Raven is designed to protect messages, identities, and nearby peer discovery across every path a message can take — Bluetooth mesh between nearby devices, the bridge that hands traffic between mesh and internet, and online server-routed delivery. The same ATSAM protocol covers all three.
Traditional messengers rely on cloud servers to route messages and mediate identity. Raven is different. It is designed to keep trusted users connected even when the internet is unavailable, using nearby devices as part of an offline mesh. This requires more than ordinary end-to-end encryption. Raven must also protect how devices discover each other, confirm nearby peers, and route messages without exposing stable identities.
ATSAM is not a single encryption algorithm. It is a layered security stack designed for Raven's online and offline architecture. Each layer has a precise job: pairing trusted devices, discovering nearby peers privately, confirming that a peer is live, routing messages through the mesh, and protecting highly sensitive content through optional Vault Mode.
Hybrid classical and post-quantum key establishment for the shared root secret.
Find paired friends nearby without broadcasting names, numbers, or stable IDs.
Fresh challenge proves a candidate friend is really there, not a replay.
Mesh relays forward encrypted envelopes without learning the recipient.
Optional one-time-pad protection for the most sensitive text messages.
ATSAM enters the network in Raven version 1.7. The first three layers roll out inside the app, with the remaining layers following in subsequent releases.
Read the public overview of ATSAM, Raven's layered protocol for private discovery, encrypted mesh routing, and optional Vault Mode.
The honest way to discuss security is to enumerate the attackers we defend against and explain how. A short, public version below. A more detailed list is in the public overview PDF.
A stranger nearby may see Bluetooth or Wi-Fi traffic. Raven is designed so discovery beacons do not expose names, phone numbers, or stable public identities.
An attacker may record an old beacon and replay it somewhere else. Raven uses live confirmation to prevent old discovery messages from being treated as verified presence.
Whether the forwarder is a Bluetooth mesh peer, a bridge node handing traffic to the internet, or the online server itself, Raven's routing is designed so forwarders see only an opaque envelope and a rotating tag — never plaintext content or stable recipient identifiers.
Cryptographic marketing tends to overclaim. We avoid that. Each ATSAM layer makes a specific claim with specific conditions, and the product interface mirrors those claims precisely. When a property is not provided, we say so plainly.
We welcome reports from security researchers. We aim to acknowledge within seven days and coordinate a disclosure timeline that prioritises user safety over PR. Researchers acting in good faith have safe-harbour protection under our policy.
Scope, out-of-scope items, and a list of issues already acknowledged in our threat model are in the linked policy. Please coordinate before any public disclosure.
No. No honest security system should claim that. Raven uses layered cryptography and states its limits clearly.
ATSAM is Raven's layered security protocol. It combines post-quantum hybrid pairing, private peer discovery, live device verification, encrypted mesh routing, and optional Vault Mode. The ATSAM page covers each layer in more depth.
Raven is designed to support offline communication through nearby-device mesh routing when internet connectivity is unavailable.
Vault Mode is optional and intended for high-sensitivity text or structured messages. Large media files use standard encrypted transport.
ATSAM reduces identity and routing metadata exposure, but it does not fully hide timing, radio traffic volume, or global traffic patterns.