Skip to content

The protocol

Encrypted messaging,
on or off chain.

A cross-language, end-to-end encrypted messaging protocol. One wire format, six implementations, conformance-tested against shared vectors. Your Algorand address is your messaging identity. Use the browser demo, or message on Algorand directly: it encrypts, it decrypts, it works.

Read the protocol spec → Try the demo ↗ Spec repo ↗

The positioning

Encrypted, transport-neutral, conformant.

AlgoChat is a protocol, not an app. It defines exactly how a message is sealed, what bytes go on the wire, and how any two implementations agree on the result.

End-to-end encrypted

Only the sender and recipient hold the keys. ChaCha20-Poly1305 authenticated encryption, X25519 key agreement, per-message ephemeral keys for forward secrecy.

Transport-neutral

Originally Algorand transaction notes: encrypted, immutable, on-chain. The same envelope rides just as well over a WebSocket or any other transport. The protocol does not care about the wire underneath it.

Cross-language conformant

Six language implementations, one shared spec, one set of canonical test vectors. Conformance is mechanical: same seed in, same bytes out, in every language.

The crypto, in one line

# key agreement · authenticated encryption · derivation
X25519 ECDH (RFC 7748) + ChaCha20-Poly1305 (RFC 8439) + HKDF-SHA256 (RFC 5869)

# optional defense-in-depth
protocol 0x02 = X25519 || ratcheting pre-shared key // breaks only if BOTH break

How it works

X25519 + ChaCha20-Poly1305

The same primitives as Signal, WireGuard, and TLS 1.3. X25519 ECDH for key agreement, ChaCha20-Poly1305 AEAD for the body, HKDF-SHA256 for derivation. No exotic crypto.

Forward secrecy by default

Every message carries a fresh ephemeral key pair. Compromise a long-term key tomorrow and yesterday's messages stay sealed: the ephemeral private keys are never stored.

Bidirectional decryption

An encrypted sender-key rides in the envelope, so the sender can re-decrypt their own sent messages on any authorized device. Chat history without storing plaintext locally.

Ratcheting PSK mode

Protocol 0x02 mixes the X25519 secret with a ratcheted pre-shared key. An attacker must break both to read a message: defense-in-depth against future quantum attacks on the key exchange.

Cross-language by design

Six implementations, one wire format, all checked against shared test vectors. Encrypt in Swift, decrypt in Rust. Identical bytes, byte-for-byte.

Algorand identity = AlgoChat identity

The same 32-byte seed derives both your Algorand address (Ed25519) and your AlgoChat keypair (X25519). One identity, two cryptographic surfaces, no separate signup.

Wire format

Every AlgoChat message is a fixed-header envelope. The standard mode header is 126 bytes; PSK mode adds a 4-byte ratchet counter. Everything outside the AEAD is metadata the receiver needs to decrypt; the body itself never leaves the ciphertext. Full byte-level breakdown in the protocol spec.

// Standard envelope, protocol 0x01 (126-byte header)
version(1) · protocol(1) · sender_pubkey(32) · ephemeral_pubkey(32)
  · nonce(12) · encrypted_sender_key(48) · ciphertext(variable)

// PSK envelope, protocol 0x02 adds the ratchet counter (130-byte header)
version(1) · protocol(1) · ratchet_counter(4) · sender_pubkey(32) ·

// max plaintext: 882 bytes (standard) / 878 bytes (PSK), fits one Algorand note

Pick your language

All in the catalogue →

Same protocol, every language: each one conforms to the spec and the shared test vectors. The implementations live in the projects catalogue; these are the canonical repos.

Swift

Production

swift-algochat

iOS / macOS clients

conformant

TypeScript

Active

ts-algochat

browser + Node bridges

conformant

Rust

Active

rs-algochat

the reference Rust impl

conformant

Python

Active

py-algochat

AI agents + scripting

conformant

Kotlin

Active

kt-algochat

Android + KMP

conformant

Go

Active

go-algochat

agents + services

conformant

All six implementations currently pass the shared test vectors. Conformance is enforced by the cross-implementation harness in test-algochat: every implementation encrypts the same vectors and must produce identical bytes.

Use it

AlgoChat is a standalone protocol, not a product you adopt wholesale. Pick an implementation, exchange keys, and send. It encrypts, it decrypts, and every implementation agrees on the bytes.

Try the demo

Open the browser client and send yourself an encrypted message. Client-side only, no backend. Demo ↗

Pick a language

Six implementations, one wire format. Encrypt in Swift, decrypt in Rust, byte for byte. Implementations →

Message on Algorand

Each envelope fits in one transaction note: encrypted, immutable, on-chain. Your Algorand address is your identity.

Read the spec, or try it live

The protocol docs cover the full wire format, the implementation guide, the security threat model, and canonical test vectors. Or open the browser demo and send yourself an encrypted message.

Protocol docs Try the demo ↗ All repos ↗