IVY
Sovereign. Private. Yours.
Sovereign post-quantum infrastructure. Zero metadata. Isolated routing. Absolute control.
Get Ivy
What is Ivy
Communications infrastructure built for the end of trust.
Ivy is a sovereign, post-quantum communications platform. Every message, call, and file transfer routes exclusively through Tor V3 Hidden Services. Your IP address never touches the open internet.
Identity is local. A 24-word seed phrase generates your Ed25519, X25519, and ML-KEM-768 keypairs deterministically. There is no server account, no phone number, no email. You own your cryptography.
The server is a zero-knowledge relay. It stores opaque ciphertexts in volatile RAM. It cannot read your messages, identify your contacts, or build a social graph. If seized, it yields cryptographic noise.
Encryption
ML-KEM-768 + X25519 Hybrid PQXDH
Signatures
Ed25519 on every payload
Ratchet
Double Ratchet / XChaCha20-Poly1305
Network
Tor V3 Hidden Services (Arti)
Database
SQLCipher AES-256 + Android Keystore
Server State
Volatile RAM only. Zero disk persistence.
Why Ivy
Because "end-to-end encrypted" is not enough.
Standard cloud communications and mainstream messengers encrypt your messages. None of them encrypt who you talk to, when you talk, how often, or from where. That metadata is the product. Ivy eliminates it.
No metadata
Tor hides your IP. The server sees opaque ciphertexts addressed to SHA-256 hashes. It cannot link senders to receivers or build a social graph.
No identity provider
No phone number. No email. No Google account. Your identity is a keypair derived from a seed phrase. You are your cryptography.
No trust required
The server runs in RAM with ProtectHome, MemoryDenyWriteExecute, and zero disk persistence. A seized server yields nothing. The code is open.
No quantum deadline
ML-KEM-768 (FIPS 203) protects against "store now, decrypt later" attacks. Messages you send today remain secure even if quantum computers arrive in 2035.
| Security Architecture |
Standard Enterprise
(Teams / Slack) |
Secure Enterprise
(AWS Wickr) |
Consumer Crypto
(Signal) |
Ivy Sovereign |
| Infrastructure Sovereignty |
Managed Cloud
(Microsoft / AWS) |
Managed Cloud (AWS) |
Third-Party Cloud (AWS) |
100% Client-Owned
(On-Prem / VPS) |
| Payload Encryption |
Transport Only (TLS) |
Standard E2EE |
PQXDH E2EE |
ML-KEM-768 Hybrid E2EE |
| Network Routing |
Public Clearnet |
Public Clearnet |
Public Clearnet |
Tor V3 ClientAuth
(Zero Inbound Ports) |
| Identity Provider |
Corporate Active Directory |
Corporate Active Directory |
Telecom (Phone Number) |
Zero-Trust Keypair
(No 3rd Party) |
| Social Graph Exposure |
Fully Visible to Provider |
Fully Visible to Provider |
Partially Blinded |
Mathematically Blinded
(Zero Knowledge) |
| Traffic Analysis Immunity |
None |
None |
Low |
Absolute
(Tor Routing + Blind RSA) |
Post-Quantum Secrecy
(SNDL Defense) |
None |
None |
None |
ML-KEM-768 (FIPS 203) |
| Device Forensic Resistance |
Easily Extractable |
Extractable Database |
Standard App Deletion |
5-Phase Cryptographic
RAM Wiping |
Who is it for
Geopolitical Risk Firms
Protect global intelligence and client data with infrastructure that cannot be subpoenaed or breached by third parties.
Executive Suites & Boardrooms
Ensure zero-knowledge, out-of-band communication for M&A discussions, incident response, and high-stakes corporate strategy.
Journalists
Protect sources. No phone number means no subpoena target. Tor hides the communication pattern itself.
Activists
Organize without surveillance. The server cannot identify participants, even under state-level coercion.
Security researchers
Communicate findings without exposing your identity or your informants to targeted retaliation.
