Twitter: @jperla


The NSA and other intelligence services dragnet monitor all communications on well-known platforms and can use zero-day vulnerabilities to hack devices. One can assume that any individual messaging app and platform is hacked. However, to hack them all simultaneously is difficult, expensive, or impossible even for intelligence agencies. We propose a design for an easy-to-use system that would allow private messaging to be secret even to the NSA unless it were to cooperate with an enemy state.



The solution has no passwords, encryption keys, and no complicated key management. There is no trust of any complicated public key algorithm, key lengths, or code.


Assume we have access to one encrypted app and platform that high level actors in a nation state expect to be mostly secure from an enemy nation state, as well as one other encrypted app on another platform in this enemy state that high level actors use insofar as it is mostly secure from its enemy.

Trust no messaging channel equally.

For example, in the US let us use Signal on an iPhone which is domestic to the US and the NSA may have access in some way but China does not. US business leaders operate business on this and the US government has an interest in keeping this secure (Jeff Bezos uses Whatsapp). China is a rival nation, and we can use WeChat on an Huawei device, domestic to it. Business leaders and government leaders in China perform business on WeChat and they have an interest in keeping that data secure from the NSA.


We have a 3rd offline device with no network access, we will call the Magic Wand. One writes the message they would like to send on it, which then uses strong entropy to generate a one-time pad which is the only encryption with perfect secrecy. This generates the ciphertext and a one-time pad, both perfectly random, and we call these 2 bit streams horcruxes (XORcruxes?). We will send the ciphertext through Signal and the one-time pad through WeChat. (From a usability standpoint, this can easily be transferred securely from the 3rd offline device using photos or QR codes).

The recipient can use their Magic Wand (3rd offline device) to reconstruct the message from the ciphertext received on Signal and the one-time pad received on WeChat.

NSA (and anybody else snooping) gets no information about the content of the message from the encrypted ciphertext. China (and anybody else snooping) gets no information about the contents of the message from the one-time pad. This encryption is perfect secrecy and can never be broken no matter what advances happen in speed of computers or in quantum computing. The encryption can be broken in the future if the rival states become allies, or otherwise become willing to share data with each other.

Central Service

There is no central service to manage or which is a point of weak security. There is no cost to managing a central service because there is none. This cannot be taken down by governments, it is a simple XOR. There is equal distrust in all communication channels.

More Horcruxes, More Security

The probability, cost, and expense of cracking this encryption can be increased linearly because it is trivial to add more encrypted chat apps from more rival nation states, such as Russia. There is no limit to the number of messaging apps, email services, and endpoints this message can be split into. An adversary would need to collect every horcrux of a message in order to defeat the encryption, which could get politically complicated. Each service which is not trivially compromised would add a layer of friction.