About Beem E2EE chat


BEEM supports End-to-End encryption, which ensures that messages can only be read by their recipients. No one -including BEEM servers- can listen to the communication between BEEM users.


BEEM uses a state-of-art protocol that replaces TLS. Mainly no cryptographic suites are negotiated; the algorithm is fixed from the server and the user side. This approach makes BEEM faster than any TLS based system and makes BEEM safe from TLS known vulnerabilities.

The protocol uses RSA 2048 with AES 256 to encrypt the control information between the server and the users. Encryption the control information prevents the BEEM system from being analyzed and protect the users’ identities from been exposed.

The public keys of the users are initially transmitted to the servers using the protocol using RSA 2048 algorithm. Then the server generates a secret s for every user and use it to encrypt the all future communication. When BEEM users start the communication with each other, initially their public keys are received from the server. Later on, when the public keys get updated, the server version gets updated as well.



To provide the highest possible security, BEEM uses End-to-End Encryption. BEEM servers and operators has no access to the messages nor to the calls. BEEM uses military-grade encryption to protect the users’ privacy. Technically, BEEM uses AES 256-bit encryption and exchanges the encryption key using the Diffie Hellman Key Exchange algorithm (DH). The security of the protocol depends on AES and Discrete Logarithm problem.

The user starts the protocol by requesting the recipient’s public key. Once the public key is received, the user does a Diffie Hellman with the recipient’s public key in order to get a shared secret. Then the uses the shared secret as AES-256 bit key to encrypt all the message and communication. The user can start a secret chat session for higher security, when he/she will generate a fresh Diffie-Hellman key and use it in a single chat session with the recipient. The secret chat session key is different than any other key.



The Diffie Hellman requires that there are two public parameters prime number q and an integer a, a is a primitive root of q. The process is as follows:

  • Suppose users A and B want to agree upon a shared key, User A selects a random number XA(XA< Q) as the private key, and computes the public key YA=a^XA mod q. User A keeps the value of XA confidential so that YA can be publicly obtained by user B. Similarly, user B selects a random number XB < q and calculates the public key YB=a^XB mod q. User B keeps the value of XB confidential so that YB can be publicly obtained by user A.
  • UserAgeneratesthesharedsecretkeybytheformula:K=(YB)^XAmodq.Similarly, user B generates a shared secret key calculated to be K = (YA)^XB mod q. These two calculations produce the same result: K = (YB)^XA mod q = (a^XB mod q)^XA mod q = (a^XB)^XA mod q (According to the rule of modulo operation) = a^(XBXA) mod q = (a^XA)^XB mod q = (a^XA mod q)^XB mod q = (YA)^XB mod q. Therefore, it is equivalent to the two parties having exchanged an identical secret key.
  • BecauseXAandXBaresecret,theonlyparametersthatanadversarycanexploitareq, a, YA, and YB. The adversary is thus forced to take the discrete logarithm to determine the secret key. For example, to obtain the secret key of User B, an adversary must first calculate XB = inda,q(YB) and then calculate its secret key using the same method used by user B. The security of the Diffie-Hellman key exchange algorithm depends on the fact that while it is relatively easy to compute an exponential modulo of a prime number, it is difficult to compute the discrete logarithm. For large prime numbers, it is almost impossible to calculate the discrete logarithm. For example: The key exchange is based on the prime numbers q = 97 and a primitive root a = 5 of 97.User A and user B respectively select the private keys XA = 36 and XB = 58. Each of them calculates its public key YA = 5^36 = 50 mod 97 YB = 5^58 = 44 mod 97.After they have obtained the public key from each other, the secret keys shared by both parties are calculated as follows:
    𝐾 = π‘Œπ΅&' π‘šπ‘œπ‘‘97 = 44./ = 75π‘šπ‘œπ‘‘97
    𝐾 = π‘Œπ΄&2 π‘šπ‘œπ‘‘97 = 5045 = 75π‘šπ‘œπ‘‘97.
    𝑒𝑠𝑖𝑛𝑔 𝑑h𝑒 𝑝𝑒𝑏𝑙𝑖𝑐 π‘–π‘›π‘“π‘œπ‘Ÿπ‘šπ‘Žπ‘‘π‘–π‘œπ‘›: 50,44; 𝑑h𝑒 π‘Žπ‘‘π‘‘π‘Žπ‘π‘˜π‘’π‘Ÿ 𝑛𝑒𝑒𝑑𝑠 π‘‘π‘œ π‘π‘Žπ‘™π‘π‘’π‘™π‘Žπ‘‘π‘’ 𝑑h𝑒 75; 𝑀h𝑖𝑐h 𝑖𝑠 𝑑𝑖𝑓𝑓𝑖𝑐𝑒𝑙𝑑

BEEM uses 2048 bits public key which makes it secure against any known attack.



How secure is BEEM?

BEEM uses military grade encryption AES-256 with state of art key exchanges protocol. For maximum protection, the system provides the secret chat option where newly generated Diffie-Hellman keys are exchanged and used in a sperate chat session. The encryption in the system protects the users’ privacy using well-studied cryptographic algorithms.

Why does BEEM uses a custom protocol instead of Transport Layer Security?

BEEM saves a lot of time by fixing the cryptographic suites needed to encrypt the link between the users and BEEM servers. The normal TLS handshake have a lot of attacks, for example downgrade attack, or using weak cryptographic primitives. These attacks are avoided by BEEM unique approach. BEEM is also protected against replay attack.

Is the metadata encrypted?

The server needs to know the metadata to route the encrypted messages to their recipients for example. The metadata is encrypted in BEEM in order to prevent any attacker from analyzing the packets.