Protocol-Grade
Encrypted Communication
Signal-spec Double Ratchet, post-quantum hybrid key exchange, and a zero-knowledge architecture that stores nothing. Built for security teams who need to coordinate response when the network itself is the risk.
Launch Secure Chat →What Protects Every Message
Every layer of the protocol is designed to minimize metadata exposure and maximize forward secrecy β even against quantum adversaries.
AES-256-GCM Encryption
Military-grade authenticated encryption for every message, header, and stored key. Tamper-evident by design.
SymmetricDouble Ratchet Protocol
Signal-spec key ratcheting provides forward secrecy and break-in recovery. Compromising one message reveals nothing else.
Forward SecrecyPost-Quantum Hybrid
X25519 + ML-KEM-768 (Kyber) hybrid key exchange. Resistant to both classical and quantum attacks, NIST-standardized.
Post-QuantumHeader Encryption
Message headers are encrypted alongside content. Even the server cannot see who is talking to whom, or when.
Metadata ProtectedFull Sealed Sender
Sender identity is cryptographically sealed. The server routes messages without knowing origin β only the recipient can decrypt.
AnonymousPlausible Deniability
Conversation transcripts cannot be cryptographically attributed to either party. No one can prove you said anything.
DeniableThree Steps to Secure Communication
No phone number. No email. No personal data. Just a Hat β and encrypted channels that leave no trace.
Create a Hat
Generate an anonymous identity (a "Hat") with a single click. No registration, no personal information, no phone number required.
Communicate Securely
Start encrypted conversations or send one-time Dead Drops. Every message is end-to-end encrypted with post-quantum key exchange.
Burn Everything
Destroy your Hat and all associated channels instantly. Messages self-destruct, keys are zeroed. Nothing remains on the server.
How We Compare to the Industry
A transparent, feature-by-feature comparison against the most widely recognized secure messaging platforms.
| Feature | City of Hats | Signal | Telegram | Wickr | |
|---|---|---|---|---|---|
| Encryption Foundation | |||||
| End-to-End Encryption | ✓AES-256-GCM | ✓AES-256-CBC | ✓Signal Protocol | Opt-in onlyMTProto 2.0 | ✓AES-256 |
| Double Ratchet Protocol | ✓ | ✓ | ✓ | ✗ | ✓ |
| Post-Quantum Key Exchange | ✓X25519 + ML-KEM-768 | PartialPQXDH | ✗ | ✗ | ✗ |
| Metadata Protection | |||||
| Header Encryption | ✓ | ✗ | ✗ | ✗ | ✗ |
| Sealed Sender | ✓Full | Partial | ✗ | ✗ | ✗ |
| Decoy / Cover Traffic | ✓ | ✗ | ✗ | ✗ | ✗ |
| Metadata Padding | ✓ | Partial | ✗ | ✗ | Partial |
| Advanced Capabilities | |||||
| Dead Drops (Burn-After-Read) | ✓+ Steganography | ✗ | ✗ | ✗ | ✗ |
| Time-Locked Encryption | ✓ | Disappearing | Disappearing | Self-destruct | Expiration |
| Multi-Path Delivery | ✓ | ✗ | ✗ | ✗ | ✗ |
| Plausible Deniability | ✓ | Partial | ✗ | ✗ | Partial |
| Identity & Trust | |||||
| No Phone / Email Required | ✓Hat identities | ✗Phone required | ✗Phone required | ✗Phone required | ✗Email required |
| Safety Numbers / Key Verification | ✓ | ✓ | ✓ | ✗ | Partial |
| Key Rotation Alerts | ✓ | ✓ | ✓ | ✗ | ✗ |
| Architecture & Transparency | |||||
| Zero-Knowledge Server | ✓Store nothing | Partial | ✗ | ✗ | Partial |
| Client-Side Audit Log | ✓Hash-chained | ✗ | ✗ | ✗ | ✗ |
| Warrant Canary | ✓ | ✓ | ✗ | ✓ | ✗ |
| Encrypted Local Storage | ✓AES-256-GCM | Partial | ✗ | ✗ | ✓ |
The Server Knows Nothing
Unlike traditional messaging platforms, our server is cryptographically unable to read your messages, know your identity, or reconstruct your conversations.
What This Means for You
- No message storage β Messages are deleted from the server the moment they are delivered. Nothing to subpoena.
- No identity linkage β Hat identities are not connected to any personal data. No phone, no email, no name.
- No metadata exposure β Encrypted headers and sealed sender mean the server cannot see who talks to whom.
- No retroactive decryption β Forward secrecy via Double Ratchet ensures past messages remain safe even if keys are later compromised.
- No quantum threat β ML-KEM-768 hybrid key exchange protects against harvest-now-decrypt-later attacks.
- No audit trail on server β Client-side hash-chained audit logs give you accountability without centralized logging.
Ready to Communicate Securely?
Create a Hat in seconds. No registration, no personal data. Just encrypted, anonymous channels that leave no trace.