vChat
Secure Messenger
End-to-end encrypted messenger built post-quantum-first on CRYSTALS-Kyber (ML-KEM). PQXDH key agreement, a Double Ratchet message layer and an epoch-based group key system (GMK) with recovery & sender rotation — all powered by one shared Rust core (KyberSDK) reused across iOS, Android, Tauri desktop and a self-hosted Go backend. BIP39 recovery, multi-device, panic-mode wipe. A standalone project — no shared code with TerraCrypt.
KyberSDK · Rust post-quantum core
A single Rust crypto engine compiled to a C ABI and reused by every client — no per-platform crypto code, one audited surface.
- CRYSTALS-Kyber (ML-KEM) post-quantum KEM
- PQXDH post-quantum key agreement
- Double Ratchet messaging (AEAD + KDF)
- GMK epoch group keys + sender rotation & recovery
- BIP39 mnemonic + argon2id / AES-GCM state escrow
- FIPS-hardening track
Why a shared core
The hardest, most security-critical code lives once in Rust and is called identically from every platform.
iOS Native · Swift / SwiftUI
Modular SPM monorepo — each Core* a framework boundary, each Feature* one surface. Calls the Rust KyberSDK over a C ABI via KyberSDKWrapper.
- SwiftUI across DM, group chat, calls & media
- vChatNSE: Notification Service Extension for E2E push decryption
- CoreCrypto / CoreCryptoDM / CoreCryptoGroup
- Encrypted local store (CoreDatabase)
- BIP39 recovery + Keychain device identity
Modules
- CoreSession, CoreNetwork, CoreMessages
- FeatureAuth / DMChat / GroupChat / Call
- FeatureMediaMessages, FeatureSettings
Android Native · Kotlin / Compose
Kotlin client mirroring the iOS feature set, sharing the exact same Rust KyberSDK through JNI bindings.
- Jetpack Compose declarative UI
- Coroutines + Flow async / reactive streams
- Rust crypto core via JNI
- Encrypted local store
- FCM push with E2E decryption pipeline
Shared core
Same PQXDH / Kyber / GMK logic as iOS — zero crypto re-implementation per platform.
Desktop · Tauri (Rust + TypeScript)
One cross-platform desktop client (Windows, macOS & Linux) embedding the same Rust crypto core natively.
- Rust core shared with the mobile clients
- TypeScript + Vite front-end
- Native tray, menus & notifications
- Small native installer, no Chromium overhead
Why Tauri
The crypto engine is already Rust — Tauri lets the desktop app link it directly.
Backend · Go (self-hosted)
Standalone Go backend on kyber.vaha.net — auth, devices, prekeys, DM & group envelopes, files. Zero TerraCrypt reuse.
- Go services: auth, devices, bundles / prekeys, DM + group epochs, files
- PostgreSQL 16, Redis 7 (+ RedisBloom)
- MinIO (S3) presigned encrypted file storage
- APNS + FCM push; WebSocket realtime (kyber.* topics)
- Caddy auto-TLS, systemd, JWT + argon2id
Observability
- Loki: log aggregation
- Prometheus: metrics
- Tempo: distributed traces
- Grafana: dashboards & alerts