Paper 2016/703

(In-)Secure messaging with the Silent Circle instant messaging protocol

Sebastian R. Verschoor and Tanja Lange


Silent Text, the instant messaging application by the company Silent Circle, provides its users with end-to-end encrypted communication on the Blackphone and other smartphones. The underlying protocol, SCimp, has received many extensions during the update to version 2, but has not been subjected to critical review from the cryptographic community. In this paper, we analyze both the design and implementation of SCimp by inspection of the documentation (to the extent it exists) and code. Many of the security properties of SCimp version 1 are found to be secure, however many of the extensions contain vulnerabilities and the implementation contains bugs that affect the overall security. These problems were fed back to the SCimp maintainers and some bugs were fixed in the code base. In September 2015, Silent Circle replaced SCimp with a new protocol based on the Signal Protocol.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
SCimpSilent Circleinstant messaging protocol
Contact author(s)
srverschoor @ uwaterloo ca
2016-07-18: received
Short URL
Creative Commons Attribution


      author = {Sebastian R.  Verschoor and Tanja Lange},
      title = {(In-)Secure messaging with the Silent Circle instant messaging protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2016/703},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.