bluebells / sealed-state
PRIVATE BETA · INVITED ACCESS
(BETA) INVITED ACCESS BUILD --------

PROVE you were invited.

Bluebells is in closed beta. If someone gave you an access key, paste it below. The key is verified server-side and never stored on this device in cleartext.

ACCESS KEY
Your key is checked over TLS against the relay's allowlist. Each tester gets a unique, revocable code.
UNIQUE PER TESTER Each beta key is unique. Revoking one key doesn't affect anyone else.
SERVER-VERIFIED Your key is checked by the relay over TLS. We don't ship a hash list to your browser.
EXPIRES The access token expires after 7 days. You'll re-enter the key after that.
bluebells · 2026 · PRIVATE BETA · NO ACCOUNTS · NO TRACKING ● RELAY OK
BLUEBELLS / SEALED-STATE PROTOCOL / 01 ● SCROLL · POST-QUANTUM · 2026
MIT LICENSE / OPEN PROTOCOL / VERIFIABLE BUILD ● LAT --:--:--
BLUEBELLS
● LIVE · BUILD -------- · RELAY OK · ROOMS MINTED ON THIS DEVICE 0
PREMISE HOW STACK SPEC OPEN A ROOM →
PREMISE → HOW → STACK → SPEC →
OPEN A ROOM → AUDIT RELAYS ↗
(NEW) ENCRYPTED MESSENGER + BURNER EMAIL · 2026 OPEN PROTOCOL · v1.0

CONVERSATIONS no one CAN KEEP.

● BLUEBELLS · SEALED-STATE · POST-QUANTUM · ML-KEM-768 · XCHACHA20 · BLAKE3 · a8f3·e2c1·d4b5·9f07·e2c1·d4b5·a8f3·e2c1·d4b5·9f07·e2c1·

Conversations sealed inside their own URL. Talk with people, or hand out burner email addresses that route real mail into the same library. Both encrypted on your device. Both burnable in one tap. Both invisible to us. One protocol. Two inputs.

OPEN A ROOM → MINT A BURNER ADDRESS → SEE PROOF ↗
● THIS URL · IS THE CONVERSATION
v01 · BLAKE3 · XChaCha20-Poly1305 · X25519+ML-KEM-768
https://bluebells.com/r/#01.a8f3e2c1d4b59f07e2c1d4b5.07.bGFzdF9tZXNzYWdlPS4uLgXChaCha20Nm9OcG9seTEzMDV0YWcML-KEM-7680aGlzaXNlbmNyeXB0ZWQgBLAKE3cGF5bG9hZHJpbWVtYmVyaW5n
VERSION BYTE ROOM ID FLAGS SEALED PAYLOAD
The URL holds the ciphertext. Your device holds the key. Nothing else exists. FIG. 01 · CAPSULE ENCODING
01 THE PREMISE WHY THIS EXISTS

EVERY
MESSENGER
HAS A middle.
WE DON'T.

THE OLD MODEL

Every messenger before this required a company in the middle. The company held your conversation in a form they could read. Even with the best intentions, that data lives in someone else's machine, subject to whatever happens to them. The promise of privacy was always inside someone else's hands.

THE NEW MODEL

Bluebells has no middle. The capsule lives in the URL. The keys live on your devices. We hold nothing. If something goes wrong on our end, the worst we could lose is a domain. Your conversations would still exist on your devices, encrypted, unchanged.

THE GUARANTEE

Open protocol. You can run the relay yourself. You can audit the live transparency log right now. The cryptographic primitives are public and standard. If you trust the math, you don't need to trust us.

02 HOW IT WORKS FOUR STEPS · NO SIGNUP
01
OPEN

A FRESH ROOM, IN A CLICK

Your browser mints a hybrid keypair (X25519 + ML‑KEM‑768) and a fresh room ID. No account, no email, no install. The room exists the moment you make it.

02
INVITE OR MINT

PEOPLE BY SEED, EMAIL BY ADDRESS

Invite a person with a one-use seed (works once, expires in 15 minutes). Or mint a bb-…@inbox.bluebells.com address and hand it to a vendor. Either way, mail flows into the same library.

03
TALK

SEALED ON YOUR DEVICE

Every message, whether from a person or an inbound email, is XChaCha20‑Poly1305 encrypted under a key only your devices hold. The relay sees opaque bytes. We can't read it. Nobody can.