Privacy advocates
Practice what you preach. Ivy is the standard you've been asking for — no compromises, no exceptions.
At-risk individuals
Domestic abuse survivors, whistleblowers, dissidents. When metadata can get you killed, Ivy removes it.
Anyone who values sovereignty
You shouldn't need a reason to want privacy. Ivy exists for people who believe communication is a human right.
Set Your Expectations
Ivy is not commercial SaaS. By design.
Routing every byte through the Tor network gives you privacy that no mainstream messenger can match. But physics has trade-offs. Here's what to expect.
Messages take 2-4 seconds
Your message travels through 3 Tor relay hops before reaching the server, then 3 more to reach your contact. Standard cloud platforms use centralized servers — faster, but the provider sees everything. Ivy's 2-4 second delivery is the cost of mathematical invisibility.
No read receipts, no "last seen"
These features are metadata. "Last seen 2:34 AM" tells a surveillance system exactly when you use your phone. Ivy strips all presence indicators. You send. They receive. That's it.
Calls connect in ~5 seconds
Voice call signaling (SDP/ICE) routes through Tor before the WebRTC RELAY connection is established. The first ring takes a few seconds longer than a regular phone call. Audio quality is clear once connected — 48kHz with echo cancellation.
No cloud backup
Your messages live on your device, encrypted with keys that never leave your phone. There is no Google Drive or iCloud backup. If you lose your device without your 24-word seed phrase, your messages are gone forever. That's the point.
First launch takes ~10 seconds
Ivy bootstraps a full Tor circuit on startup — connecting to guard nodes, building encrypted tunnels. Subsequent connections are faster (circuits are cached). Commercial apps open instantly because they trust your ISP. Ivy doesn't trust anyone.
No group chats (yet)
Ivy is 1-on-1 only in V1. Secure group messaging requires Sender Keys or MLS — both are complex to implement correctly over Tor without leaking group membership metadata. It's on the roadmap, not rushed.
Every trade-off exists because Ivy chose your privacy over your convenience. If that's not your priority, WhatsApp is free.
Built Different
The engineering choices that set Ivy apart.
Rust-Powered Cryptographic Core
Signal uses Java. Telegram uses C++. WhatsApp uses Erlang on the server and whatever Meta decides this quarter. Ivy's entire cryptographic engine — key derivation, Double Ratchet, ML-KEM-768, Ed25519, Shamir splitting, Argon2id — is written in Rust and compiled to native ARM via UniFFI.
Why this matters: Rust guarantees memory safety without a garbage collector. No buffer overflows, no use-after-free, no null pointer dereferences — the entire class of vulnerabilities that has produced every major messenger exploit in the last decade is eliminated at compile time. Private keys are deterministically zeroed on scope exit. The JVM never touches raw cryptographic material.
Sovereign App Updates
Ivy doesn't use Google Play. Updates are downloaded over Tor in encrypted chunks, each chunk SHA-256 verified before touching the disk. The assembled APK is verified against a hardcoded Ed25519 public key before the OS is allowed to install it.
If someone compromises the update server and replaces the APK with malware, the signature check fails and the file is instantly deleted. Your device mathematically rejects anything we didn't personally sign.
5-Phase Amnesia Protocol
Hold one button for 3 seconds and Ivy executes a cascading cryptographic erasure: kills all background services, wipes every media file and Tor cache, purges all app preferences, then deletes the Android Keystore master key — making the SQLCipher database permanent ciphertext. The app reboots to a blank onboarding screen.
The key deletion happens last. If the file wipe is interrupted by a power loss, the database remains mathematically unreadable. No forensic tool can recover what was inside.
Adversarial Mathematics
Two attack surfaces. Both mathematically neutralized.
I. Client-Side Forensic Resistance
Standard secure messengers leave "ghost data" in local SQLite databases, Write-Ahead Logs, and OS keyboard dictionaries — highly vulnerable to hardware extraction tools (Cellebrite, GrayKey) via AFU (After First Unlock) exploits. Ivy mathematically neutralizes local forensics.
