03 — Cryptographic Systems · TLabs Technology
SecureMessageLayer
A Double Ratchet–based secure messaging substrate built for correctness and portability. Clean C ABI surface designed for Swift, Kotlin, and JavaScript integration.
Premise
Why SML Exists
Most secure messaging implementations are tightly coupled to a specific platform or runtime. They ship with UI frameworks, networking stacks, and dependencies that make the cryptographic core difficult to audit, test, or port.
SML is the opposite. It is a pure cryptographic substrate — no networking, no storage, no platform assumptions. The Double Ratchet state machine, session management, and key derivation are exposed through a clean C ABI that any language can call. The protocol behavior is the deliverable. Nothing else.
Verifiable protocol behavior — not feature breadth.
Protocol
Cryptographic Foundation
01 — Key Agreement
X3DH — Extended Triple Diffie-Hellman
Initial session establishment using the Signal X3DH protocol. Provides mutual authentication and forward secrecy from the first message. One-time prekeys ensure session uniqueness even if the identity key is later compromised.
02 — Session State
Double Ratchet Algorithm
Message encryption via the Double Ratchet, combining a Diffie-Hellman ratchet for forward secrecy with a symmetric-key ratchet for break-in recovery. Each message uses a fresh encryption key derived from the ratchet chain.
Skipped message keys are cached with deterministic bounds, enabling out-of-order delivery without state explosion.
03 — Encryption
AEAD — Authenticated Encryption
All message payloads are encrypted with AES-256-GCM, providing both confidentiality and integrity in a single operation. The authentication tag covers the ciphertext and associated header data, preventing tampering at any layer.
Features
Technical Capabilities
Zero Dependencies
Pure ANSI C99. No libc extensions beyond standard headers. Compiles on Linux, iOS, Android, and bare-metal targets with a single Makefile.
Clean C ABI
All public functions use a stable, versioned ABI. Swift Package Manager and Kotlin/JNI wrappers are provided. JavaScript via Emscripten is supported.
Secure Memory Handling
Sensitive key material is allocated through a locked, non-swappable region and zeroed on release. No heap allocations in the critical path after session initialization.
Transport Agnostic
SML operates entirely on byte buffers. It has no knowledge of TCP, UDP, or WebSocket. The caller owns transport — SML owns cryptographic state.
Deterministic State Machine
Given the same inputs and initial state, SML produces identical output — across platforms, across runs. Session state is serializable for persistence and resumption.
Auditable Codebase
~4,800 lines of C. No macros that hide control flow. Every cryptographic operation maps directly to a published specification section. Built to be read.
API
Public Interface
/* Session lifecycle */
sml_result_t sml_session_init(sml_session_t *s, const sml_identity_t *id);
sml_result_t sml_session_free(sml_session_t *s);
/* X3DH handshake */
sml_result_t sml_x3dh_initiate(sml_session_t *s, const sml_prekey_bundle_t *bundle);
sml_result_t sml_x3dh_respond (sml_session_t *s, const sml_init_message_t *msg);
/* Double Ratchet encrypt / decrypt */
sml_result_t sml_encrypt(sml_session_t *s,
const uint8_t *plaintext, size_t pt_len,
uint8_t *ciphertext, size_t *ct_len);
sml_result_t sml_decrypt(sml_session_t *s,
const uint8_t *ciphertext, size_t ct_len,
uint8_t *plaintext, size_t *pt_len);The full API reference, error codes, session serialization, and platform integration guides are available in the documentation.
Status
Current State
SML v1.0.0 is stable for research and integration testing. The core protocol implementation — X3DH, Double Ratchet, and AEAD layer — is complete and unit-tested across Linux and macOS.
The Swift Package Manager wrapper is available. The Kotlin/JNI wrapper is in progress. A production security audit is planned before any deployment recommendation.