Comparison
Signal vs SimpleX Chat
Signal: The gold-standard E2EE messenger: open-source, independently studied, post-quantum, and run by a nonprofit that has proven in court it holds almost no data — but it still ties your account to a phone number and runs on central servers. · SimpleX Chat: The first messaging network with no user identifiers of any kind — not even random numbers — using disposable message queues instead of accounts.
Bottom line: If you want a proven, polished, mainstream-grade secure messenger and you're comfortable using a phone number to register, Signal is the safe default — it's the most heavily scrutinized E2EE messenger in existence, run by a nonprofit with a clear track record of holding almost no data, and it's already shipping post-quantum protection. If your priority is metadata and identity minimization — no phone number, no account, nothing for a server to hand over — SimpleX Chat is the stronger choice, at the cost of being a younger and less battle-tested ecosystem.
Signal and SimpleX Chat both encrypt every message end-to-end by default and both have moved their cryptography toward post-quantum security, so the real contrast isn't whether your messages are encrypted — it's what the network knows about you and how you're identified. Signal is the widely studied, nonprofit-run reference implementation of modern E2EE: it uses the Signal Protocol (X3DH + Double Ratchet), has extended it with PQXDH and the post-quantum Triple Ratchet (SPQR), and has demonstrated in court that it holds almost no data about its users. But it is centralized and ties every account to a phone number — usernames added in 2024 let you hide that number from contacts, but registration still requires one, and all traffic flows through Signal's own servers.
SimpleX Chat takes the opposite design stance on identity and metadata. It is built so there are no user identifiers of any kind — no phone number, no username, not even a random account ID. Instead of accounts, it uses temporary, disposable message queues on relay servers, so the network has no profile to seize or correlate. Its encryption pairs the Double Ratchet (with header encryption) over NaCl with a post-quantum key exchange (Streamlined NTRU Prime / sntrup761), and its protocol design was reviewed by Trail of Bits. The trade-off is maturity and reach: SimpleX is younger and smaller, its architecture is decentralized/self-hostable rather than a single trusted operator, and that flexibility puts more of the metadata-protection burden on which relays you use.
The facts, side by side
| Signal | SimpleX Chat | |
|---|---|---|
| End-to-end encrypted by default | Yes | Yes All messages and files are end-to-end encrypted by default using the double ratchet with NaCl cryptobox. There is no non-E2EE mode. |
| Encryption protocol | Signal Protocol: X3DH + Double Ratchet with AES-256-GCM, now extended by PQXDH (handshake) and the Triple Ratchet / SPQR (post-quantum ratchet) Signal's classic stack is X3DH key agreement + the Double Ratchet, with AES-256 in CBC/HMAC historically and AES-256-GCM AEAD. In 2023 Signal added PQXDH (X25519 + CRYSTALS-Kyber/ML-KEM-768) to the initial handshake, and on Oct 2, 2025 shipped the Sparse Post-Quantum Ratchet (SPQR), combining the Double Ratchet with an ML-KEM-768 ratchet into a hybrid 'Triple Ratchet.' | Double Ratchet (with header encryption) over NaCl cryptobox; post-quantum augmented with Streamlined NTRU Prime (sntrup761) SimpleX deliberately chose Streamlined NTRU Prime (sntrup761) over NIST's ML-KEM, citing the absence of patent claims and the same algorithm being used in SSH. It augments — rather than replaces — the classical Curve448-based double ratchet, so a break of one component does not break the other. |
| Post-quantum key exchange | Yes Post-quantum protection is hybrid (classical + ML-KEM-768) and is being rolled out automatically; older clients downgrade gracefully when a peer lacks SPQR support, so coverage is universal at the handshake (PQXDH) and progressively universal for the ongoing ratchet (SPQR). | Yes Quantum-resistant key exchange became the default for all direct (1:1) chats in v5.7 (April 2024) and is negotiated on every ratchet step. Note: as of 2025-2026 PQ resistance applies to direct chats only — large groups are not PQ-protected, which is a meaningful scope difference from RVNT's per-session hybrid PQ. |
| Requires a phone number | Yes A working phone number that can receive an SMS/call is still mandatory to create an account. Usernames (added 2024) only let others reach you without seeing your number; they do not replace the number for registration. | No SimpleX uniquely requires no phone number, email, username, or any account at all — its core differentiator. You are reachable only via links/QR codes you choose to share. |
| Requires an email address | No | No |
| How you’re identified | Phone number is required to register; an optional username lets you be contacted without sharing the number | No user identifiers at all — not even random numbers. Connections use pairwise, per-queue addresses exchanged via one-time invitation links or QR codes; optional reusable contact address. SimpleX markets itself as 'the first messaging network operating without user identifiers of any kind.' There is no global address that can be used to look you up; contact is impossible unless you hand someone a link. |
| Architecture | centralized | federated Classified as federated, not pure peer-to-peer: messages route through redundant, disposable relay servers (SMP relays for messages, XFTP relays for files) that hold messages only transiently until delivered and store no user records. Anyone can run their own relays. This differs from RVNT's libp2p peer-to-peer transport, though both avoid a central content server. |
| Metadata protection | Sealed sender hides the sender from Signal's servers; private contact discovery and encrypted profiles/groups minimize what the server can see, but a central server still routes all traffic Sealed sender gives one-way sender anonymity from the server, and private contact discovery plus SGX-backed features reduce server knowledge. Government subpoenas (2016, 2021) confirmed Signal could only produce account-creation and last-connection timestamps. However, a central server still sees connection metadata such as IP and timing, which is why it is 'centralized' rather than a metadata-minimal P2P design. | Strong by design: no user IDs, unidirectional (simplex) message queues with separate pairwise identifiers per contact, double per-queue identifiers to decorrelate send/receive, no contact graph stored on any server. Optional private message routing and per-contact transport isolation (separate TCP connection / Tor circuit). |
