CLIENT-SIDE ENCRYPTION

Message Encryption, Built for the Long War

MIRQ encrypts messages on the client and keeps private keys on your devices. The server stores only protected data, while your clients control access and decryption.

Sophistication, by Design

MIRQ blends post-quantum readiness with proven modern encryption so group chat stays fast, private, and future-proof without exposing sensitive implementation details.

Hybrid Protection

Messages are protected with a layered approach that combines next-gen post-quantum safety with trusted modern crypto.

Room-Level Keys

Channels and DMs use dedicated room keys so access is scoped and controllable for each space.

Client-Only Encryption

Messages are encrypted locally before they leave your device. The server never receives plaintext.

Future-Ready Design

Encrypted messages stay compatible over time, with room to strengthen protections as standards evolve.

Achievement: What It Delivers

The design focuses on practical privacy for real communities: strong confidentiality, scalable access control, and crypto that will survive the next decade.

Ciphertext-Only Servers

The server stores encrypted payloads and metadata only. Plaintext never touches server storage in guild channels or DMs.

Group Access at Scale

CEKs allow fast group encryption while still enabling key rotation for access changes.

Future-Proof Archives

Hybrid post-quantum wrapping protects stored message archives against future decryption attacks.

Role-Checked Grants

Key distribution is role-checked. Only authorized users can grant or rotate CEKs.

Security It Provides

MIRQ balances strong cryptography with the operational realities of group chat, keeping encryption practical for admins and reliable for members.

Security Guarantees

  • Message content is end-to-end encrypted for guild channels and DMs.
  • Server compromise reveals only protected data, not readable content.
  • Room-level keys scope access to specific channels or DMs.
  • Key rotation supports access control when members change.
  • Private keys stay local and are protected on your device.

Security Stack

Key OwnershipClient-Held
Protection ModelHybrid Post-Quantum
Message PrivacyEnd-to-End
Access ControlRole-Checked Grants
RotationAdmin-Controlled

Unique in the Industry

Most platforms stop at transport security or 1:1 encryption. MIRQ applies client-side protection to guilds and DMs with admin-friendly control.

Post-Quantum Ready

Protection is designed to hold up as post-quantum standards mature, not retrofitted later.

Client-Held Keys

Your private keys stay on your devices. The server only stores protected message data.

Guild-Scale Privacy

Client-side encryption extends to channels and DMs, not just direct 1:1 chats.

Admin-Controlled Access

Room-level controls align with real community operations and access changes.

Upgrade-Safe Design

Encryption can evolve without breaking existing history or client compatibility.

Clear Operational Boundaries

What the server can and cannot see is explicit, so teams can govern with confidence.

How the Encryption Flow Works

The client owns the keys and the server stores only protected data. This is the high-level flow without revealing sensitive internals.

Sending (Channel or DM)

  1. Client unlocks its local keys.
  2. Client verifies access to the room or DM.
  3. Message content is encrypted locally.
  4. Only protected data is sent to the server.

Receiving

  1. Client checks if it has access to the message.
  2. If needed, it retrieves room-level keys it already owns.
  3. Decryption happens locally on the device.
  4. Plaintext never leaves the client.

Server Storage

  1. Stores encrypted message payloads only.
  2. Tracks minimal metadata needed for delivery.
  3. Never stores readable message content.
  4. Decryption remains client-side.

Transparency: Trade-offs and Limits

Strong encryption does not eliminate every risk. MIRQ is explicit about the trade-offs so teams can plan accordingly.

Rotation Controls Access

When membership changes, rotating room keys limits future access while preserving history as intended.

History Is Intentional

Admins decide how far back access should go for new members.

Admin Operations Required

Access changes depend on admin actions to apply immediately.

Metadata Visible

Basic delivery metadata like timing and size remains visible for routing.

Client Security Matters

Strong local protection and device security are essential.

Key Sync Required

If a device is missing keys, it may need to re-sync before it can read older messages.