# Encryption

<figure><img src="https://4018397395-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F3LGA7a9Evs77SLg3yRNI%2Fuploads%2FlMSUyHxVfwYd0pvtxt50%2FVector-Encrypted-Messaging-Infographic-Final.png?alt=media&#x26;token=bba8ec5c-8900-4b8c-87a5-0e870d2d9c39" alt=""><figcaption></figcaption></figure>

## Encryption Types

* **secp256k1** for key exchange & signing
* **XChaCha20-Poly1305** for message encryption
* **AES-256-GCM** for file encryption
* **Argon2id** for password protection
* **ChaCha20-Poly1305** for local storage encryption

***

### **Symmetric Encryption**

`For Message/Data Protection`

* **XChaCha20-Poly1305**: NIP-44 encrypted DMs (the main E2E encryption)
* **AES-256-GCM**: file/attachment encryption in DMs
* **ChaCha20-Poly1305**: local database encryption (messages, keys, secrets stored on-device)

***

### **Asymmetric Cryptography**

`For Identity & Signing`

* **secp256k1**: Nostr keypair generation + event signing (ECDSA)

***

### **Key Derivation & Hashing**

* **Argon2id**: password-based key derivation (150MB memory, 10 iterations — very strong)
* **SHA-256**: file hashing, various protocol operations
* **BIP39**: 12-word seed phrase generation for account recovery

***

### **Protocols**

* [**NIP-44**](https://github.com/nostr-protocol/nips/blob/master/44.md): modern encrypted DMs
* [**NIP-59**](https://github.com/nostr-protocol/nips/blob/master/59.md): gift wrap (hides metadata with ephemeral keys)
* [**NIP-17**](https://github.com/nostr-protocol/nips/blob/master/17.md): private DM delivery
* [**MLS Protocol**](https://github.com/openmls/openmls)**:** group messaging encryption (via [White Noise](https://github.com/marmot-protocol/whitenoise-rs)/[MDK](https://github.com/marmot-protocol))

***