04
BURN

ONE TAP, GONE FOREVER

Roll a room key, or burn the room outright and the conversation becomes literally unreadable. Burn an email address and the id is tombstoned globally. Nobody can re-issue it. Not even you.

03 THE DIFFERENCE EVERY OTHER MESSENGER · vs · BLUEBELLS

THE OLD WAY

EVERY OTHER
MESSENGER.
YOU
→
APP
→
SERVER
→
APP
→
THEM
  • ✕A company holds your conversation in plaintext or recoverable form.
  • ✕Metadata leaks: who, when, how often, from where.
  • ✕Any incident at the provider, whether a breach or a request, exposes the archive.
  • ✕You need an account, a number, or both.

THE NEW WAY

BLUEBELLS.
YOU
→
URL
→
THEM
→
SERVER
  • ●The conversation is sealed ciphertext inside the URL.
  • ●The keys never leave your devices.
  • ●Our relay sees opaque bytes for sixty seconds, then forgets.
  • ●No account, no number, no install. Just a URL.
04 IN ACTION WHAT IT LOOKS LIKE IN YOUR BROWSER
● ROOM · LIVE · 3 MEMBERS https://bluebells.com/r/#01.a8f3e2c1d4b59f07e2c1d4b5.07.bGFzdF9tZXNz... SEALED · v01
Bob · 14:02 · 9f07·e2c1
Did the seed work for you?
d4b5·a8f3 · 14:02 · You
Yeah, in the room now. Fingerprint matches what you sent over signal.
Carol · 14:03 · e2c1·d4b5
Sending the brief. Drop it in chat.
d4b5·a8f3 · 14:03 · You
📎 brief.pdf · 2.4MB · ● LIVE
Bob · 14:04 · 9f07·e2c1
Got it. Burn this room after?
MEMBERS · 3 ACTIVE
YOUd4b5·a8f3
BOB9f07·e2c1
CAROLe2c1·d4b5
ROOM KEY · EPOCH 07
ROTATES IN 21:47:03
SHARDS 02
ATTACHMENTS ● 1 LIVE
MODE FORWARD-SECURE
ACTIONS
INVITE
ROTATE KEY
BURN ROOM
0
SERVERS STORING DATA
The relay holds opaque bytes for 60 seconds, then forgets. No database. No archive. No backup. Nothing to hand over to anyone.
0
ACCOUNTS REQUIRED
No email, no phone number, no password, no profile. Nothing to leak. Nothing to ban.
05 TWO INPUTS · ONE INBOX PEOPLE · OR · EMAIL

TWO WAYS IN.
one sealed library.

A Bluebells room accepts messages from other people and real email from the outside world. Same protocol. Same envelope. Same one tap to burn. The world's most boring inbox, until you realize nothing inside it has ever touched our servers in the clear.

FROM A PERSON
invited via a one-use seed
YOUR SEALED LIBRARY
on this device
  • "hey ready for tomorrow?" · Jane
  • "Your code is 382441" · Amazon ✓
  • "sending the file now"
  • "Welcome to Substack ✓"
FROM EMAIL
bb-...@inbox.bluebells.com
ONE-SHOT

Verification codes

Mint a fresh address, paste it where it asks for an email, wait for the code, address self-burns after the first delivery.

WINDOWED

Free trials

Active for the window you set. After that the gateway refuses every further message. No "delete account" call required.

PERSISTENT

Newsletters & vendors

Stays open until you burn it. When you do, the bytes free your quota and the address is retired globally.

Every inbound email passes SPF · DKIM · DMARC; the verdict is signed into the envelope by the gateway. A lookalike sender shows up with a ⚠ Unverified tag. No clever rendering will hide that. Read the spec.

06 THE LEDGER EVERYTHING ELSE IS A FACT
256bit
Symmetric keys
XChaCha20-Poly1305 across every byte of content.
192bit
Extended nonces
Zero reuse risk at any traffic volume.
768
ML-KEM module
Post-quantum KEM hybridized with X25519.
15min
Invite seed lifetime
Single-use. Auto-expires. No exceptions.
24hr
Default key rotation
Configurable from 1 hour up to 7 days.
∞
History capacity
Recursive content-addressed shard tree.
07 THE ANTI-FEATURES THINGS WE DELIBERATELY CAN'T DO
01 WE CAN READ YOUR MESSAGES. End-to-end · device-only keys
02 WE CAN IDENTIFY YOU. No accounts · no identifiers
03 WE CAN SEE WHO YOU TALK TO. Rotating rendezvous IDs
04 WE CAN RETAIN YOUR DATA. 60-second TTL · no logs
05 WE CAN HAND OVER YOUR CONVERSATIONS. When asked, we can share only the small amount we keep
06 WE CAN ADD A BACKDOOR. Open spec · run your own relay
08 THE STACK CRYPTOGRAPHIC PRIMITIVES

Bluebells is built on an open protocol. Every primitive below has been chosen for one reason: to remain unbreakable both today and after quantum computers arrive.

