Zero-Knowledge Architecture
We engineered Varta so that we know nothing about your conversations. Your encryption keys are generated on your device, stay on your device, and are never transmitted to our servers. We cannot read your messages — by design, not by policy.
"Cannot" is stronger than "will not"
Most platforms promise they "will not" read your data. Varta is architecturally built so that we cannot — even if we wanted to, even under legal compulsion, even if our servers are fully compromised.
Data Transparency
What our servers see
Complete transparency about what data touches our infrastructure and what never does.
Stored (encrypted or public)
All message content is stored only as encrypted ciphertext. Public keys are required for the key exchange protocol.
Never stored or accessed
Keys that never leave your device
When you set up Varta, your device generates a set of cryptographic key pairs locally. The private keys are stored in your device's secure storage and are never transmitted, backed up to the cloud, or shared with Varta servers.
Only the public portions of your keys are uploaded to facilitate the key exchange protocol. This is the mathematical foundation of zero-knowledge: we help deliver messages, but we never hold the keys to read them.
Ed25519 Device Identity Keys
A long-term Ed25519 key pair generated at device registration. The public key is your cryptographic identity used for signing; the private key never leaves your device.
Hybrid KEM Key Exchange (X25519 + ML-KEM-768)
Session keys are exchanged using a post-quantum hybrid KEM combining X25519 with ML-KEM-768 (NIST FIPS 203). ECDH P-256 provides backward-compatible fallback. Keys are generated on-device; private material never leaves your browser.
Per-Conversation Session Keys (AES-256)
A random 256-bit key generated per conversation and distributed to all member devices via hybrid KEM-wrapped key exchange. Stored only in your device's IndexedDB secure vault.
Cascading Per-Message Keys (HKDF-SHA3-512)
Unique per-message keys derived via HKDF-SHA3-512 from the session key and message ID. Each message is encrypted with dual-layer cascading cipher (AES-256-GCM + ChaCha20-Poly1305) for defense-in-depth.
Threat Model
What happens if things go wrong?
Zero-knowledge is not just a feature — it is your safety net. Here is how it protects you in worst-case scenarios.
Server breach
Attackers obtain only encrypted ciphertext. Without private keys (which exist only on your device), decryption is computationally infeasible.
Rogue employee
No employee at Varta has access to plaintext. The system is architecturally incapable of producing decrypted content, regardless of access level.
Legal compulsion
Even under a court order, Varta can only produce encrypted blobs and minimal metadata. We cannot comply with requests for message content because we do not have it.
Network interception
Messages are end-to-end encrypted before transport. Even if TLS is compromised, the attacker sees only ciphertext encrypted with keys they do not possess.
Metadata minimization
Beyond message content, we also minimize metadata. Delivery receipts are ephemeral and purged after delivery. We do not log who talks to whom, when, or how often. IP addresses are not stored with message records. We retain only the absolute minimum needed to route encrypted messages.
Privacy by architecture, not by promise
Join Varta and experience messaging where the platform is mathematically incapable of reading your data.