Private Contact Discovery
OPRF-based PSI to prevent enumeration and metadata leakage. The server sees only blinded points — never phone numbers.
Sanchr
End-to-end encryption secures message content — but not everything around it. Sanchr extends privacy to contact discovery, media, and cryptographic state.
Limited early access. We're onboarding gradually and welcome critical feedback.
Most messaging apps protect messages — but still expose:
Security stops at messages. The rest remains vulnerable.
We treat time as a security boundary.
No cryptographic material is both cross-domain and persistent.
OPRF-based PSI to prevent enumeration and metadata leakage. The server sees only blinded points — never phone numbers.
Media keys bound to the ratchet lifecycle, not stored indefinitely. Keys are erased at each step; re-access uses device-local AccessK with a 30-day TTL.
System-wide lifecycle enforcement for all cryptographic state. Every material gets a class, a TTL, and an enforced expiration policy.
Built and tested in a production system.
Formal security proofs, production benchmarks, and composed security analysis. USENIX-style preprint.
Architecture deep-dive — Signal Protocol integration, OPRF-PSI discovery, ratchet-derived media keys, EKF lifecycle management.
We're building a privacy-first messaging system and onboarding users carefully. We're especially interested in:
Get early access and help shape the system. Priority given to thoughtful feedback and contributions.