One giant leap for messaging

Our security model is utterly game-changing. Olvid is the first and only messaging system whose security no longer relies on any trusted third party, either operators or their servers.

Olvid servers get hacked? Not an issue! No one will ever be able to read your messages, including the servers relaying them. It is forever impossible. Nor can any users identities ever be revealed. Olvid is the only system that also encrypts metadata, thus guaranteeing the anonymity of interlocutors. Finally, Olvid guarantees the authentication of users, contrary to all messaging servers that replace trusted third parties...

vpn_key

Cryptographic guarantees

Security ensured solely by cryptographic measures (as opposed to login/password simple access control).

fingerprint

Strong authentication

Users identity guaranteed without the need for a trusted third party

dns

No trust in servers

Persistent security even in case of a compromised server

watch_later

Forward Secrecy

Messages history stays confidential and protected even in case of key compromise. The messages remain inaccessible because each message and file exchanged is encrypted with a single-use ephemeral key.

devices_other

Multi-channel solution

For Android smartphones and iOS. Eventually for desktop, with sync, without any master device.

security

Anonymity

Inability of the operator to know "who is talking to whom". No third party could ever identify the participants, not even the server. No trace of any metadata.

Download the technical documentation

What about post-quantum cryptography?

We’ve got you covered!

Resistance of cryptographic algorithms to quantum computers has been a recurring question for the last few years. The symmetric cryptography used inside Olvid today is already resistant to this kind of machines, but this is not the case for the public-key primitives. The reason being that, as of today, no "Post-Quantum" standard exist.

For this reason, the NIST (National Institute of Standards and Technology) has initiated a worldwide competition (NIST - Post-Quantum Cryptography) to select one or more quantum-resistant public-key primitives. The winners should be announced before the end of 2020. The architecture of the cryptographic engine inside Olvid has been designed from the start to easily accommodate these new algorithms once they are ready. Thanks to this, we will be among the first to implement these new post-quantum standards inside a commercial product.

Security challenges

Authentication & encryption of data and metadata

No current e-communication tool can guarantee these 3 components simultaneously.

Encrypted email guarantees user authentication but the security level of exchanges is not satisfactory. Instant messaging apps offer various encryption qualities but cannot guarantee user authentication. Finally, both email and current instant messaging leave traces on the servers…

Olvid solves these three issues in one single app.

how_to_reg

Authentication

Guarantee the use of the right key to ensure that you reach the right person

lock

Data Encryption

Use this key properly, with state-of-the-art mechanisms, to ensure that no third party can ever see your exchanges

volume_off

Metadata encryption

Protect all the information with this key in order to preserve the anonymity of exchanges

What are the others doing?

Encrypted e-mails

check_circle

Focus on authentication

block

No forward secrecy

block

Plain text unencrypted metadata in the header

Email can never provide an acceptable security level

“Secure” Messaging (consumer grade and professional)

check_circle

Focus on end-to-end encryption

block

Mandatory access to personal data to operate

block

Faillible authentication based on a central server, one or more trusted third parties

Don’t take our word for it

We do everything we can and we will do the best possible ever to ensure that Olvid stays indeed the most secure messaging app in the world. That’s why we submit our work to the critical scrutiny of outstanding professionals with complementary skills. Judge by yourself.

Scientific validation

To create Olvid, our cryptologists designed custom cryptographic protocols and adapted theoretical protocols to real-world constraints. The fruit of this work is the subject of a formal validation by Michel Abdalla, CNRS Senior Researcher and ENS Adjunct Professor, President of the Board of IACR (International Association for Cryptologic Research). The first paper is available on the IACR ePrint.

Certification

Olvid is the very first instant messenger providing a Certification of Security (CSPN) from ANSSI. The security scope as well as the certification report are available on the list of certified products.

By desire of transparency, we decided to publish the full Technical Evaluation Report written by an amazing team from Synacktiv. Beware, it's indeed "technical" (and in French). You have been warned 🤓.

Practical Validation

A public Bug Bounty program is now running via the Yes We Hack platform. This means that we have officially allowed hunters (attack experts) to attack our iOS and Android implementations of Olvid. If a flaw is found, we will fix it and pay the winning hunter. Olvid is thus safer, the hunter is happy, life is good 🌈.