They're watching. Every message.

Alice
Not secure

Hey, can you send me the account details?

10:42 AM

Sure, the password is Summer2024!

10:43 AM

Got it. What about the PIN?

10:44 AM

It's 4729. Don't share this with anyone.

10:45 AM

Without encryption, every keystroke is exposed.

INTEL BRIEFING

Zero knowledge messaging, literallyzero

'Zero knowledge' gets thrown around a lot. Here's what it actually means inside NoChat's architecture.

CLASSIFIED
DECLASSIFIED

Keys Generated On-Device

Identity, exchange, and session keys are generated in your browser or app via Web Crypto. Private keys are never transmitted anywhere.

CLASSIFIED
DECLASSIFIED

Server Stores Ciphertext Only

The database holds encrypted message blobs, encrypted file references, and public keys. There is no plaintext and no decryption material.

CLASSIFIED
DECLASSIFIED

Subpoena-Resistant by Math

We can't produce what we don't have. Under legal order we can only hand over encrypted blobs that nobody except the endpoints can decrypt.

CLASSIFIED
DECLASSIFIED

Authenticated Encryption

AES-256-GCM ensures tampering is detected. Even a rogue server can't silently modify messages in flight.

All features auditable. View source code

Zero Knowledge + Post-Quantum

Zero knowledge today.
Zero knowledge in 2040.

Classical zero knowledge isn't enough if captured ciphertext can be decrypted decades later. NoChat wraps session keys with ML-KEM (Kyber-1024), so the zero knowledge guarantee holds against future quantum attackers too.

NIST Approved Standards

The same cryptography the US government will use

ML-KEM

Key encapsulation

Kyber-1024

ML-DSA

Digital signatures

Dilithium3

Harvest Now, Decrypt Later

Why this matters today, not tomorrow

Nation states are already storing encrypted communications. When quantum computers arrive, they'll decrypt years of captured data instantly.

NoChat protects your messages against this threat today

Signal, WhatsApp, Telegram — none offer post-quantum encryption. NoChat does.

FAQ

zero knowledge messaging: questions, answered

The most common things people ask about zero knowledge messaging.

What is zero knowledge messaging?

Zero knowledge messaging means the service provider has zero ability to read your messages, even with full access to their own servers. The keys that could decrypt your conversations live only on your devices.

How does NoChat achieve zero knowledge?

Key pairs are generated client-side with Web Crypto (P-256 ECDH + AES-256-GCM). Private keys stay in the browser or app and are never transmitted. The server stores encrypted ciphertext and public keys only.

If NoChat gets hacked, are my messages exposed?

No. An attacker who dumps the entire NoChat database would get ciphertext with no decryption keys. There is nothing in the database that can reveal message contents.

Is zero knowledge messaging the same as end-to-end encryption?

They overlap. E2EE means messages are encrypted from one endpoint to another. Zero knowledge adds: the service provider also has no ability to derive, recover, or store the decryption keys. NoChat is both.

Can NoChat reset my account if I forget my password?

Only to the extent that you've backed up your keys. Because we don't have a decryption escrow, we literally cannot recover your past messages for you. That's the cost and benefit of real zero knowledge.

Does zero knowledge mean I can't use NoChat on multiple devices?

No. Multi-device is supported via encrypted key exchange between your own devices, so new devices can receive keys without the server ever seeing them in plaintext.

How can I verify NoChat is actually zero knowledge?

The client and server are open source. You can inspect the code, trace where keys are generated, confirm they never leave the device, and verify the server schema only holds ciphertext. Full crypto inventory is in docs/crypto-inventory.md.

Does zero knowledge mean NoChat knows nothing at all?

We know operational data needed to route messages — user IDs, timestamps on delivery, public keys. We don't know message content, file content, or private keys. Zero knowledge is about content, not existence.

Ready to go dark?

nochat-terminal
Loading...
or create an account

No account required. No data collected. No compromises.

Also available on

macOSWindowsLinux
FROM THE BLOG

Dispatches on private messaging

Reporting on encryption, anonymous messaging, and what it takes to build a secure messaging app with no phone number required.

Apr 13, 2026 · 7 min read

2026-04-04-government-procurement-your-privacy-why-anonymous-messaging-

Apr 13, 2026 · 7 min read

2026-04-04-digital-privacy-why-phone-number-free-messaging-matters

Apr 13, 2026 · 6 min read

2026-04-03-digital-privacy-in-question-why-secure-messaging-matters-mor

Read all posts →
RELATED

Also worth reading

secure messaging app

NoChat is a secure messaging app with a zero-trust architecture: post-quantum E2E encryption, no phone number, no plaintext on our servers. Open source.

Learn more

encrypted messaging app

NoChat is an encrypted messaging app with post-quantum end-to-end encryption. Anonymous sign-up, zero knowledge storage, no phone number required.

Learn more

post-quantum encryption messaging

NoChat delivers post-quantum encryption messaging using ML-KEM (Kyber-1024) and AES-256-GCM. Protect your conversations against harvest-now-decrypt-later attacks.

Learn more

Join the quiet ones

Join a community that values privacy over convenience.

0
secrets kept
100%
open source
256-bit
encryption
[INTERCEPTED]

"Finally, a messaging app that doesn't mine my data."

Anonymous

Privacy advocate

[INTERCEPTED]

"The encryption is rock solid. I've audited the code myself."

Anonymous

Security researcher

[INTERCEPTED]

"No phone number required? That's how it should be."

Anonymous

Someone who values privacy

Star us on GitHub