Use more than just end-to-end encryption to communicate confidently.
Designed to prioritize the protection of your privacy and communication data from the start.
Ciphr uses more than just end-to-end encryption to secure your communications against potential threats and evolving cyber risks.
We ensure no communication data is ever seen in plaintext by Ciphr’s infrastructure with user-controlled encryption keys.
Ciphr applications and infrastructure are independently audited by Cure53 to ensure the highest level of code and data security.
Post-Quantum Protection
Today’s communication data is secured against quantum enabled cyberattacks with PQ-ECC using NTRUEncrypt, Curve448-Goldilocks (ECC-448), double ratcheting, and X3DH.
Learn more
End-to-End Encryption
All communication is secured with encryption from sender to recipient for private conversations.
Perfect Forward Secrecy
Each message and call in a conversation is secured with unique ephemeral encryption keys.
User-Controlled Keys
Private encryption keys are generated and stored on your device so that no plaintext data passes through Ciphr’s infrastructure.
Contact Verification
Protect against Man-In-The-Middle attacks by verifying the identity of new contacts and authenticating their keys used in end-to-end encryption.
Composite Key Brute-Force Protection
Enhance the protection of stored data with the strongest safeguard against malicious online and offline brute-force attacks (optional setting).
Learn more
Maximum Password Attempts Limit
Limit the number of incorrect password attempts to keep your data protected in case you lose your device.
Argon2
Argon2 makes it harder for cyberattacks to guess entry passwords by using multiple, parallel rounds of memory and CPU-intensive hashing.
Password Protection
Our required password protection keeps your data in Ciphr encrypted and protected even if your device is unlocked.
Encrypted Data at Rest
All data stored in Ciphr is encrypted using SQLCipher with AES-256.
Secure Endpoints
Ciphr secures entry points from devices to our infrastructure from malicious activity. By leveraging strict TLS configuration and pinned certificates we keep ahead of vulnerabilities, and the compromise of certificate authorities.
Minimal Exposure of Metadata
Custom chat protocols expose only the bare minimum of metadata needed to route messages to recipients ensuring communication details are kept private.
Low-Latency, High-Availability Network
Servers and software implement custom protocols aimed at providing responsive message delivery, even when connected to low-bandwidth, high-latency mobile networks.
Private Push Notifications
Maintain confidentiality of message arrival times and counts by choosing to have push notifications originated from our servers instead of those controlled by Google or Apple.
Security Monitoring
Infrastructure security monitoring provides protection to the network with preventative measures to deny unauthorized access and malicious activity to the Ciphr network.
Perfect Forward Secrecy is a feature in Ciphr that generates unique encryption keys for each message. This eliminates the risk of a single encryption key decrypting an entire chat conversation.
Argon2 is a cryptographic algorithm and a key derivation function (KDF) designed to be GPU-resistant. A KDF is an algorithm designed simply to make a password-guessing attack more time-consuming for an attacker. By making each test take longer, a KDF makes even weak passwords harder to guess.
GPUs are optimized to perform specific tasks very quickly. However, a limitation of GPUs is the amount of memory they can use. Argon2 uses a significant fraction of a GPU's available memory, limiting the number of parallel cracking attempts that a GPU can make, eliminating a big part of the GPU's advantage.
Argon2 is used to protect password authentication in all Ciphr apps.
When a user activates their Ciphr apps, a cryptographic identity is generated for each app and stored on the device. Instead of Ciphr storing encryption keys, users control their own encryption keys. This feature ensures that even Ciphr cannot decrypt user data.
Ciphr's Composite Key Brute-Force Protection protects your data from online and offline brute-force attacks by splitting your "password-based encryption key". This split prevents attackers from guessing passwords against an offline device, as they need to prove possession of the correct password to get the other key component from the server. This protection severely limits the number of guesses per second an attacker can perform and allows the platform to block requests suspected to be part of an attack.
Composite Key Brute-Force Protection is an optional security setting and only available with Ciphr’s paid subscription.
Ciphr does not store any private keys or communication data on the servers outside of "bouncing" it to the intended recipient. Once the message is delivered to the recipient, our servers will automatically purge all data.
Messages, emails, and call data are encrypted on the sender's device before being transmitted. Any data on our servers remains end-to-end encrypted during transit until it is received on the recipient's device. Only then can the message be decrypted by the recipient's private key.
If a user sends a message and the recipient's device is offline, the server will continually try to deliver the message until the recipient's device is back online. If the device does not come back online within fourteen days, the data will be deleted from the server regardless of if the message reaches the recipient's device.
With Ciphr’s paid subscription, there are two ways to backup your Ciphr data. Backup with Ciphr Text:
Backup with Ciphr Vault:
