End-to-End Encryption
Every message, call, and file you send through Varta is encrypted on your device before it ever leaves. Not even Varta can read your conversations — only you and your intended recipients hold the keys.
Everything is encrypted by default
There is no "enable encryption" toggle. Every form of communication on Varta is end-to-end encrypted automatically.
Under the Hood
Built on QuantumShield
Varta uses QuantumShield — our post-quantum E2E encryption engine powered by a Rust/WASM cryptographic core. It combines classical ciphers (AES-256-GCM, ChaCha20-Poly1305) with NIST post-quantum algorithms (ML-KEM-768, ML-DSA-65) for defense-in-depth security.
Post-Quantum Hybrid Key Exchange
Session keys are exchanged using a hybrid KEM combining X25519 with ML-KEM-768 (NIST FIPS 203). Even if a quantum computer breaks classical key exchange, ML-KEM-768 provides NIST Level 3 post-quantum security. ECDH P-256 is used as a fallback for backward compatibility.
Cascading Dual-Layer Encryption
Messages are encrypted first with AES-256-GCM, then wrapped with ChaCha20-Poly1305 via the QuantumShield WASM engine. An attacker must break BOTH ciphers to recover plaintext. Length-hiding padding prevents traffic analysis.
Per-Message Key Derivation
Each message derives a unique encryption key from the session key and message ID via HKDF-SHA3-512. This provides per-message key isolation — compromising one message key reveals nothing about any other message.
E2E Encrypted Voice & Video Calls
Voice and video calls are encrypted at the media frame level using WebRTC Insertable Streams. Each audio and video frame is encrypted with AES-256-GCM using keys derived from the conversation session key via HKDF. Even TURN relay servers cannot see call content.
Client-Side File Encryption
Photos, videos, documents, and voice messages are encrypted on your device before upload using QuantumShield cascading cipher. The server stores only encrypted bytes. Files are decrypted in the browser when you view them — the server never sees the original content.
Argon2id Key Derivation
Password-derived keys use Argon2id with 19MB memory cost — the most GPU/ASIC-resistant KDF available. This makes brute-force attacks computationally infeasible even with specialized hardware.
Per-Message Key Isolation
Each message is encrypted with a unique key derived from the session key via HKDF-SHA256, bound to the message ID. Compromising one message key does not expose any other message.
Session keys are exchanged using ephemeral ECDH key pairs, so even if a long-term device key is compromised, past session keys remain secure. The architecture is designed for a clear post-quantum upgrade path.
Ephemeral session keys
New key pair generated for every message exchange, then securely deleted.
Break-in recovery
Even if a session key is compromised, subsequent messages use new keys and remain secure.
No key reuse
Encryption keys are never reused across messages, eliminating replay and known-plaintext attacks.
Comparison
Not all encryption is equal
Many apps claim to be "encrypted" but only protect data in transit to their servers. True end-to-end encryption means the server never has access to plaintext.
Transport Encryption (TLS)
Encrypts data between your device and the server. The server can read your messages.
Server-Side Encryption
Messages are encrypted on the server at rest. The provider holds the keys and can decrypt.
End-to-End Encryption (Varta)
Messages are encrypted on your device before sending. Only the recipient can decrypt. The server sees only ciphertext.
Verify your encryption keys
Varta lets you verify the identity of the person you are messaging by comparing device fingerprints. Each device has a unique fingerprint derived from its public identity key — you can compare these in person or over a trusted channel to confirm there is no man-in-the-middle.
Your conversations deserve real encryption
Start messaging with military-grade, end-to-end encryption that is always on and requires zero configuration.