I spent the last weeks analyzing the protocol used by the mobile messaging application Threema. It’s a custom protocol with some similarities to CurveCP. Just like CurveCP it uses the NaCl library to encrypt packets.
You can read about the results of my analysis in this paper.
During my analysis I focused on understanding the protocol. In my paper I’m neither judging whether the protocol includes any weaknesses nor if the application contains some implementation mistakes. Nevertheless, the protocol seems to be well designed.