Encrypted messaging on Algorand

Your keys,
your words.

Raven is end-to-end encrypted, self-custodial messaging on Algorand. No servers, no phone number, no sign-up. Your Algorand key is your account, every message is encrypted on your device, and only ciphertext ever touches the chain.

Join the beta on Discord → How it works ↓ The AlgoChat protocol →

$ raven send --to ALICE…K7Q "ship it"

  encrypting  X25519 + ChaCha20-Poly1305
  envelope    algochat/v1 (ciphertext)
  tx          0-amount, note = ciphertext
  network     Algorand MainNet

  ✓ settled    2.7s  tx PXR4…9ZQ

  → only ALICE's key can read the note

Raven running as a web app: Alice on a light theme and Bob on a dark theme exchange an end-to-end encrypted conversation that settles on Algorand.

The Contacts screen: save a peer by label and 58-character Algorand address, or scan their address QR. Labeled 'verify before you trust'. — Add a contact by Algorand address or QR. Verify before you trust.

The desktop chat: a thread header marked 'End-to-end encrypted' and 'On Algorand', with a 'Who can reach you' filter set to contacts or anyone. — Every thread is labeled end-to-end encrypted and on Algorand. You choose who can reach you.

0: servers; your client talks straight to Algorand
~2.8s: to settle; typical Algorand finality
0: sign-ups; no phone number, no password, no email
25 words: your whole account; a self-custodial keypair you can recover

Status
v0.2.0-beta.3, a closed beta. Raven runs as an Angular web app and as iOS and Android shells via Capacitor. Onboarding is one tap, but no message reaches the chain before you have seen and confirmed your 25-word recovery phrase. It is your key, and only you hold it.

Why it exists

Messaging you actually own.

Most chat apps put a company between you and the people you talk to: a server that holds your account, a phone number that names you, a database that keeps your messages. Raven removes the middle. Your identity is an Algorand keypair you create and hold, the encryption happens on your device, and the ledger carries the rest. There is nothing for us to read, because there is no us in the path.

No account to grant

No sign-up, no phone number, no email. You generate a key, and you can message. Lose the app, recover from the phrase.

No server to trust

Your client talks directly to Algorand's algod and indexer. There is no Raven backend to breach, subpoena, or shut down.

No crypto of our own

Every envelope comes from AlgoChat, an audited, cross-language wire format. Raven writes zero cryptography itself.

Honest about constraints

What's protected, and what's public.

End-to-end encryption hides what you say. A public ledger cannot hide that you said something. Raven never promises what the blockchain can't deliver, so here is the line, plainly.

Protected

Message contents. Encrypted on your device; only the recipient's key decrypts them.
Attachments. Encrypted before they are pinned off-chain, so providers store ciphertext.
Who can read a thread. Decryption is keyed to the participants, no one else.

Public, by design

That a message was sent. A transaction on the ledger is public by design.
Sender and recipient addresses, the timing, and the rough size of each message.
Group membership shape, since each member receives their own envelope.

What works today

A real messenger, not a demo.

No roadmap, no promises. Just what is built and runs in the beta.

End-to-end encrypted

One-to-one messages are wrapped on your device with X25519 and ChaCha20-Poly1305 before they ever leave. The chain only sees ciphertext.

Group chats

Fixed-member groups fan out an envelope per recipient, then collapse back into a single outgoing bubble for the sender. Same encryption, more people.

Self-custodial identity

Create or recover a 25-word Algorand keypair. No registration, no usernames, no passwords. Your address is your account.

Names and avatars

NFD names and NFT avatars (ARC-19 reserve CIDs) with holder verification, so a contact reads as a person, not a 58-character address.

Encrypted attachments

Image bytes are encrypted on device, then pinned off-chain through reviewed HTTPS providers. The plaintext never leaves your device.

Multipart text

Each transaction carries one Algorand note (about 1 KB), so a long message auto-splits across several and reassembles on the receiving side. The practical cap is around 9.8 KB of ASCII per message.

PSK ratchet (opt-in)

Per contact, add a hybrid ECDH plus pre-shared-key mode for defense in depth. Exchange the PSK out of band over a QR code.

Locked at rest

Local storage is encrypted with a 600k-iteration PBKDF2 key, behind an optional passphrase or biometric lock. The recovery phrase reveal hides itself on a countdown.

Verify your contact

Confirm you are talking to the right key with a QR exchange and an emoji-plus-word safety number, then mark the contact verified.

How it works

How a message travels.

A message in Raven is an Algorand transaction. Four steps, no backend in any of them.

Encrypt on device

Raven wraps your text in an AlgoChat envelope (X25519 + ChaCha20-Poly1305). Plaintext never leaves your device.
Post to Algorand

The ciphertext rides in the note field of a 0-amount transaction. No Raven server sits in the middle of it.
Settle in seconds

Algorand reaches finality in about 2.8 seconds. The thread updates the moment the block confirms.
Decrypt on arrival

Your contact's client reads the note from the indexer and decrypts it with their key. Only they can.

The spine

Built on AlgoChat.

Raven implements no cryptography of its own. Every envelope it sends comes from @corvidlabs/ts-algochat, one of six implementations of the same wire format (Swift, Rust, TypeScript, Python, Kotlin, Go), all checked against one conformance harness. The protocol is the trust boundary; Raven is the app on top of it.

# One envelope, one wire format, many languages
  envelope    algochat/v1
  suite       X25519 + ChaCha20-Poly1305
  ratchet     optional ECDH + PSK (opt-in)
  carrier     Algorand transaction note

  → the same spec the other clients speak

Where it ships

Frontend: Angular 22 (standalone, signals, zoneless)
Mobile: iOS + Android via Capacitor
Chain: Algorand (LocalNet / TestNet / MainNet)
Crypto: @corvidlabs/ts-algochat (X25519 + ChaCha20-Poly1305)
Identity: Self-custodial Algorand keypair, 25-word recovery
Status: v0.2.0-beta.3, closed beta

Messaging you hold the keys to.

Raven is in closed beta (v0.2.0-beta.3). The flock gathers on Discord, where beta access and the day-to-day of building it both live.

Join on Discord The AlgoChat protocol → Browse the catalogue →

Your keys, your words.