Sovren

1. Key exchange (ECDH P-256)
Each party generates a private/public keypair using elliptic-curve Diffie-Hellman on the NIST P-256 curve. Public keys exchanged in the clear; private halves never leave the device. Both sides independently derive the same 256-bit shared secret from their own private + the other's public. This is the mechanism TLS 1.3 uses to set up every HTTPS connection. Neither party alone could compute the shared key.

2. Layer 1 · word swap using your shared dictionary
The plain message first gets every word swapped using the dictionary that both sides built from the shared secret. This produces output that still reads like English but says something different. Even before the heavy encryption layer wraps it, the message doesn't look encrypted.

3. Layer 2 · AES-GCM-256 (NIST-approved)
The substitution output is then encrypted with AES-256 in GCM mode using the shared secret as the key. AES-GCM provides authenticated encryption — both confidentiality (no one without the key can read) and integrity (any tampering is detected). This is the same algorithm used to encrypt classified US government data at SECRET level (FIPS-validated).

4. Forward-secrecy ratchet
Every encrypt operation generates a fresh 96-bit IV (initialization vector). Future messages cannot be decrypted with past keys; past messages cannot be decrypted with future keys. This is the same property Signal Protocol gives you.

5. Entropy accumulation
As you exchange more messages, the cumulative entropy in the session grows linearly. A 10-message session has accumulated 10 × 96 = 960 bits of fresh IV entropy on top of the 256-bit shared secret — orders of magnitude beyond anything brute-forceable.

6. Self-rotating dictionary
Every key advance — whether from sending a message or from the auto-ratchet on the clock — also re-derives the word-swap dictionary. So even the inner layer (the part that makes the cipher look like ordinary English) changes shape on the same schedule. An attacker who somehow recovered yesterday's dictionary cannot read today's traffic — both layers moved.

Why "dual-sided": the key is derived from BOTH parties' contributions. Standard symmetric encryption uses one shared password — if one side is compromised, the key is compromised. Vault's ECDH means an attacker needs BOTH private keys to derive the session key. Compromising one device doesn't compromise the session.

Vault uses the same encryption building blocks (AES-GCM-256 + elliptic-curve key exchange) that protect:
· classified US government data at the SECRET level (NIST FIPS-validated)
· Signal and WhatsApp end-to-end messaging
· every HTTPS connection your bank and browser use

Anyone listening on the wire — your ISP, your employer's firewall, a coffee-shop wifi snooper, a chat-app server — sees a meaningless blob. They cannot read content, cannot replay messages, cannot decrypt past traffic even if they record everything you ever send.

Honest limit: a future large quantum computer could break the key-exchange step (not yet a real threat). For everything else from now until then, this is as strong as encryption gets in a browser.

The encrypted .gce file is just a regular file. You can send it through:
· Email as an attachment
· Text / iMessage / WhatsApp / Signal as a file attachment
· Google Drive / Dropbox / iCloud as a stored file
· Slack / Teams / Discord as a file upload
· AirDrop or any wifi-direct transfer

Whoever runs the channel sees only the encrypted bytes. Only people with your passphrase can open the file back into its original form.

Any file type · PDFs, images, documents, video, audio, archives, code — the app treats every file as raw bytes. Multiple files at once are supported (drag-drop several or pick several). Recorded voice messages also encrypt and share the same way. Practical size limit ~100 MB per file (browser memory) — beyond that, split into smaller files.

Same AES-GCM-256 used by banks, governments, and Signal. The passphrase passes through PBKDF2 with 100,000 SHA-256 rounds before becoming the encryption key, slowing down anyone trying to brute-force weak passphrases. A 4-word passphrase gives genuinely military-grade file protection.

Each note is encrypted with AES-GCM-256 using a key derived from your passphrase via PBKDF2 (100,000 iterations). The encrypted bytes sit in your browser's localStorage — only your device can read them, and only with the right passphrase. Forgetting the passphrase = losing the notes (we cannot recover them; that's the point).

Lock notes clears the in-memory key but leaves the encrypted notes in storage. Re-unlock with the same passphrase to read them again.

Clear all encrypted notes: use your browser's clear-site-data option. There is no server, no backup, no recovery.

timestamp · action type · channel · recipient (if known) · size · 6-char cipher fingerprint · optional tag.

Never recorded: message body, file contents, keys, passphrases, factors.

1. Your identity · derived from your email so any site can see it without learning anything secret.

2. Your secret recipe · your PIN + email + voice recording + face scan all combine into one secret value. To slow down anyone who steals your device and tries to guess your PIN, the combine step is intentionally slow (600,000 hash rounds · OWASP 2023 recommendation · ~100 ms-1 s for you depending on device · 30-50 hours per million guesses for an attacker).

3. Today's password · identity + secret recipe + current time period → today's password. Pick the format that fits where you're typing it (four words, a digit code, hex, etc.).

4. The clock · you choose how often it rolls. Every minute for high-security situations. Every day for normal use. Never (manual only) if you want it to feel like a real static password but still derived fresh on every unlock.

Bottom line: nothing about your password lives in your head or on paper. The app rebuilds it on demand from things you already have — your PIN, your email, your voice, your face.

iPhone (Safari): tap the Share button → Add to Home Screen → opens fullscreen like a native app.

Android (Chrome): tap the menu (⋮) → Install app → same result.

macOS Safari: File → Add to Dock.

Once installed, works offline · no servers · no tracking · the entire dictionary is baked into this page.

Any time two or more people need to talk privately through a channel they don't control, this works. A few examples — the pattern is always the same:

Families & friends · your group has its own dictionary · texts in WhatsApp / iMessage / SMS read as normal English to outsiders but say something else to you.

Small businesses · price lists, contracts, deal terms exchanged with a partner over ordinary email · only people who hold the company dictionary read the real numbers.

Doctors / lawyers / accountants · client conversations through normal email or text · the dictionary protects content even when the channel is insecure.

Real estate / construction / trades · share bid numbers, supplier prices, schedule changes with subcontractors privately while still using the same group text everyone else does.

Schools, sports teams, community groups · coordination that stays private to the group without standing up new infrastructure.

Anyone tired of memorizing passwords · use Sign-In to derive your password fresh every time from things you already have.

The pattern across every example: two parties + one shared dictionary = private conversation through any public channel. No new app the other side has to install · no servers to maintain · no accounts.

The Messages tab uses dictionary-based word swapping. It's strong against any human reading your chat history (a partner, an employer, a screenshot leak, a careless backup), and against the typical companies that scan messages for advertising. Against a determined attacker with months of your ciphertext and a powerful computer, the word-swap layer alone is breakable through statistical analysis.

The Vault tab stacks the same heavy encryption used by banks, governments, and Signal on top of the dictionary swap. Vault output is unreadable even to nation-state attackers without the shared secret.

Rule of thumb: Messages for everyday privacy through public channels (the 95% case). Vault when the content is genuinely sensitive and one or both parties might be targeted.

Everything. No servers. No accounts. No tracking. The dictionary loads once when you open the page, then nothing leaves. Your keys, your identity, and your messages live only in your browser's local storage, which only you can access. Close the tab — it's still there next time. Clear your browser data — it's gone permanently. Sovren cannot see, receive, or log anything you do.