Threema: Encrypted Communications to Military Standards

If you are dealing with phone eavesdropping or need to provide an encrypted chat solution for your business, Threema is the clear choice.

In an age when phone tapping and privacy breaches have become everyday occurrences, ensuring secure and encrypted communications is essential. Threema has established itself as a leading application offering encrypted chat, with a strong emphasis on data protection and user privacy. Its technical specifications and implementation of cryptographic standards meet the highest security requirements — often comparable to military-grade standards.

Why Does Threema Not Need an Email Address or Phone Number?

Threema differs from applications such as WhatsApp or Signal in that it does not require any personal information to register. You need neither an email address nor a phone number. Instead, you receive an anonymous Threema ID, which allows you to use the application in complete anonymity.

Advantages of this approach:

• Maximum anonymity: Your personal data is never stored on servers.
• No link to your identity: Neither an attacker nor Threema itself can connect your account to your real personal data.
• Reduced vulnerability: Without a phone number or email address, your account cannot be compromised through those channels.

Why Can Threema Not Read What You Write?

Threema uses asymmetric cryptography (Elliptic Curve Cryptography, ECC), which operates on the principle of a key pair:

• Public key: Used to encrypt messages.
• Private key: Held only by the recipient and used to decrypt messages.

Protection Against Eavesdropping

Hash functions and encryption work together to protect communications against eavesdropping and manipulation:

1. Integrity protection: If an attacker were to intercept and alter the content of a message, the hash on the recipient's side would not match.

2. Detection of MITM attacks: The hash, combined with asymmetric encryption (ECC), protects against so-called "man-in-the-middle" attacks, in which an attacker attempts to insert themselves between sender and recipient.

Technical Analysis

Hash Functions: The Key to Data Integrity in Encrypted Communications

Hashing is a fundamental element of security protocols in encrypted communications, including the Threema application. Although it may appear to be a less significant aspect of encryption at first glance, hash functions are of critical importance for ensuring data integrity and detecting manipulation. Let us look more closely at how hashing works and why it matters so much.

What Is a Hash Function?

A hash function is a mathematical algorithm that converts arbitrarily large data (for example, a text message) into a fixed-length string of characters — known as a hash.

• One-way nature: Hashing is a one-way process — it is not possible to simply reconstruct the original data from the hash that has been produced.
• Uniqueness: Even a small change in the input data significantly alters the resulting hash, which enables straightforward detection of manipulation.

For example:

The message "Hello World" might produce the hash a591a6d40bf420404a011733cfb7b190, but if you change even a single character, the resulting hash will be entirely different.

How Does Threema Use Hash Functions?

Verification of message integrity

When you send a message via Threema, the application generates a hash of your message and this hash is sent alongside the encrypted data. The recipient compares the hash of the original message with the hash of the received message. If the hashes do not match, it means the message was altered during transmission — which immediately signals manipulation.

Protection against fraud

Hashing protects against attacks such as man-in-the-middle (MITM), because it ensures that data has not been modified during transmission.

Speed and efficiency

Hash functions are extremely fast, enabling message integrity to be verified in real time without placing a burden on the device.

Cryptographic Algorithms Used by Threema

Threema uses modern hashing standards, including:

1. SHA-256 (Secure Hash Algorithm):

• Uses a fixed output length of 256 bits.
• Resistant to collisions (where two different sets of data would produce the same hash).
• A best-in-class standard also used in blockchain and government security systems.

2. HMAC (Hash-Based Message Authentication Code):

• Combines a hash function with a secret key to ensure authenticity.
• Guarantees that the sender of a message is genuinely who they claim to be.

Hashing and Phone Eavesdropping

Hash functions do not themselves directly encrypt data, but they do ensure that any manipulation of data is immediately detected. If an attacker were to intercept and alter a message during transmission, the hash would not match and the recipient would be alerted.

This is particularly important in the context of protection against phone eavesdropping, where an attacker may attempt to manipulate data in transit.

Encrypted Chat and Hashing

In applications such as Threema, hash functions provide an additional layer of protection beyond encryption. Whereas encryption protects the content of a message from being read by third parties, hashing protects against:

• Content manipulation: An attacker cannot alter the content of a message without being detected.
• Spoofed communications: It ensures that messages originate from a verified sender.

How Does Hashing Fit Into Threema's Overall Security Architecture?

1. End-to-end encryption

The message is first encrypted using an asymmetric key (ECC). The hash function serves here to verify integrity.

2. Sender authentication

Every user has their own private and public key. Hashing combined with HMAC verifies that the message was genuinely sent by the person claiming to have sent it.

3. Risk minimisation

Hashing protects against advanced attacks such as replay attacks, in which an attacker attempts to reuse an old message.

Why Encryption Combined with Hashing Is Ideal for Businesses

1. Mobile phone security: The combination of encryption and hashing protects both the content and the integrity of communications.

2. Metadata protection: Hashing minimises the information that could be exploited.

3. Encrypted chat in real time: The speed of hash functions enables instantaneous integrity checks without slowing down communications.

For Businesses

• Threema Work: Specifically designed for internal company communications.
• Simple management: Centralised control over users and compatibility with tools such as LDAP.
• GDPR compliance: Data is processed in accordance with the most stringent standards.