For the past few months, every message sent through NathChat has been protected by an
encryption architecture we haven't talked about publicly until now. No announcement, no
banner, no press release. We wanted it running quietly in production first, carrying real
conversations, before we said anything about it.
It's been doing exactly that. So let's talk about what it actually does.
The short version
When you open NathChat, you're asked for a passphrase. That passphrase never touches our
servers. Not encrypted, not hashed, not in transit, not ever. It exists for a few moments in
your browser's memory, does its job, and disappears the moment you close the tab.
What that passphrase does is unlock a private key that lives only on your device. That private
key is the only thing on earth that can decrypt your conversations. We don't have a copy. We
can't generate one. If you lose your passphrase, we can't recover your messages — not because
of a policy, but because of mathematics. There is no master key sitting in a vault somewhere
that gets us around this. It simply doesn't exist.
That's the whole point.
Why most "encrypted" platforms aren't quite what they claim
A lot of messaging apps say they're encrypted. Fewer are encrypted in a way that actually
matters. The distinction comes down to one question: who holds the key?
If a company holds the key — even a key wrapped in policy promises not to use it — then a
court order, a compromised employee, or a breach can expose every conversation on the
platform. The encryption becomes a lock on a door where the company keeps a spare set of keys
in the drawer. It looks secure. It isn't, structurally.
NathChat doesn't keep a spare set. We built it so there's no drawer.
How it actually works
Here's the architecture in plain terms:
Your passphrase generates a key pair on your device. When you set up NathChat, your
browser or app generates a public key and a private key. The private key is encrypted using a
key derived from your passphrase through 310,000 rounds of PBKDF2 — a deliberately slow,
computationally expensive process that makes brute-force attacks impractical even with
significant computing power.
Only the public key — and the encrypted private key — ever reach our servers. A public key
is, by design, safe to share. It can encrypt things addressed to you, but it can't decrypt
anything. Your encrypted private key sits on our servers too, but it's useless without your
passphrase to unwrap it. We store it purely so you can log in from a new device without losing
access to your conversations — convenience without compromise.
Every conversation has its own encryption key. We don't use one key per user for everything
they've ever said. Each room — each conversation — has its own independent key. If one
conversation's key were ever compromised, it wouldn't expose anything else. When you add
someone to a conversation, your device encrypts that conversation's key specifically for them,
using their public key, before it ever reaches our servers. We coordinate the introduction. We
never see what's being introduced.
Your messages pass through a second, independent layer of protection on our infrastructure.
Even if someone compromised our servers entirely, what they'd find is ciphertext wrapped in a
rotating, self-defending encryption layer — one that invalidates itself automatically the
moment unauthorized access is attempted. Two completely independent systems would need to be
broken simultaneously, on both the server and a specific user's device, for a single message
to be read by anyone who isn't its intended recipient.
What this means practically
If you've used NathChat over the past few months, nothing about your day-to-day experience
changed. You still log in, you still chat, you still share files. The difference is everything
happening underneath that you never had to think about.
It means a server breach gives an attacker nothing readable. It means we cannot hand over your
message content to anyone — not because we'd refuse to, but because we genuinely don't have
it. It means your conversations with friends, your company's internal discussions, your
family's group chat, none of it exists anywhere as plaintext outside the devices actually
having the conversation.
It also means something we think matters: we don't have to be trusted with your privacy. We
simply don't have access to violate it. That's a stronger promise than any privacy policy
can make, because it doesn't depend on our good behavior. It depends on cryptography.
---
What we're asking of you
This kind of security comes with one real responsibility: your passphrase is yours alone to
remember. We built recovery flows for almost everything in NathChat — except this. We can't
build a recovery option for a system specifically designed so that we cannot recover it. That
would defeat the purpose entirely.
Write it down somewhere safe. Use a password manager if that's your habit. Treat it the way
you'd treat a key to a safety deposit box — because functionally, that's exactly what it is.
Why we waited to tell you
We didn't want to announce an encryption system and ask you to trust our description of it. We
wanted it to already be protecting real conversations, quietly, for long enough that if
something were wrong, we'd have found it before talking about it publicly.
It's been running. It's been holding up. Now you know what's actually happening every time you
open the app.
Your conversations were never ours to read. Now you know exactly why.
Have technical questions about NathChat's encryption architecture? Reach out to our team —
we're glad to go deeper into the cryptographic details for anyone who wants them.