Documentation & FAQ

How does Qubit work?

Qubit is a post-quantum messenger that uses only symmetric cryptography. It does not use asymmetric cryptography (e.g. RSA, ECC, Diffie-Hellman), which would be vulnerable to quantum computer attacks. Messages are encrypted with AES-256-GCM on your device; the server only stores the ciphertext and never has access to it in plain form.

Why is Qubit post-quantum?

Quantum computers (when fully realised) will be able to break widely used asymmetric schemes. Qubit does not use them at all. Key exchange is done in person (offline), and only a shared symmetric key is used for encryption. Symmetric algorithms (e.g. AES-256) are considered resistant to quantum attacks with an appropriate key length.

How does key exchange work?

Two people must meet in person. Each generates a unique “conversation nickname” in the app and shares it with the other. Then both parties agree on a shared key (min. 16 characters, letters, digits, hyphen) and enter it in the app. This key is used to encrypt and decrypt messages. The key is never sent over the network; in the production version only the app on your device stores it.

Why are my data secure?

The server never receives message content in plain form. You only send an encrypted blob (IV + ciphertext + tag) to the server. Decryption happens only on your side in the browser (or in the future in the mobile app) using the key that only you and the recipient know. Even the server administrator cannot read the messages.

Message content limitations

For simplicity and consistency:

Character encoding: All characters used in European languages are supported – letters with diacritics (ą, ł, ó, ö, ü, ä, é, ñ, ç, ß, đ, etc.), digits, and punctuation.
Length: Maximum 1000 characters per message.
No attachments: You cannot send files or images.
No group chats: Communication is only between two people.
No reactions: There are no emoji or message reactions.

FAQ

Can I recover my password?

No. We do not use email addresses or a password reset mechanism. If you lose your password, you lose access to your account. The login nickname is generated at registration – save it in a safe place.

What happens when I close a channel?

Removing the key (closing the channel) means that no one – including you – will be able to decrypt previous messages. The other party will not be able to send you new messages on this channel.

Is this demo fully secure?

In this demo version, symmetric keys are stored in the server database (for testing convenience). In the future mobile version, keys will be stored only locally on the device. Message encryption and decryption still happens on the client side – the server does not see the content.