Phoenix R&D: Getting to Know the Architects of Critical Secure Group Communications Standards
The Community Series features stories of the people and projects behind the digital rights community.
Phoenix R&D is well known for their historic cryptographic accomplishment that changed the secure communications ecosystem worldwide – the creation of a standard and consequent development of an open source library that made end-to-end encrypted group communication possible for any application.
Since then they have expanded their work to include the creation of open-source secure communication tools, such as Air, and research related to secure messaging, post-quantum resistance, and end-to-end encryption. We spoke with Head of Operations and Product Development Julian Mair to learn more about their work.
Phoenix R&D’s Head of Operations and Product Development, Julian Mair.
Take the Secure Communications App Survey!
Phoenix R&D is teaming up with Team CommUNITY to host numerous activities at the Global Gathering 2026 instance focused on secure communications. For this, we have launched a survey to get feedback from community members to better understand what they would like in a secure communications application. It only takes five minutes, and findings will be shared with the community via a blog post to ensure the entire ecosystem benefits! It takes only five minutes: https://digitalrights.formstack.com/forms/secure_comms_2027
The Origin Story: Breakthrough Standard for Encrypted Group Communications
Phoenix R&D was founded in 2022 as a social impact company, but its origins trace back several years earlier. Founder and CEO Raphael Robert began developing the ideas behind a standardized encryption protocol that ultimately led him to co-initiate and co-author Messaging Layer Security (MLS), the secure group communications standard published by the Internet Engineering Task Force (IETF).
Solving Secure Group Messaging at Scale
This significant cryptographic breakthrough solved one of the most challenging problems in secure communications. While end-to-end encryption for one-to-one messaging was already well established, providing secure group messaging at scale was difficult. MLS introduced a standardized approach enabling end-to-end group communications, while significantly improving scalability over earlier group-encryption methods, among other benefits.
OpenMLS: Turning Standards into Practical Tools
Most importantly, the MLS standard led to Robert and his colleagues to develop OpenMLS, an open-source library that enables developers to implement MLS in their own applications. While MLS established the standard for secure, scalable group communications, OpenMLS provided the practical tools needed to bring that standard into real-world products, making it significantly easier for developers to implement end-to-end encrypted group messaging into their application.
A New Chapter and New Horizons
Phoenix R&D was started as an off-shot of this work, and today the company still maintains OpenMLS, which is used by open source apps such as Nostr, XMTP, Cloudflare’s Meet, Wire, and CoverDrop in the Guardian’s news app, as well as in various closed-source applications that have not made its use public. Notably, OpenMLS has recently had a security audit, results of which were published in 2026.
Phoenix R&D has expanded their work into other projects as well. This includes the development of the MLS-TLS hybrid protocol, and conducting critical research related to secure messaging, post-quantum resistance, and end-to-end encryption.In addition, Phoenix R&D is also using OpenMLS to create their own secure communications app, called Air, that is currently in the early days of its development, though it has already gone through a security audit. At this moment it is not yet full-featured, and not all the advanced security measures have been implemented.
Yet, the vision that inspired the company from the beginning remains unchanged: to make digital infrastructure more secure and private by creating standards that influence technology worldwide and developing the software implementations that turn those standards into practical, usable tools.
Phoenix’s New Secure Communications App Designed Both for At-Risk Users and Broader Adoption
Phoenix R&D is currently developing Air, an open-source secure communications application built on the MLS protocol, aimed at meeting the evolving needs of users, particularly of users in the digital rights community, and designed to be hosted entirely in the European Union and later on-premise with optional federation.
Please note that Air is currently in its early days of development, and therefore not recommended for folks living in high-risk contexts.
Air enables users to send end-to-end encrypted messages, photos, documents and videos without collecting or requiring sensitive personal information such as email address or a phone number. It is also designed to minimize metadata collection, avoiding retention of information about who users communicate with and when those communications occur.
While the security features are suitable for at-risk users, it is also designed to remain intuitive for everyday users across a wide range of ages, profiles, and backgrounds, thus supporting broader adoption. Julian shares their design philosophy:
“A good secure messenger should provide you with security and privacy that you need for your own communications but it should also be a user experience that your mom and friends would want to use even though they are not interested in the security benefits that an at-risk user would need.”
Julian explains that he and his teammates set out to design Air by addressing gaps they identified in existing secure messaging platforms, and growing needs of individuals in high risk contexts. They also note that having multiple strong secure communications applications increases overall ecosystem resilience by reducing reliance on any single point of failure.
“Even though Signal has usernames now, you still need a phone number to create an account, so some personal data is required. We wanted to avoid that entirely - no email or phone number for signup, just a username you choose to share with others.
Encryption should be enabled by default, without requiring users to turn it on manually, unlike platforms such as Telegram. Additionally, at a minimum, it should match the low metadata footprint of Signal, ideally improving on it, but that should be considered the baseline. And at the same time, it should also be possible to host the service yourself
One challenge we consistently see in high-risk or restrictive environments is that users are unable to register on Signal due to the phone number requirement, or Signal is blocked outright because it is easy to block one central service.
We wanted to design Air so that it is possible to self-host, ideally in a simple way - like running it on a Raspberry Pi at home. You can install it, and you’re good to go. At the same time we wanted it to be based on a modern protocol like MLS, which was our pre-requisite to start with. It should be open source, and based in Europe. Because of current geopolitics, it is good to have a second messenger which is on par with what Signal offers when it comes to security and privacy. So that was the vision when it came to Air.”
Next Goal: Encryption in the Workplace for At-Risk Organizations
Moving forward, the Phoenix team hopes to build tools that will help organizations prioritize security and privacy in the workplace—a need Julian has consistently heard during feedback sessions. They are particularly interested in developing tools that support the requirements of at-risk organizations.
“One theme we have observed is that people are using encrypted consumer tools for work—which is a good thing. However, most of these tools people are using are not designed for workplace use. For example, Signal is not really a tool for organizational productivity; you cannot manage your organization with Signal because you still need to bring in your private account.
We often hear feedback that Air is cool and it’s something that people would like to use within their organizations. We see that there is a clear need, and we see an opportunity in the space between consumer and organizational tools-where there is meaningful overlap in required features. Our goal is to better understand what at-risk organizations need in a workplace context and build a tool that could function effectively in that environment”
The Future of Secure Communications
As advances in quantum computing and AI-driven cyber threats continue to emerge, many organizations are starting to think about how to protect themselves from quantum threats. For Phoenix R&D, which also provides consulting services around post-quantum resistance, anticipating these next-generation threats is a core priority—not only for its clients, but also for the tools and applications they are building.
“With continuous advances in quantum computing technology, the harvest-now-decrypt-later adversary is increasingly part of threat models for many individuals, companies, and institutions—especially in secure messaging apps. In contrast to many earlier end-to-end encryption messaging protocols, MLS was designed to be crypto-agile in the same way as TLS 1.3, allowing post-quantum secure cipher suites to be integrated more easily. With Air, we want to provide a secure messenger that is also future-proof in that regard.”
Learn more about Air and Phoenix R&D’s other work on MLS and OpenMLS at their website, https://phnx.im/.
If you want to try Air, please reach out to Julian Mair at julian@phnx.im with the codeword “team community” to receive an invitation code.