The Decentrl Protocol
Sovereign, encryption-blind infrastructure for decentralized communication.
Decentrl is a programmable, event-sourced infrastructure layer for decentralized communication. It provides the foundational protocols — identity, encryption, consent-based routing, and encrypted storage — that enable developers to build messaging apps, social networks, marketplaces, and any application requiring secure communication, without trusted servers or backend databases.
All application logic resides on client devices. Developers define event schemas and client-side reducers. The protocol handles everything else.
The Core Idea
Today, end-to-end encryption protects the content of your messages. But the servers that route your messages still see everything else — who you talk to, when, how often, from where. They own your identity, your social graph, and your history. If your account gets banned, your digital self disappears.
Decentrl makes infrastructure encryption-blind. The servers (mediators) that route your messages are mathematically incapable of understanding the social relationships they support. They store and forward ciphertext. That's it.
┌──────────────────────────────────────────────────────┐
│ What a centralized server sees: │
│ │
│ user: alice@example.com (IP: 192.168.1.42) │
│ to: bob@example.com (IP: 10.0.0.17) │
│ message: "Hey, still on for tomorrow?" │
│ device: iPhone 15, iOS 17.2 │
│ location: Ljubljana, SI │
└──────────────────────────────────────────────────────┘
┌──────────────────────────────────────────────────────┐
│ What a Decentrl mediator sees: │
│ │
│ from: did:decentrl:z6MkpT... │
│ to: did:decentrl:z6MkqR... │
│ payload: a4f8c2e9b1d3...7f2a [encrypted] │
│ tags: [opaque blob] [opaque blob] │
│ message: ████████████ device: █████████ │
└──────────────────────────────────────────────────────┘Same message. Different architecture.
How It Works — In 30 Seconds
-
You generate cryptographic keys on your device. These keys are your identity. No sign-up. No email. No phone number. You produce a DID (Decentralized Identifier) that embeds your public keys and your chosen mediator.
-
Before anyone can message you, they must establish a communication contract — a bilateral cryptographic agreement where both sides sign with Ed25519. No contract, no communication. Spam is architecturally impossible.
-
Messages are encrypted with a shared secret derived from ephemeral X25519 key exchange. Neither mediator ever sees the secret. Events are encrypted client-side, signed, dual-delivered (one copy to the recipient's mediator, one to your own), and reduced into application state locally.
-
Mediators are encryption-blind relay servers. They route ciphertext and store opaque blobs. Anyone can run one. You choose yours based on trust, jurisdiction, or cost — and you can switch at any time without losing contacts or history.
What You Can Build
The protocol doesn't care what your events represent. The same primitives that power encrypted chat can power:
- Private messaging — encrypted conversations with mutual consent
- Social networks — decentralized feeds, reactions, follows
- Marketplaces — proposals, milestones, payment proofs, portable reputation
- Collaborative tools — shared documents, task boards, real-time cursors
- IoT and automation — device-to-device encrypted event streams
A freelancer's rating history and portfolio live on their own mediator. If a marketplace app goes out of business, their reputation persists — verifiable by any application that reads the Decentrl protocol.
Read On
- The Sovereignty Gap — why encryption alone isn't enough
- Alice and Bob — the complete protocol walkthrough