How Ciphar Works

Ciphar is an end-to-end encrypted chat that runs entirely in your browser. There is no account, no phone number, and no installation. Every channel is a one-time, self-destructing session that expires sixty minutes after it is created. This page walks through what actually happens, step by step, from the moment you click Initialize Secure Channel to the moment the channel disappears.

1. Generating a channel

When you forge a channel, your browser generates two values locally: a human-readable channel name (the URL) and a random access key (the password). The access key never leaves your device unless you choose to share it. Ciphar uses words from a fixed dictionary so the key is easy to read aloud or paste into another encrypted medium.

2. Deriving the encryption key

Your browser combines the access key with a per-channel salt and runs PBKDF2 with 100,000 SHA-256 iterations to derive a 256-bit AES key. PBKDF2 makes it computationally expensive for anyone who steals the ciphertext to brute-force the access key. The derived key lives in browser memory and is never transmitted to the server.

3. Verifying access on join

To prove the channel password is correct without leaking it, the creator encrypts a fixed test blob with the derived key and uploads only the ciphertext. When a new participant types the access key, their browser derives the same key and decrypts the test blob. If decryption succeeds, the user is admitted. If it fails, they never enter the channel and the relay learns nothing about the attempted password.

4. Encrypting every message

Messages, file metadata, replies, and edits are encrypted with AES-256-GCM in your browser before they leave your device. AES-256-GCM is an authenticated cipher: it encrypts the message and produces an authentication tag in a single pass. If a single bit of ciphertext is altered in transit, decryption fails loudly. The relay sees only opaque ciphertext, an initialization vector, and the auth tag.

5. The relay

The Ciphar relay is a dumb pipe. It moves opaque blobs from one browser to another and forgets them on a timer. It holds no key, decrypts nothing, builds no profile, and shares nothing. The diagram below shows everything it touches in the lifetime of a message.

[ YOUR BROWSER ]

derive AES-256-GCM key

PBKDF2 · 100,000 iterations

encrypt message locally

[ CIPHAR RELAY ]

stores opaque blob

ciphertext · iv · tag · salt · expires_at

no key, no plaintext, no logs

[ AUTO-DELETE ]

channel + blobs purged

indistinguishable from never-existed

no archive, no recovery

6. Voice rooms

Voice traffic uses an end-to-end encrypted WebSocket relay keyed off the same channel secret. Audio frames are encrypted in your browser and decrypted only by other authenticated participants. No call recording, no transcripts.

7. Intrusion alerts

The lock screen does its key check entirely in your browser, but the relay does keep score. Each time someone submits a wrong access key, their browser pings /api/security/[channel], which rate-limits the attempting IP (temporary lockout with a retry-after window) and posts a system notice straight into the channel for everyone already inside. The first bad try shows SECURITY_ALERT | ACCESS_ATTEMPT with a timestamp; a second adds MULTIPLE_ATTEMPTS; from the third onward you also see CHANNEL_UNDER_ATTACK and BURN_NOW. The notices carry no IP, no fingerprint, and no identifier — just the fact that a guess happened, so you have time to hit the burn button before an attacker gets lucky.

8. Self-destruct — automatic and manual

Every channel has a hard 60-minute lifetime, enforced server-side. When the timer runs out, the relay deletes the verify blob, the message buffer, the salt, and any voice state. There is no archive, no soft delete, no log of what was said. New participants who try to join afterward see a "Channel not found" message — indistinguishable from a channel that never existed.

You do not have to wait for the timer. Every channel has a BURN CHANNEL button that any participant can press to destroy the channel immediately. There is no confirmation step that delays it, no "undo", and no soft delete — the burn is the same wipe the timer would have done, just earlier. This is the panic button: if a conversation needs to end now, end it now.

9. The one persistent number

Ciphar keeps exactly one piece of long-lived state across all channels: a single integer counting how many channels have ever been created. It is incremented atomically when a channel is forged and shown on the home page ("X channels forged. zero retained."). It holds no per-channel data, no timestamps, no identifiers — just one number. Everything else, including the channels themselves, lives for at most sixty minutes.

What the relay can and cannot see

Data	Can the relay see it?
Channel name (URL)	Yes (it has to route on it)
Access key / password	No
Derived AES-256 key	No
Message contents	No (ciphertext only)
File contents	No (ciphertext only)
Voice audio	No (E2E encrypted frames)
Approximate timing of activity	Yes (unavoidable for any server)

Read more about the limits of zero-knowledge in a web context on the Security page, or jump straight to the FAQ. Ready to try? Forge a channel.

No account. No phone number. Self-destructs in 60 minutes.

Initialize secure channel →