Post-quantum · Censorship-resistant · Open source

Your words find their own way through.

KARST is a fully open, non-commercial private messenger with no phone number, no accounts on our servers, and no central point to seize, coerce, or shut down. Like water carving hidden passages through limestone, messages route around whatever stands in the way.

Pre-alpha · unaudited reference implementation — read the honest status
Why KARST is built this way

Safe because it's open — not in spite of it.

Most "secure" messengers assume the adversary can't see how they work, or lean on one company that can be pressured and shut down. KARST assumes the opposite and builds from there.

01

The adversary knows everything but your keys

Kerckhoffs taken to the limit: the whole protocol and all the code are public. Only your keys stay secret. If publishing the code could kill the network, it was relying on obscurity — not cryptography.

02

Hard to block without breaking the network around it

No fingerprint of its own and no single load-bearing relay. Carriers behave like ordinary users of mainstream protocols — the first one, WebSocket-over-TLS, looks like plain HTTPS.

03

No single point to seize or coerce

No master key baked into the app, no single issuer, directory, or update authority — and no legal entity. Publishing cryptographic source is speech, not an organization. There's no one to sue, defund, or compel.

04

Post-quantum by default

Every message is sealed with PQXDH — ML-KEM-768 + X25519 and a Double Ratchet. Harvest-now-decrypt-later fails: recording ciphertext today buys nothing when the quantum computer arrives.

05

Prove your right to spend

Every scarce resource — memory, CPU, bandwidth — requires an address check and a cryptographic admission proof first. Denial-of-service and Sybil resistance are structural, not bolted on.

06

Honesty over marketing

The docs state plainly what KARST cannot guarantee — volumetric DDoS, a full internet shutdown, what today's relay still learns. A verifiable, honest build beats a silently compromised one.

The desktop app

Real messages, real encryption — running today.

Not a mockup. Create an identity from a 12-word phrase, point it at a relay, and talk — end-to-end encrypted over an untrusted mailbox that can't read who's speaking to whom.

KARST — encrypted conversation
Two people exchanging end-to-end encrypted messages in the KARST desktop app
No phone number

Your identity is a key only you hold

Recoverable from a 12-word phrase, encrypted at rest. Nothing ties you to a SIM, an email, or an account on someone's server.

Multi-homed

A dead relay doesn't drop your mail

Publish to several relays at once; connect-level path failover routes around the ones that vanish. No single carrier is load-bearing.

Traffic-shy

Fixed-size envelopes, fixed-size fetches

Message content is padded into size buckets and pulls are fixed-size, inside the encrypted session — queue depth and length don't leak.

How it works

Sealed envelopes through an untrusted mailbox.

Relays carry your messages but are never trusted with them. The security lives in the keys on your devices, not in the infrastructure between.

Derive an identity

A 12-word recovery phrase becomes your keypair and an encrypted on-device vault. No signup, no server-side account.

Prove admission

Before anyone spends resources on you, a stateless cookie and a one-time capability prove you're allowed through the door.

Seal & deposit

Messages are sealed with post-quantum PQXDH and a Double Ratchet, then dropped into a relay mailbox as fixed-size ciphertext.

Verify the person

A 60-digit safety number lets you confirm, out of band, that no one has swapped a key in the middle.

Verify who you're talking to

A number no relay can fake.

The fingerprint of both identity keys — identical on every client, desktop or CLI.
Read it aloud together over a call or in person. If the digits match, no one is sitting in the middle.
The relay is never the anchor of who you are — you are.
70855 88992 92860 24085 46376 23803 46420 66617 40419 50254 72038 77023
KARST — safety number
The KARST app showing a real 60-digit safety number for a conversation
Public protocol · Public code · AGPL-3.0

Auditable by anyone. Owned by no one.

KARST is a reference implementation built in Rust and developed in the open. Its cryptography has not yet been independently audited — so read it, break it, and help build the thing that can't be shut down.

github.com/bytesoffreedom/karst-messenger