Hardware-Backed Key Enclaves
AES-256 database keys never touch the JVM heap. They are bound to the device's Secure Enclave (StrongBox) behind biometric or PIN attestation. On every backgrounding event, the keys are actively zeroized from RAM — the database becomes permanent ciphertext until the user returns.
Aggressive WAL Truncation
Ivy executes PRAGMA wal_checkpoint(TRUNCATE) the instant the app leaves the foreground. The unencrypted Write-Ahead Log sidecar is flushed into the main encrypted DB and physically shrunk to zero bytes — eliminating the primary forensic surface for in-flight message recovery.
Cryptographic Memory Wiping
Standard apps simply mark deleted rows as "free pages." Ivy enforces PRAGMA secure_delete=ON and cipher_memory_security=ON, actively overwriting deleted payload fragments with zeros in both volatile RAM and the physical flash cells. "Deleted" means mathematically unrecoverable.
OS-Level Blinding
Ivy operates in a state of OS-hostility. The keyboard input type is cryptographically flagged to disable personal-dictionary learning and cloud sync. WindowManager.FLAG_SECURE blocks background screen caching and screenshots. Decrypted payloads never transit the system notification daemon.
II. Server-Side Sovereign Isolation
A compromised server should yield nothing but cryptographic noise. The Ivy backend operates inside a diskless, capability-zero, network-strangled void.
Amnesic Infrastructure
The server runs entirely in tmpfs (volatile RAM) with swap physically disabled and core dumps piped to /bin/false. The daemon literally cannot see the physical disk. A power loss event is not a data loss event — it is a flawless cryptographic wipe.
eBPF Network Straitjacket
In the event of a theoretical RCE, the attacker cannot exfiltrate a single byte. A kernel-level IPAddressDeny=any filter drops every packet not destined for 127.0.0.0/8. The compromised process is trapped inside the local Tor proxy — it literally cannot reach the public internet.
Capability-Zero Sandboxing
The daemon runs with an empty CapabilityBoundingSet — zero root powers, below an unprivileged user. Syscalls are amputated to @system-service only. /proc is hidden via ProtectProc=invisible, preventing the attacker from even mapping the host environment.
Cryptographic Time Defense
The Ivy process is locked out of the system clock via ProtectClock=yes. Even if a nation-state raids the datacenter and attempts to backdate the server to replay expired post-quantum payloads or Tor directory certificates, the kernel refuses the manipulation. Cryptography is locked to physical reality.
Features
Every layer. Hardened.
[TOR]
Tor V3 Hidden Services
All traffic routes through Tor. Your IP, location, and communication patterns are invisible to adversaries and the server itself.
[PQ]
Post-Quantum Encryption
ML-KEM-768 (FIPS 203) hybridized with X25519. Defeats "store now, decrypt later" quantum attacks on every message and call.
[SIG]
Ed25519 Signatures
Every payload is signed. Cryptographic proof of sender authenticity and tamper detection on every message.
[CALL]
Encrypted Voice Calls
WebRTC with RELAY-only ICE, Tor-signaled SDP, and FrameCryptor AES-GCM with post-quantum frame keys. No IP leaks.
[FCM]
Ghost Ring Push
Data-only FCM tickles wake your device without Google seeing content or metadata. Firebase dashboard is intentionally empty.
[IPFS]
Swarm File Transfer
Large files encrypted locally with AES-256-GCM, uploaded to IPFS via ephemeral Pinata JWTs. Only the CID routes through Tor.
[RSA]
Blind RSA Privacy Pass
RFC 9474 blind signatures for anonymous bandwidth tickets. The server mathematically cannot link your identity to your messages.
[QR]
Safety Numbers
SHA-512 over all three key types (Ed25519 + X25519 + ML-KEM-768). In-person QR verification defeats MITM attacks.
[DEL]
Scorched Earth Self-Destruct
5-phase amnesia protocol. Kills background services, wipes media vault, purges metadata, bricks the database, and reboots to onboarding.
