ML-KEM-768 ML-DSA-65 AES-256-GCM PQ Double Ratchet

Private calls, hardened against the quantum future

SpeakEasy uses ML-KEM-768 and PQ Double Ratchet to protect your conversations from today's threats—and tomorrow's.

Join the Waitlist Try Web App

Currently in development · macOS, Windows, Linux, iOS, Android, Web · Free to start

The Threat

Your encrypted calls are being recorded today

Harvest Now, Decrypt Later (HNDL)

Governments and corporations are recording your encrypted calls today to decrypt them when quantum computers arrive. This is known as "harvest now, decrypt later." Your conversations from today could be exposed in 10–15 years.

Classical encryption schemes like ECDH and RSA are vulnerable to Shor's algorithm, which runs efficiently on a sufficiently powerful quantum computer. Intercept the ciphertext today, store it, and break it later. The threat is not future-tense—the collection is happening now.

10–15 years

Estimated timeline for cryptographically relevant quantum computers

HNDL

Active collection programs targeting encrypted communications

Today

When your calls need to be protected—not when QC arrives

The Solution

Post-quantum encryption, end to end

SpeakEasy builds quantum resistance into the key exchange itself— not as a patch, but as the foundation.

01

ML-KEM-768 Key Encapsulation

Replaces classical ECDH key exchange. Based on the hardness of Module Learning With Errors (MLWE), which resists both classical and quantum attacks. Standardized as FIPS 203.

02

PQ Double Ratchet

Provides forward secrecy and break-in recovery for the entire session. Even if a session key is compromised, past and future messages remain protected. Each message advances the ratchet.

03

AES-256-GCM Payload Encryption

Every call frame and message payload is encrypted with AES-256-GCM. Provides authenticated encryption—the recipient can verify data has not been tampered with in transit.

Hybrid Construction

ML-KEM-768 is composed with X25519 in a hybrid KEM. The session key is derived from both shared secrets via HKDF-SHA-256. If either primitive is broken, the construction remains secure. This gives you classical security today and quantum resistance for the future.

Features

Built for security from the ground up

Every feature is designed around one principle: your communications belong to you.

End-to-End Encrypted Calls

Every call is encrypted end-to-end with AES-256-GCM. The server relays packets but cannot read them. Audio and video never leave your device in plaintext.

Post-Quantum Direct Messages

Messages use PQ Double Ratchet — combining ML-KEM-768 KEM steps with a symmetric ratchet. Forward secrecy and break-in recovery in every conversation.

Post-Quantum Key Exchange

ML-KEM-768 key encapsulation protects against quantum harvest. Your session keys are secure today and in 15 years when cryptographically relevant quantum computers may exist.

Cross-Platform

Native apps for macOS (Apple Silicon and Intel), Windows, Linux, iOS, and Android. A web app for when you cannot install software. One account, all your devices.

Isolated Servers

Run your own SpeakEasy server with a custom domain, or use ours. The server operates as a blind relay — it routes encrypted packets without being able to read them.

Open Cryptography

The cryptographic library is open source and auditable. You do not have to trust our claims — you can verify the implementation. Third-party audits are published in full.

Usage Modes

Two modes, one codebase

Choose the security posture that matches your threat model. Switch at any time.

Standard

For everyday use

  • Clean, minimal UI focused on getting on a call
  • Automatic post-quantum encryption — no configuration required
  • Keys are managed transparently in the background
  • Suitable for personal and professional use
  • Trust-on-first-use (TOFU) key management
  • Full PQ Double Ratchet on all messages and calls

Hardened

For high-risk users

  • Manual safety number verification before any call
  • Strict key pinning — warns loudly on any key change
  • No metadata leakage — contact list never leaves device
  • Explicit confirmation required for new devices
  • Strict TOFU — first contact is locked and pinned
  • Sealed sender — recipient cannot determine your network identity from packet metadata
  • Audit log — all key events, verifications, and warnings are recorded locally
  • Designed for journalists, activists, and high-value targets
Pricing

Simple, transparent pricing

Post-quantum encryption on every plan. Upgrade when you need calls, groups, or your own server.

Free

$0 forever

Private 1-on-1 messaging. No credit card required.

  • 1-on-1 DMs only
  • PQ Double Ratchet encryption
  • No age verification required

Higher SNDL logging depth on Free.

Get started

Premium

$5–8 /month

Full platform access. Age-verified via Stripe.

  • Everything in Free
  • WebRTC audio and video calls
  • Groups and channels
  • Standard SNDL logging (metadata only)

$0.50 one-time age verification.

Get Premium

Community

Boost-funded

Community-run servers, collectively funded by members.

  • Community-hosted server
  • Member boost contributions
  • Cost split across contributors

Pre-auth billing. 15-day grace period.

Learn more

Self-Hosted

License perpetual or monthly

Run relay servers on your own infrastructure.

  • Full relay server binary
  • No auth or registration required
  • Operator-configured retention

Phone-home license validation required.

View licensing

Enterprise customers: see Barrelhouse — per-seat plan with org-level license keys and MDM support. Full comparison →

Coming soon

Built for every platform

Native apps for all major platforms are in development. The web app is available now.

macOS
Apple Silicon + Intel
Windows
x64
Linux
AppImage, deb, rpm
iOS
App Store
Android
Play Store
Web App
No install needed
Join the waitlist
Trust

Security you can verify

We believe the right response to "trust us" is "don't — verify."

Open Source Cryptography

The cryptographic library is publicly available on GitHub. Read the code, run the tests, fork it. We do not ask you to trust claims you cannot verify.

No Data Mining

We do not analyse your call metadata, message patterns, or contact relationships. Connection logs are deleted after 30 days. No advertising. No data sales.

Blind Relay Server

The server cannot see who you are talking to or what you are saying. It routes encrypted packets identified only by opaque session tokens.

NIST Standards (FIPS 203, FIPS 205)

We use algorithms standardized by NIST after years of public cryptanalysis. No experimental schemes, no proprietary algorithms.

Read the security documentation

Full breakdown of the crypto stack, threat model, and what the server can and cannot see.

Security overview