Lattice
How Lattice works.
Roughly 7 minutes to read. 15 if you follow the links.
Six short sections. No marketing words. Skim the diagrams if you're in a hurry.
1. What Lattice does.
Lattice moves text messages between phones using only the radios already in your phone — Bluetooth and Wi-Fi. There is no Lattice company server in the middle. There is no account to create. There is no phone number to give us. Your identity is a set of keys generated on your phone the first time you open the app, kept only on your phone, and described to other phones by a 12-character ID like ZRV8-F6NE-E6TX.
Most of the time you'll keep using whatever messenger you already use. Lattice sits quietly until the day a normal messenger stops working — a regional internet shutdown, a festival where every tower is overloaded, a disaster, a country where messengers are blocked. The best time to set it up is when you don't need it.
2. How a message gets from you to your mum.
If your mum's phone is right next to yours, your phones talk directly over Bluetooth. If she's a kilometre away, the message hops through other Lattice users between you. Each phone in between only sees a sealed envelope it cannot open.
You ──BT──▶ ? ──Wi-Fi──▶ ? ──BT──▶ Mum │ ▲ └── sealed envelope, only Mum can open ──┘
Each hop is a separate Bluetooth or Wi-Fi connection. The envelope is encrypted so that only the recipient — your mum, in this example — has the key to open it. The strangers in between forward it without knowing the contents or even who it is for.
3. Why nobody else can read it.
Every Lattice message is end-to-end encrypted using a hybrid of two cryptographic primitives: classical Curve25519 (the same one Signal and WhatsApp use) and ML-KEM-768 (post-quantum, standardised by NIST in 2024). Encrypting with both means a future adversary who breaks one of them still can't read your messages.
plain text "hi mum"
│
│ encrypted with: classical key + post-quantum key
▼
┌──────────────────────────┐
│ outer wrapper: who is │ ← stripped at each hop
│ this for? │
├──────────────────────────┤
│ ╔════════════════════╗ │
│ ║ inner ciphertext ║ │ ← only your mum can open
│ ║ "hi mum" ║ │
│ ╚════════════════════╝ │
└──────────────────────────┘
↓
hop, hop, hop
↓
your mum's phone derives the same shared key
(it has both halves, no one else does)
and opens the inner envelope
Even Lattice the project cannot read messages on the wire. Nobody runs a Lattice server because there isn't one. There is no central place to subpoena, no central place that can be compelled to hand over your conversations, no central place that can be hacked.
4. What if you're far apart.
Lattice is honest about range. Three scenarios:
Same building or street: ✓ very fast
──────────────────────────
📱 ─────── 📱
(one direct Bluetooth connection)
Same city, no internet: ✓ works, slower
──────────────────────────
📱 ──── 📱 ──── 📱 ──── 📱 ──── 📱
(chain through other Lattice users
within Bluetooth range of each other)
Different cities, no internet: ✗ doesn't reach
────────────────────────── without help
📱 ────? ──────────────────? ──── 📱
(gap)
Needs LoRa hardware (long-range radio)
OR someone physically carrying the message
OR the cell network coming back
Bluetooth has a real-world range of roughly 30 metres line of sight, sometimes more in open air, less inside buildings. Wi-Fi Aware (the newer phone-to-phone radio) does about 200 metres in good conditions. The mesh works by stringing those short hops together. Across a city with reasonable Lattice density, that's enough. Across a country, it's not — there is no physical phenomenon that lets a small radio reach a thousand kilometres without infrastructure.
5. How you add someone you can't meet in person.
The strongest way to add a contact is to be in the same room and scan a QR code, comparing the eight fingerprint words out loud. That's how you'd add a family member you live with. But for adding someone you can't physically meet — a relative across the country, a friend overseas — Lattice has Lattice Invites.
1. You generate an invite link. Your phone makes a fresh
one-time key pair.
┌─────────────────────────┐
│ lattice://invite/abc... │ The link contains the public
└─────────────────────────┘ key signed by your long-term
identity.
you also see four words: The four words are computed
crow river iron pine from the key, on your phone.
2. Send the link via WhatsApp, The link travels the
SMS, email, anything. normal channel.
3. Call them on the phone. A different channel —
Ask "what four words do you see?" this is the safety check.
4. They open the link. Their phone displays
They see four words. its own four words from
the same key.
5. The words match: continue. A man-in-the-middle would
The words don't: hang up. have to substitute the
whole key, which would
show different words on
their screen.
Four words = roughly 4 billion to 1 against accidental collision. That defeats casual interception comfortably. It does not defeat a state-level adversary who can compromise both your messaging app and your phone call at the same time — for that you have to meet in person and scan the QR. We're honest about this on the verification screen itself.
6. What happens to your messages.
Three things, all on purpose:
┌──────────────────────────────────────────────────────┐ │ 1. Messages live on your phone, and on the phones │ │ of the people you sent them to. Nowhere else. │ │ │ │ Your phone: Their phone: │ │ ┌─────────┐ ┌─────────┐ │ │ │ 📱 │ ────▶ │ 📱 │ │ │ │ msg │ │ msg │ │ │ └─────────┘ └─────────┘ │ │ │ │ 2. Messages have an expiry. Default is 7 days. │ │ They auto-delete from both phones at the │ │ configured time. You can change this per-chat. │ │ │ │ 3. Your identity is a 12-word phrase, generated │ │ once on your phone. You write it on paper and │ │ keep it somewhere safe. │ │ │ │ crow river iron pine │ │ elm sun grain rope │ │ coast hill flame still │ │ │ │ Lose your phone but have the words: you're fine. │ │ Lose your phone and the words: gone forever. │ │ Both stores: encrypted by your biometric + │ │ a PIN you set, so theft of the phone alone │ │ doesn't compromise you. │ └──────────────────────────────────────────────────────┘
This is the same model as a hardware crypto wallet. There is intentionally no recovery path that doesn't go through your seed phrase, because a recovery path is a thing an attacker can attack. The trade-off is real: if you lose both your phone and your phrase, you lose your Lattice identity, and you'll have to onboard a new one and have your contacts re-add you.
7. What Lattice doesn't do.
Five things we want to be plain about:
- It's not for daily chatter. It works fine for that, but the battery cost is higher than WhatsApp because we have to scan for nearby phones. Use it for the messages you actually need.
- It doesn't reach across cities without help. Physics. Without optional LoRa hardware or someone carrying the message, your Lattice users have to be inside the rough range of one another, possibly with hops between.
- It doesn't deliver background notifications reliably on iPhones that have been locked for hours. Apple's platform constraint, not ours. Documented honestly in the FAQ.
- It doesn't make you invisible. Your presence on the mesh is detectable to anyone in radio range — that's the cost of working without a server. The contents of what you send are not.
- It doesn't help if you lose your seed phrase. By design.
Read the full list in What Lattice Doesn't Do.
Going deeper.
- Threat model (WP-01) — what Lattice defends against, what it doesn't.
- The invite protocol (WP-02) — the cryptographic mechanic of Lattice Invites.
- Dormancy design (WP-03) — how Lattice costs you almost nothing in battery between uses.
- Density and crowd behaviour (WP-04) — what happens when 10,000 phones are in the same field.
- What Lattice doesn't do (WP-05) — every limit, plainly stated.