Encryption with ZRTP

What everyone needs to know about the ZRTP system:

combo lock

When you make a call using ZRTP, and if the person you are calling has no encryption, you will see a red warning on the phone, but you will still be able to speak to them. Installing Lumicall today doesn't cut you off from those who don't have encryption

When both phones have ZRTP, (for example, calling from Lumicall to Lumicall), there will be a short delay and then the red warning is replaced by a green confirmation. Now you know the call is fully encrypted

But how do you know that there is no man in the middle - someone in the phone company who receives your call, decrypts it, monitors it, and starts a new encrypted transmission to the other person so that they see a green confirmation?

This is the beauty of the ZRTP protocol: it uses a mathematical technique known as a Diffie-Hellman key agreement to generate a random password for the call, without ever transmitting the password to the other person. Each phone creates an incomplete mathematical equation and sends it to the other phone. By solving the equations together, the phones both find the same result: a secure pair of passwords, without ever having to transmit the passwords. Both you and the person you are speaking to will see the passwords on the screen. If there is a man in the middle, his phone will also have to solve the equations, generating 4 passwords instead of 2: and you won't see the same passwords as the person you are speaking to. By reading the passwords to each other and recognising each other's voices, you can be certain that the encryption is running end-to-end.

It should be emphasized that your ability to recognise the other person's voice when they read the passwords to you is fundamental to the integrity of ZRTP. If you are calling a complete stranger (e.g. at the call centre of your bank), ZRTP does guarantee that there is no man-in-the-middle, but does not guarantee that you are speaking to who you think you called (you could be speaking to the bank employee, or an imposter who has re-routed your phone call).

See it in action

Our brief video shows you the process of making a secure call in less than a minute: