not from trusting infrastructure.

Command Protocol

The wire format, replay protection, and real-time delivery mechanisms of the mediator protocol.

Getting Started

Install the Decentrl SDK and build your first encrypted application.

On this page

Mediator BlindnessSpam PreventionAuthenticationTag PrivacyThreat Model