About Beem E2EE chat
ENCRYPTION IN BEEM APP
BEEM supports EndtoEnd encryption, which ensures that messages can only be read by their recipients. No one including BEEM servers can listen to the communication between BEEM users.
CLIENT SERVER COMMUNICATION
BEEM uses a stateofart protocol that replaces TLS. Mainly no cryptographic suites are negotiated; the algorithm is fixed from the server and the user side. This approach makes BEEM faster than any TLS based system and makes BEEM safe from TLS known vulnerabilities.
The protocol uses RSA 2048 with AES 256 to encrypt the control information between the server and the users. Encryption the control information prevents the BEEM system from being analyzed and protect the usersβ identities from been exposed.
The public keys of the users are initially transmitted to the servers using the protocol using RSA 2048 algorithm. Then the server generates a secret s for every user and use it to encrypt the all future communication. When BEEM users start the communication with each other, initially their public keys are received from the server. Later on, when the public keys get updated, the server version gets updated as well.
ENDTOEND ENCRYPTION
To provide the highest possible security, BEEM uses EndtoEnd Encryption. BEEM servers and operators has no access to the messages nor to the calls. BEEM uses militarygrade encryption to protect the usersβ privacy. Technically, BEEM uses AES 256bit encryption and exchanges the encryption key using the Diffie Hellman Key Exchange algorithm (DH). The security of the protocol depends on AES and Discrete Logarithm problem.
The user starts the protocol by requesting the recipientβs public key. Once the public key is received, the user does a Diffie Hellman with the recipientβs public key in order to get a shared secret. Then the uses the shared secret as AES256 bit key to encrypt all the message and communication. The user can start a secret chat session for higher security, when he/she will generate a fresh DiffieHellman key and use it in a single chat session with the recipient. The secret chat session key is different than any other key.
DH ALGORTHIM EXPLAINED (FOR CALLS AND MESSAGES)
The Diffie Hellman requires that there are two public parameters prime number q and an integer a, a is a primitive root of q. The process is as follows:
 Suppose users A and B want to agree upon a shared key, User A selects a random number XA(XA< Q) as the private key, and computes the public key YA=a^XA mod q. User A keeps the value of XA confidential so that YA can be publicly obtained by user B. Similarly, user B selects a random number XB < q and calculates the public key YB=a^XB mod q. User B keeps the value of XB confidential so that YB can be publicly obtained by user A.
 UserAgeneratesthesharedsecretkeybytheformula:K=(YB)^XAmodq.Similarly, user B generates a shared secret key calculated to be K = (YA)^XB mod q. These two calculations produce the same result: K = (YB)^XA mod q = (a^XB mod q)^XA mod q = (a^XB)^XA mod q (According to the rule of modulo operation) = a^(XBXA) mod q = (a^XA)^XB mod q = (a^XA mod q)^XB mod q = (YA)^XB mod q. Therefore, it is equivalent to the two parties having exchanged an identical secret key.

BecauseXAandXBaresecret,theonlyparametersthatanadversarycanexploitareq,
a, YA, and YB. The adversary is thus forced to take the
discrete logarithm to determine the secret key. For example,
to obtain the secret key of User B, an adversary must first
calculate XB = inda,q(YB) and then calculate its secret key
using the same method used by user B. The security of the
DiffieHellman key exchange algorithm depends on the fact that
while it is relatively easy to compute an exponential modulo
of a prime number, it is difficult to compute the discrete
logarithm. For large prime numbers, it is almost impossible to
calculate the discrete logarithm. For example: The key
exchange is based on the prime numbers q = 97 and a primitive
root a = 5 of 97.User A and user B respectively select the
private keys XA = 36 and XB = 58. Each of them calculates its
public key YA = 5^36 = 50 mod 97 YB = 5^58 = 44 mod 97.After
they have obtained the public key from each other, the secret
keys shared by both parties are calculated as follows:
πΎ = ππ΅&' πππ97 = 44./ = 75πππ97
πΎ = ππ΄&2 πππ97 = 5045 = 75πππ97.
π’π πππ π‘hπ ππ’ππππ ππππππππ‘πππ: 50,44; π‘hπ ππ‘π‘πππππ πππππ π‘π πππππ’πππ‘π π‘hπ 75; π€hππh ππ πππππππ’ππ‘
BEEM uses 2048 bits public key which makes it secure against any known attack.
FAQ
How secure is BEEM?
BEEM uses military grade encryption AES256 with state of art key exchanges protocol. For maximum protection, the system provides the secret chat option where newly generated DiffieHellman keys are exchanged and used in a sperate chat session. The encryption in the system protects the usersβ privacy using wellstudied cryptographic algorithms.
Why does BEEM uses a custom protocol instead of Transport Layer Security?
BEEM saves a lot of time by fixing the cryptographic suites needed to encrypt the link between the users and BEEM servers. The normal TLS handshake have a lot of attacks, for example downgrade attack, or using weak cryptographic primitives. These attacks are avoided by BEEM unique approach. BEEM is also protected against replay attack.
Is the metadata encrypted?
The server needs to know the metadata to route the encrypted messages to their recipients for example. The metadata is encrypted in BEEM in order to prevent any attacker from analyzing the packets.