NoChat holds no keys, no plaintext, and no way to derive either. Your private keys are generated on your device and never leave it. If we're subpoenaed, we hand over ciphertext and shrug.
“Zero knowledge” gets thrown around loosely, so here's what it means precisely inside NoChat. The service provider has zero ability to read your messages even with full access to its own servers, because the keys that could decrypt your conversations exist only on your devices. We designed the system so this isn't a promise we keep — it's a property of the architecture we couldn't break if we wanted to.
Identity, exchange, and session keys are generated in your browser or app using the Web Crypto API (P-256 ECDH for key agreement, AES-256-GCM for content). Private keys are never transmitted anywhere. The session key is cached locally so future messages decrypt instantly, but the secret material stays put.
The database holds encrypted message blobs, encrypted file references, and public keys. There is no plaintext and no decryption material anywhere in it. The salt used to derive per-pair session keys is built from sorted user IDs — public information — so even the derivation process exposes no secret.
We can't produce what we don't have. Under a legal order we can only hand over encrypted blobs that nobody except the endpoints can decrypt. To be honest about the limits: zero knowledge is about content, not existence. We still process operational data needed to route messages.
Don't take our word for it. The client and server are open source. You can inspect the code, trace exactly where keys are generated, confirm they never leave the device, and verify the server schema only holds ciphertext. The full cryptographic inventory documents every primitive and where it runs.
It means the service provider has zero ability to read your messages, even with full access to its own servers. The keys that could decrypt your conversations live only on your devices.
Key pairs are generated client-side with Web Crypto (P-256 ECDH + AES-256-GCM). Private keys stay in the browser or app and are never transmitted. The server stores encrypted ciphertext and public keys only.
No. An attacker who dumps the entire database gets ciphertext with no decryption keys. There is nothing in the database that can reveal message contents.
They overlap. E2EE means messages are encrypted from one endpoint to another. Zero knowledge adds that the provider also has no ability to derive, recover, or store the decryption keys. NoChat is both.
Only to the extent that you've backed up your keys. Because there's no decryption escrow, we literally cannot recover your past messages for you — that's the cost and the benefit of real zero knowledge.
No. We process operational data needed to route messages — user IDs, public keys, delivery timestamps. We don't know message content, file content, or private keys. Zero knowledge is about content, not existence.
Free, open source, and private by design. No phone number, no email required.