Skip to content
v1.4.0 · groups · post-quantum · Android

Messages that
belong to no one
but you.

Blink is an end-to-end encrypted messenger. No phone number. No email. Your identity is a key on your device, and the relay can't read a single word.

X3DH + PQXDH (post-quantum)Double Ratchetsealed sender
IC
Ion Blink
online
E2EE
Did you get the new key?
Verified by QR. We're good.
Same time tomorrow?
Encrypted message…

Built on: libsignal · X3DH + PQXDH · Double Ratchet · Kyber/ML-KEM · ChaCha20-Poly1305 · Ed25519

Why Blink

Privacy that survives contact with reality.

End-to-end by default

Every message is sealed with libsignal (X3DH + post-quantum PQXDH) before it leaves your device. Encryption is invisible and mandatory — never a toggle.

A relay that can't read you

Messages travel through a blind relay: it forwards sealed ciphertext and nothing else. With sealed sender, it doesn't even learn who sent them.

No phone, no email

Your identity is a keypair generated on-device — a DID:key. Nothing to leak, subpoena, or sell. You are not a row in a database.

Encrypted local storage

On Android, history lives in SQLite with each message's content encrypted per-message (ChaCha20-Poly1305); full-file SQLCipher is planned. Optional per-chat passwords and read-and-burn timers. On web/desktop it's encrypted local storage, not SQLite.

Open source, checksummed

The full source is public on GitHub under AGPL-3.0, and every release ships with a SHA-256 you can check against the file you downloaded. Reproducible builds — rebuilding the exact APK yourself — are future work, not done yet.

Fast on flaky networks

Out-of-order delivery, skipped-key recovery, auto-resend and store-and-forward keep conversations alive when the network isn't.

Architecture

Four steps from plaintext to sealed.

01

Generate identity

An Ed25519/X25519 keypair is created locally. Your DID:key never touches a server.

02

Agree on keys

X3DH + post-quantum PQXDH derive a shared secret from prekey bundles — asynchronous, no handshake required.

03

Ratchet forward

The Double Ratchet rotates keys per message. Past messages stay safe even if a key leaks.

04

Route through a blind relay

Sealed ciphertext travels over a TLS relay that can't read it; store-and-forward holds it until the recipient is online.

cipher send --to ion
$ blink send --to did:key:z6Mk… "see you at the safehouse"
[ok]  resolved prekey bundle (X3DH + PQXDH)
[ok]  derived shared secret · root key rotated
[ok]  double-ratchet step 47 → message key sealed
[ok]  sealed sender · sent via blind relay (TLS)
[out] 8f3a…ChaCha20-Poly1305…e1c9 (sealed ciphertext)
[ok]  delivered · the relay never saw the plaintext
0
servers that read your messages
0
phone numbers required
PQ
post-quantum key exchange
✓✓
delivery receipts + auto-resend

Take back the inbox.

Free, open source, and built for people who read the source before they trust it.