HopChat

HopChat is a post-quantum encrypted messaging platform built for individuals, enterprises, and governments. It is the only commercial messenger to implement NIST-standardized ML-KEM-1024 (CRYSTALS-Kyber) encryption combined with a zero-knowledge server architecture, meaning neither HopChat nor any third party can read your messages — ever.

No. HopChat requires zero personally identifying information to create an account. Your identity is your cryptographic key pair, generated entirely on your device. No phone number, no email, no name.

The core HopChat application — including PQ-E2EE messaging, voice, group chats, file transfer, Kill Switch, and anonymous onboarding — is free for personal use. Enterprise self-hosting, federated infrastructure, and advanced administrative controls are available under a commercial license.

HopChat is available on iOS, Android, Windows, macOS, and Linux. A progressive web app (PWA) is also available for browser-based access. All platforms share the same cryptographic protocol and provide identical security guarantees.

Most encryption today — including the RSA and ECC algorithms used by WhatsApp, iMessage, and Signal — can be broken by a sufficiently powerful quantum computer using Shor's algorithm. "Post-quantum encryption" refers to cryptographic algorithms that remain secure even against quantum computers. HopChat uses ML-KEM-1024 (NIST FIPS 203), which provides 256-bit equivalent security against both classical and quantum adversaries.

Shor's algorithm is a quantum algorithm that can efficiently factor large integers and compute discrete logarithms — which breaks RSA, Diffie-Hellman, and elliptic curve cryptography. Shor-resistant means HopChat's encryption is based on mathematical problems (module lattices) that Shor's algorithm cannot solve, even at scale.

No. HopChat operates a zero-knowledge server. Your messages are encrypted on your device before they leave it. Our infrastructure routes encrypted blobs with no ability to decrypt, inspect, or log content. Even if our servers were seized, there is nothing readable to extract.

Perfect Forward Secrecy means that even if an attacker captures your encrypted messages today and later obtains your long-term private key, they still cannot decrypt past messages. HopChat generates a fresh ephemeral key for every message via the Double Ratchet protocol, ensuring past conversations remain sealed regardless of future key compromises.

Yes. The HopChat client, cryptographic protocol library, and relay server code are fully open source and available for independent audit. We make no security claims that cannot be independently verified. Periodic third-party cryptographic audits are published on our transparency page.

The Kill Switch is an emergency data-destruction command. When activated, it immediately and irreversibly wipes all local HopChat data — messages, keys, contacts, and session state — from your device. It can be triggered manually or configured to activate automatically on failed authentication attempts. This feature is designed for high-risk environments where device seizure is a concern.

Yes. All file attachments — documents, photos, audio, video — are encrypted with the same ML-KEM-1024 + Double Ratchet pipeline as text messages before upload. Files are chunked, encrypted client-side, and reassembled on the recipient's device. HopChat's servers store only encrypted chunks and have no access to content or filenames.

Yes. HopChat uses a Sender Keys group encryption scheme, where each group member holds individual sender keys. Messages are encrypted once per sender and decryptable only by verified group members. New members cannot read historical messages (forward secrecy applies to groups as well).

HopChat supports both initiating and accepting screen share sessions during voice and video calls. All screen share data is transmitted over an encrypted WebRTC channel using the same post-quantum session keys established during the call handshake. You can also request screen sharing from the other party, which requires their explicit acceptance.

Yes. Disappearing message timers can be set per-conversation from 30 seconds to 4 weeks. When a message expires, it is cryptographically deleted from both sender and recipient devices. Because messages are never stored server-side, there is no server-side copy to subpoena or recover.

Signal is the gold standard of classical secure messaging and uses the excellent PQXDH protocol for initial key agreement. However, Signal still requires a phone number, stores some metadata, and does not apply post-quantum ratcheting to every message. HopChat applies full PQC at every ratchet step, requires zero identifying information, and operates with a structurally zero-knowledge server.

Apple's PQ3 protocol is a significant improvement, achieving what Apple terms "Level 3" post-quantum security. However, iMessage requires an Apple ID, ties messages to iCloud (which creates plaintext backup risks unless manually disabled), runs on closed-source infrastructure, and is not self-hostable. HopChat is open-source, self-hostable, anonymous, and applies PQ cryptography at full ratchet depth.

Yes. HopChat's relay and identity infrastructure can be fully self-hosted on-premises or in a private cloud. This gives organizations complete data sovereignty — messages never leave their own infrastructure. The cryptographic security guarantees remain identical to the cloud-hosted version.