The adversary knows everything but your keys
Kerckhoffs taken to the limit: the whole protocol and all the code are public. Only your keys stay secret. If publishing the code could kill the network, it was relying on obscurity — not cryptography.
KARST is a fully open, non-commercial private messenger with no phone number, no accounts on our servers, and no central point to seize, coerce, or shut down. Like water carving hidden passages through limestone, messages route around whatever stands in the way.
Most "secure" messengers assume the adversary can't see how they work, or lean on one company that can be pressured and shut down. KARST assumes the opposite and builds from there.
Kerckhoffs taken to the limit: the whole protocol and all the code are public. Only your keys stay secret. If publishing the code could kill the network, it was relying on obscurity — not cryptography.
No fingerprint of its own and no single load-bearing relay. Carriers behave like ordinary users of mainstream protocols — the first one, WebSocket-over-TLS, looks like plain HTTPS.
No master key baked into the app, no single issuer, directory, or update authority — and no legal entity. Publishing cryptographic source is speech, not an organization. There's no one to sue, defund, or compel.
Every message is sealed with PQXDH — ML-KEM-768 + X25519 and a Double Ratchet. Harvest-now-decrypt-later fails: recording ciphertext today buys nothing when the quantum computer arrives.
Every scarce resource — memory, CPU, bandwidth — requires an address check and a cryptographic admission proof first. Denial-of-service and Sybil resistance are structural, not bolted on.
The docs state plainly what KARST cannot guarantee — volumetric DDoS, a full internet shutdown, what today's relay still learns. A verifiable, honest build beats a silently compromised one.
Not a mockup. Create an identity from a 12-word phrase, point it at a relay, and talk — end-to-end encrypted over an untrusted mailbox that can't read who's speaking to whom.
Recoverable from a 12-word phrase, encrypted at rest. Nothing ties you to a SIM, an email, or an account on someone's server.
Publish to several relays at once; connect-level path failover routes around the ones that vanish. No single carrier is load-bearing.
Message content is padded into size buckets and pulls are fixed-size, inside the encrypted session — queue depth and length don't leak.
Relays carry your messages but are never trusted with them. The security lives in the keys on your devices, not in the infrastructure between.
A 12-word recovery phrase becomes your keypair and an encrypted on-device vault. No signup, no server-side account.
Before anyone spends resources on you, a stateless cookie and a one-time capability prove you're allowed through the door.
Messages are sealed with post-quantum PQXDH and a Double Ratchet, then dropped into a relay mailbox as fixed-size ciphertext.
A 60-digit safety number lets you confirm, out of band, that no one has swapped a key in the middle.
KARST is a reference implementation built in Rust and developed in the open. Its cryptography has not yet been independently audited — so read it, break it, and help build the thing that can't be shut down.