Enterprise Sovereignty
Private infrastructure for high-threat environments.
Ivy is designed differently. We provide zero-trust, mathematically blinded communication architectures for geopolitical risk firms, defense contractors, and multinational executives.
Choose your level of physical sovereignty.
Option 1
Enterprise Licensing
Managed isolation. Zero hardware overhead.
We deploy a dedicated, mathematically hardened Ivy backend infrastructure on a dedicated server isolated exclusively for your organization.
Tor ClientAuth Gating
Your network is cryptographically locked. Only devices possessing your organization's specific Ed25519 authorization keys can see your server on the Tor network. To the rest of the world, your infrastructure does not exist.
White-Label Compilation
We recompile the Ivy Android and iOS clients with your corporate branding and hardcode your private .onion routing keys directly into the binaries for seamless client onboarding.
Subpoena-Proof Architecture
The server operates strictly in volatile RAM with a zero-knowledge Mailbox. There are no permanent databases to seize, subpoena, or leak. A power cycle yields cryptographic noise.
Option 2
The Sovereign Hardware Node
Absolute physical control. The hardware never leaves the building.
For enterprises that cannot trust external data centers, we ship the Ivy infrastructure as a physical, turnkey 1U rack-mounted network appliance. You plug it into your server room. We handle the cryptography.
The Black Box
A pre-configured, hardened Linux appliance running entirely in volatile memory. Swap is physically disabled. Hardware-level memory encryption (Intel TME) and a secure loopback vault ensure nothing persists.
The Private DHT
Your Kademlia User Directory and Mailbox queues live exclusively on this physical machine. Traffic routes through Tor and loops directly back into your facility, completely bypassing corporate firewalls without a single open inbound port.
The Ultimate Kill Switch
If your facility is compromised, pull the power plug. The RAM dies, the AES-256-GCM decryption keys are vaporized, and your corporate communications cease to exist mathematically.
Roadmap
What's next.
V1.1
Post-Quantum Secure Video Calling
End-to-end encrypted video with ML-KEM-768 frame key negotiation. Same Tor-signaled, RELAY-only architecture as voice calls, extended to the camera stream.
V1.2
PAKE Contact Exchange
Add contacts by speaking a short passphrase over a phone call. Zero-knowledge password-authenticated key exchange — the server learns nothing about the passphrase or the identities being exchanged.
V1.3
Anti-Censorship Transport
Pluggable transports (obfs4, Snowflake, meek) for regions where Tor is actively blocked. Ivy will automatically detect censorship and switch transport without user intervention.
V2.0
Federated Relays
Anyone can run an Ivy relay node. Decentralized message routing eliminates the single-server dependency while preserving zero-knowledge properties.
Supply Chain Integrity
Zero-trust client distribution. Open cryptographic core.
To mitigate supply-chain vulnerabilities, Ivy bypasses commercial app stores entirely. Enterprise clients receive deterministic APKs signed with hardcoded Ed25519 keys, verifiable against our Reproducible Build logs. The cryptographic core (ML-KEM-768, X25519, Double Ratchet, Ed25519, Blind-RSA, Arti/Tor V3) is published as an independent AGPLv3 Rust crate — auditable by any CISO, red team, or security researcher.
Enterprise-ready for MDM deployment. Requires Android 10+. Operates entirely independent of Google Play Services.
Verify the APK is using the open-source core:
# 1. Extract the native library from the published APK
unzip -p ivy-v1.0.0.apk lib/arm64-v8a/libivy_crypto_core.so | sha256sum
# 2. Compare against the deterministic CI build attestation for the same tag
# (published at github.com/ebh2024ebh/ivy-crypto-core/releases)
cat ATTESTATION.txt | grep SHA256
# The two hashes MUST match. If they don't, the binary was tampered with.
PGP: F19F 34E8 E9F1 3F6D F418 1F38 0F1C 6872 0016 85D0 — security@ivy.security