| Routes over Tor by default | No Signal does NOT route over Tor by default. It offers censorship circumvention (domain fronting / proxy support) when blocked, and users can manually run it through Tor/Orbot, but normal traffic goes to Signal's servers directly. | No Tor is supported and recommended for IP-address protection but is NOT on by default — users must install Orbot/configure a SOCKS proxy. SimpleX's own 'private message routing' (default since v6.0) hides your IP from the destination relay without Tor, but does not anonymize you from your entry relay the way Tor does. |
| Open-source client | Yes | Yes |
| Independently audited | Partial Marked partial: the Signal Protocol has strong academic formal-analysis pedigree (e.g., Cohn-Gordon et al., IEEE EuroS&P 2017) and PQXDH received formal verification, but these are protocol/cryptography analyses rather than recurring full-stack commercial penetration audits of every client. Signal is exceptionally well-scrutinized for a messenger; 'partial' reflects that it is not a single, recent, end-to-end commercial audit of all apps. | Partial Marked partial: Trail of Bits performed a cryptography/protocol design review in 2022 and again in July 2024 (7 findings: 3 medium, 1 low, 3 informational — none critical). A broader implementation-level security assessment of the apps and key handling was scheduled for 2025-2026 but, as of this writing, the deep code/implementation audit has historically been the gap. This is still far more audit history than RVNT, which is unaudited. |
| Jurisdiction / who can be subpoenaed | United States (Signal Foundation / Signal Messenger LLC, 501(c)(3) nonprofit, California) | SimpleX Chat Ltd, registered in the United Kingdom (England and Wales); operators of the preset relays differ, and users can self-host SimpleX Chat Ltd is a UK company (Companies House no. 13691484); its privacy policy is governed by the laws of England and Wales. Preset relay operators are legally bound by transparency/privacy terms, and users can fully self-host to avoid relying on the company's infrastructure. |
| On-device duress / panic defenses | No Signal supports disappearing messages, a Signal PIN, registration lock, and screen lock, but has no built-in duress/decoy PIN or panic-wipe; a community feature request for a duress wipe was declined by Signal. | Yes Offers a self-destruct passcode: entering this alternate passcode at the lock screen wipes the app database (added v5.1). The local database is encrypted with a random passphrase stored in iOS Keychain / Android Keystore (TPM where available). |
| Max attachment size | ~100 MB per attachment (varies by platform: ~100 MB Android/Desktop, smaller on iOS) Commonly cited as ~100 MB per attachment, with per-platform variation (Android/Desktop near 100 MB, iOS images notably smaller). Limits change over time; treat as approximate. | 1 GB (via XFTP file transfer protocol) Files up to 1 GB are sent via the XFTP protocol with E2EE; files are held on XFTP relays transiently (around 48 hours) until retrieved. This applies to all transfers via relay, unlike RVNT which caps relayed transfers at ~40 MB but is unlimited on a direct link. |
| Collects telemetry / analytics | No Signal is funded by donations/grants, runs no ads, and does not monetize data. Subpoena responses demonstrate it does not retain message content, contacts, or profile data; it is widely regarded as not running analytics/telemetry on users. | No The privacy policy explicitly states client apps contain no tracking or analytics code and share no tracking data with SimpleX Chat Ltd, preset operators, or third parties. Relay hosting providers may log IP addresses, and preset operators may share aggregate usage statistics only. |
The verdict
If you want a proven, polished, mainstream-grade secure messenger and you're comfortable using a phone number to register, Signal is the safe default — it's the most heavily scrutinized E2EE messenger in existence, run by a nonprofit with a clear track record of holding almost no data, and it's already shipping post-quantum protection. If your priority is metadata and identity minimization — no phone number, no account, nothing for a server to hand over — SimpleX Chat is the stronger choice, at the cost of being a younger and less battle-tested ecosystem.
For people who want to push even further toward a fully serverless, metadata-minimal model — where there's no central operator at all and content moves peer-to-peer — RVNT sits in that more privacy-maximal next tier, combining post-quantum E2EE with a P2P transport. It's the right lens if SimpleX's no-identifier philosophy appeals to you but you also want to remove the relay operator from the trust equation entirely.
Frequently asked questions
Do Signal and SimpleX both require a phone number?
No — this is one of the biggest differences. **Signal requires a phone number** to register; usernames added in 2024 let you hide that number from the people you chat with, but you still need a working phone number to create an account. **SimpleX Chat requires no phone number, no username, and no account ID at all** — it identifies you with nothing, using disposable message queues instead of user accounts.
Are both apps protected against future quantum computers?
Both have moved toward post-quantum security, but along different timelines. **Signal** added PQXDH for the initial handshake and, in 2025, the post-quantum **Triple Ratchet (SPQR)**, which layers a quantum-resistant ratchet on top of the classic Double Ratchet. **SimpleX Chat** augments its Double Ratchet with a post-quantum key exchange (Streamlined NTRU Prime / sntrup761) on ratchet steps. In both cases the post-quantum layer is hybrid — combined with classical cryptography rather than replacing it.
Comparisons here are kept honest and dated — we name where the other app wins. RVNT is the post-quantum, peer-to-peer option with no phone number and no servers.