Silent Circle has released a new version of its private text messaging and secure file transfer service for Android and iOS mobile devices. Silent Text 2.0 includes a number of security and user-interface upgrades.
The company claims this version eliminates a keying delay issue that existed in previous builds and provides better security for data at rest in addition to some user experience upgrades that are not directly related to the application’s security posture.
In an article published on the Silent Circle website, co-founder Vinnie Moscaritolo explains that most end-to-end security algorithms are written under the assumption that both communicating parties would be present on the network at once. Obviously this isn’t always ideal with mobile devices. Likewise, in the past, users of the Silent Circle Instant Messaging Protocol (SCIMP) would not be able to immediately send secure messages. They would have to initiate secure transmission after receiving a push notification for keying events.
“Ideally you should be able to start sending secure messages without waiting for the recipient to respond, but without sacrificing the same level of security and end to end encryption provided by the key exchange that we employ our current product,” Moscaritolo writes.
To remedy this, the company has developed a technology they are calling “Progressive Encryption,” which they claim combines the principles of private and ephemeral key agreement protocols. This new technology, they say, will give the sender the ability to securely transport messages on the first packet and simultaneously transition to hash-committed Diffie-Hellman.
Likely as a response to widespread allegations that the National Security Agency has knowingly undermined National Institute of Standards and Technology (NIST)-endorsed cryptographic protocols, the company has added a list of non-NIST protocols to the application, including TwoFish, SKEIN, and Bernstein–Lange Elliptic Curve 41417.
The iOS version of Silent Text 2.0 marks the application’s departure from Apple’s Core Data framework. Silent Circle has replaces Core Data with its own, internally developed YapDatabase.
“This gave us amazing improvements in performance and reliability as well as substantially better anti-forensics on the data at rest,” Moscaritolo writes. “All the protocol security in the world won’t help you if your device is not well protected and so we treat that with the same amount of concern.”
The company also announced a number of features it intends to build into future iterations of Silent Text, including secure group conversations and cloud-storage improvements.
In related news, Silent Circle announced today that it has it raised $30 million from investors including Ross Perot Jr. (the son of former Independent Party presidential candidate Ross Perot) and private investment fund Cain Capital LLC.
In a statement, Silent Circle said it will use these funds to continue the development of this product as well as its voice counterpart, Silent Phone, and the company’s secure Android-based device, Blackphone.
The press release also announces that the company is moving it’s headquarters from the Caribbean island of Nevis to Switzerland, citing the latter country’s “strong privacy laws” and “legendary neutrality.”
