One giant leap for messaging
Our security model is utterly game-changing. Olvid is the first and only messaging system whose security no longer relies on any trusted third party, either operators or their servers.
Olvid servers get hacked? Not an issue! No one will ever be able to read your messages, including the servers relaying them. It is forever impossible. Nor can any users identities ever be revealed. Olvid is the only system that also encrypts metadata, thus guaranteeing the anonymity of interlocutors. Finally, Olvid guarantees the authentication of users, contrary to all messaging servers that replace trusted third parties...
Cryptographic guarantees
Security ensured solely by cryptographic measures (as opposed to login/password simple access control).
Strong authentication
Users identity guaranteed without the need for a trusted third party
No trust in servers
Persistent security even in case of a compromised server
Forward Secrecy
Messages history stays confidential and protected even in case of key compromise. The messages remain inaccessible because each message and file exchanged is encrypted with a single-use ephemeral key.
Multi-channel solution
For Android smartphones and iOS. Eventually for desktop, with sync, without any master device.
Anonymity
Inability of the operator to know "who is talking to whom". No third party could ever identify the participants, not even the server. No trace of any metadata.
What about post-quantum cryptography?
We’ve got you covered!
Resistance of cryptographic algorithms to quantum computers has been a recurring question for the last few years. The symmetric cryptography used inside Olvid today is already resistant to this kind of machines, but this is not the case for the public-key primitives. The reason being that, as of today, no "Post-Quantum" standard exist.
For this reason, the NIST (National Institute of Standards and Technology) has initiated a worldwide competition (NIST - Post-Quantum Cryptography) to select one or more quantum-resistant public-key primitives. The winners should be announced before the end of 2020. The architecture of the cryptographic engine inside Olvid has been designed from the start to easily accommodate these new algorithms once they are ready. Thanks to this, we will be among the first to implement these new post-quantum standards inside a commercial product.
Security challenges
Authentication & encryption of data and metadata
No current e-communication tool can guarantee these 3 components simultaneously.
Encrypted email guarantees user authentication but the security level of exchanges is not satisfactory. Instant messaging apps offer various encryption qualities but cannot guarantee user authentication. Finally, both email and current instant messaging leave traces on the servers…
Olvid solves these three issues in one single app.
Authentication
Guarantee the use of the right key to ensure that you reach the right person
Data Encryption
Use this key properly, with state-of-the-art mechanisms, to ensure that no third party can ever see your exchanges
Metadata encryption
Protect all the information with this key in order to preserve the anonymity of exchanges
What are the others doing?
Encrypted e-mails
Focus on authentication
No forward secrecy
Plain text unencrypted metadata in the header
Email can never provide an acceptable security level
“Secure” Messaging (consumer grade and professional)
Focus on end-to-end encryption
Mandatory access to personal data to operate
Faillible authentication based on a central server, one or more trusted third parties
Don’t take our word for it
We do everything we can and we will do the best possible ever to ensure that Olvid stays indeed the most secure messaging app in the world. That’s why we submit our work to the critical scrutiny of outstanding professionals with complementary skills. Judge by yourself.
Scientific validation
To create Olvid, our cryptologists designed custom cryptographic protocols and adapted theoretical protocols to real-world constraints. The fruit of this work is the subject of a formal validation by Michel Abdalla, CNRS Senior Researcher and ENS Adjunct Professor, President of the Board of IACR (International Association for Cryptologic Research). The first paper is available on the IACR ePrint.
Certification
Olvid is the very first instant messenger providing a Certification of Security (CSPN) from ANSSI. The security scope as well as the certification report are available on the list of certified products.
By desire of transparency, we decided to publish the full Technical Evaluation Report written by an amazing team from Synacktiv. Beware, it's indeed "technical" (and in French). You have been warned 🤓.
Practical Validation
A public Bug Bounty program is now running via the Yes We Hack platform. This means that we have officially allowed hunters (attack experts) to attack our iOS and Android implementations of Olvid. If a flaw is found, we will fix it and pay the winning hunter. Olvid is thus safer, the hunter is happy, life is good 🌈.