SYMMETRIC AEAD
XCHACHA20
POLY1305

256-bit keys, 192-bit nonces. The extended nonce eliminates reuse risk at any volume of traffic. RFC 8439.

CONSTANT-TIME · AUDITED
HASH · CONTENT ADDRESS
BLAKE3
256

Every operation, shard, and attachment is content-addressed. Identical payloads collapse to identical hashes. Deduplication for free.

> 500 MB/s · PARALLEL
KEY EXCHANGE
X25519
+ ML‑KEM‑768

Hybrid construction. Both classical and post-quantum secrets must hold. Defends against harvest-now-decrypt-later.

FIPS 203
SIGNATURES
Ed25519
+ ML‑DSA‑65

Every operation, every authority action, signed twice. Verification requires both. SLH-DSA layered for long-term integrity.

FIPS 204 · HYBRID
KEY DERIVATION
HKDF
· BLAKE3

Per-shard and per-attachment keys derived on demand from the room key plus the content hash. Nothing stored that doesn't need to be.

RFC 5869
PASSPHRASE
ARGON2id

256 MB memory, 4 iterations. Local device key wrapped under your passphrase. Deliberately expensive to brute-force.

RFC 9106 · MEMORY-HARD
POST-COMPROMISE SECURITY
DRAND
BEACON

Every key rotation mixes in a fresh round of drand public randomness via HKDF-BLAKE3. An attacker who compromised an old room key cannot predict the next one, even passively.

LEAGUE OF ENTROPY
VERIFIABLE LOG
MERKLE
TRANSPARENCY

Every accept is a 32-byte leaf in an append-only Merkle tree. The relay's Signed Tree Head commits to every event it ever processed. Two STHs at the same size with different roots is proof of equivocation.

RFC 6962 · ED25519
ZERO-RELAY MODE
WEBRTC
DATACHANNEL

Two devices in the same room can swap a short URL and open a direct DTLS-encrypted peer connection. Once the channel is up, messages and attachments stop touching the relay entirely.

SDP STASH · 5 MIN TTL
09 THE OBVIOUS QUESTIONS FAQ · FROM SKEPTICS

Doesn't the URL leak everything?

The URL holds only ciphertext, a version byte, and an opaque room ID. Decryption requires the room key, which never leaves your devices. A URL screenshot reveals nothing. A URL in browser history reveals nothing.

What if I close my browser?

Your local library, encrypted under your device root key, keeps the conversation. Reopen the URL, or open the room from your library. Pair another device by QR code and the conversation follows you there.

What can your relay actually see?

Opaque bytes addressed to rotating rendezvous IDs, for up to 60 seconds, with no auth and no logs. You can run your own. You can run several at once. The protocol is designed assuming you don't trust ours.

10 OPEN A ROOM NO SIGNUP · NO DOWNLOAD · ONE CLICK

DISAPPEAR into MATH.

● OPEN · SEAL · ENCRYPT · SEND · BURN · BLUEBELLS · POST-QUANTUM · ZERO-TRACE · no servers · no accounts · no trace · no servers · no accounts · no trace ·

One click and your browser mints a fresh hybrid keypair, derives a room ID, and prints a URL. Send it to anyone, on any channel, and the conversation begins. Nobody else, including us, has any way to read it. Ever.

OPEN A ROOM → VERIFY THE BUILD ↗
BLUEBELLS

Built openly. Released under MIT. If the math is right, you don't need to trust us.

● SEALED-STATE · v1.0 · 2026

PROTOCOL

Specification Threat Model Audit the Relay

POLICY

Privacy & Compliance Transparency Log

NETWORK

Relay Status Run a Relay
BLUEBELLS · 2026 · MIT · NO COOKIES · NO TRACKERS · NO TELEMETRY BUILD -------- · ● RELAY OK · — ROOMS MINTED LAT --:--:-- UTC