Secure, ephemeral messaging for high-security, low-frequency communication.
ASH is a messaging application that uses One-Time Pad (OTP) encryption to provide information-theoretic security. It is designed for situations where confidentiality matters and trust in infrastructure is limited.
ASH prioritizes:
- Correctness over convenience
- Human-verifiable security
- Minimal trust in infrastructure
- Deliberate user actions
ASH is not designed for everyday chat.
- Ceremony: Two devices establish a shared One-Time Pad through an offline, QR-based transfer
- Verification: Users confirm matching mnemonic checksums
- Messaging: Messages are encrypted with OTP and relayed through an untrusted backend
- Burn: Either party can irreversibly destroy the conversation
┌────────────┐
│ Users │
└─────┬──────┘
│
┌─────▼──────┐
│ iOS App │ (SwiftUI)
└─────┬──────┘
│ FFI boundary
┌─────▼──────┐
│ core │ (Shared Rust Core)
└─────┬──────┘
│
┌─────▼──────┐
│ Backend │ (Rust Relay)
└────────────┘
- core: Rust library containing all cryptographic logic
- apps/ios: SwiftUI iOS application
- backend: Untrusted relay that never sees plaintext
Note: Android support is planned for future versions.
ASH provides:
- Message confidentiality against network and backend observers
- Information-theoretic security via One-Time Pad
- Pad non-reuse enforcement by design
- Human-verifiable ceremony correctness
ASH does not provide:
- Anonymity at the network level
- Protection against device compromise
- Protection against malicious participants
- Forensic-level secure deletion
See docs/threat-model.md for the complete threat model.
See SECURITY.md for vulnerability reporting.
See LICENSE for details.
