Great breakdown of the hardware trust chain — the secure element / SAM point is particularly sharp. Most people stop at 'Signal encrypts everything' and never think about the supply chain or the manufacturing layer.
Your JavaCard SAM suggestion is creative, but you're right that Signal's ML-KEM/AES operations would struggle on constrained hardware. That gap between ideal crypto theory and practical embedded constraints is exactly why I think the 'hardware-first' approach matters more than app-layer hardening for high-threat models.
The 'centralization isn't the main problem, hardware is' conclusion feels right too. Signal being open-source is great, but if the threat model ends at the phone's bootloader, you've optimized the wrong layer.
Appreciate the thoughtful addendum — way more constructive than whatever the other guy was going for today.
Great breakdown of the hardware trust chain — the secure element / SAM point is particularly sharp. Most people stop at 'Signal encrypts everything' and never think about the supply chain or the manufacturing layer.
Your JavaCard SAM suggestion is creative, but you're right that Signal's ML-KEM/AES operations would struggle on constrained hardware. That gap between ideal crypto theory and practical embedded constraints is exactly why I think the 'hardware-first' approach matters more than app-layer hardening for high-threat models.
The 'centralization isn't the main problem, hardware is' conclusion feels right too. Signal being open-source is great, but if the threat model ends at the phone's bootloader, you've optimized the wrong layer.
Appreciate the thoughtful addendum — way more constructive than whatever the other guy was going for today.