NullTrace
Quantum-ready · RAM-only · Zero telemetry
E2EE
PQ-Hybrid
No Logs
Private rooms. Disposable identities.
Start a secure channel, invite with a one-time capsule, let messages auto-burn.
- Post-quantum hybrid keying
- Traffic shaping with chaff & padding
- Burn timer · Deadman · One-tap wipe
Pending approvals
Security Engine
PQ-Hybrid from day one
X25519 + ML-KEM-512 for long-term secrecy and post-quantum resilience.
Identity-bound pairing
Signed handshake transcript + short SAS check to block invisible MITM.
Replay-proof AEAD
XChaCha20-Poly1305 with per-sender sequence & epochs. Strict AAD binds sender/seq/epoch.
Smart rekey
Initiator-driven on join/leave. Per-peer sealed GK distribution.
Access capsules
NT-C1 invites: signed, TTL-locked, size-padded. One-time room tokens at the WS edge.
Traffic shaping
Uniform 3–5 KB frames; encrypted chaff; server sinks noise.
Soft rate limits
Per-class quotas (chat / control / bulk). Back-pressure without drops.
RAM-only
No persistence. No telemetry. Hardened headers & strict CSP.
Safety UX
Approvals, SAS verify, burn timer, deadman switch, one-tap wipe.
How it works
- Host starts a room. Fresh keys; disposable room ID.
- Share an invite capsule. Signed NT-C1, TTL-bound, size-padded (no token inside).
- Guest pastes & confirms. Room + short SAS fingerprints for a quick human check.
- Hybrid handshake. X25519 + ML-KEM derive a shared secret; initiator signs the transcript.
- Host approves. Sends one-shot
ct; rekeys and distributes sealed GK. - Chat. AEAD with deterministic nonces; AAD over
{type,cid,seq,epoch}. - Membership change → new keys. Debounced rekey; guests can
gk_reqto resync. - Traffic blended. Frames padded; encrypted chaff runs; server sinks noise.
- Clean exit. Burn timer, deadman, wipe. Nothing at rest.