Skip to content

Tessera vs Matrix

Matrix is an open, federated messaging standard with E2E encryption and a rich client ecosystem (Element). Tessera is a metadata-private messaging protocol with ZK sender authentication and no central authority. The core difference: federation still concentrates metadata per homeserver; Tessera ensures no server sees the graph at all.

TL;DR

FeatureTesseraMatrix
Content encryptionAES-GCMOlm / Megolm (E2E)
Sender authenticationZK Schnorr / Fiat–ShamirImplicit (device keys)
Metadata privacy(ε,δ)-DP + blindingNone (homeserver sees graph)
TopologyBucketed broadcast (P2P)Federated homeservers
Central authorityNoneHomeservers per user
DP cover trafficYes (calibrated)No
Blinded pseudonymsYes (Y′ = Y + t·G)No
LicenseMITApache 2.0

What Matrix does well

Matrix is a genuinely open standard: anyone can run a homeserver, the protocol is federated so users on different servers can talk, and E2E encryption (Olm for DMs, Megolm for groups) is available across the ecosystem. The client ecosystem is rich — Element being the best-known — and the platform supports group chat, VoIP, bridges to other networks, and a large community of developers.

For a self-hostable, full-featured messaging platform, Matrix is a strong choice. It does not lock you into a single vendor, and the spec is open and evolving.

Where Matrix falls short

  • Homeservers see metadata. Each homeserver knows which of its users message whom, when, and how often. The server operator — or anyone who compromises it — has the social graph of every user on that server.
  • Federation leaks server-to-server metadata. Federated traffic between homeservers is visible to network observers and reveals cross-server relationships.
  • No sender authentication at the protocol level. Authentication is implicit in device keys; there is no zero-knowledge proof tying a message to an identity without revealing the identity.
  • No DP guarantee. There is no formal bound on what an observer can infer from traffic patterns.
  • Homeserver is a central point for each user. Lose or be compelled from your homeserver and your metadata is exposed.

How Tessera differs

  • No server sees the graph. Bucketed broadcast over P2P gossip means no operator observes who is talking to whom.
  • ZK sender authentication. A Schnorr / Fiat–Shamir proof under a blinded pseudonym lets a recipient verify identity without learning the long-term identity.
  • Decentralized, not federated. Pairwise local enrolment; no homeserver, no federation traffic to observe.
  • Formal DP cover traffic. Calibrated (ε,δ)-differentially-private noise bounds an observer's inference advantage.
  • Per-recipient unlinkability. Y′ = Y + t·G gives cryptographic unlinkability across recipients and deliveries.

Detailed feature comparison

CapabilityTesseraMatrix
Content encryptionAES-GCMOlm / Megolm
Sender authenticationZK proofImplicit (device keys)
Metadata hidden from operatorYesNo (homeserver sees graph)
TopologyP2P bucketed broadcastFederated homeservers
Group chatNo (one-to-one)Yes
VoIPNoYes
Formal privacy bound(ε,δ)-DPNone
Per-recipient unlinkabilityYes (blinding)No
LicenseMITApache 2.0
Primary languagePythonPython, JS, Rust, Go

When to choose which

Choose Matrix when

  • You need a full-featured messaging platform with group chat, VoIP, and bridges.
  • Federation and self-hosting are requirements.
  • Metadata exposure to your homeserver is an accepted risk.
  • You want a mature client ecosystem (Element, etc.).

Choose Tessera when

  • You need metadata privacy — no server may see the social graph.
  • You need explicit ZK sender authentication.
  • You cannot deploy or trust homeservers.
  • You want a formal (ε,δ)-DP bound on traffic analysis.
  • You need per-recipient unlinkability as a cryptographic property.

Frequently asked questions

Can Matrix hide metadata with federation?

No. Federation distributes the social graph across homeservers but does not hide it. Each homeserver sees which of its users message whom, and server-to-server federation traffic leaks metadata to any passive network observer. Tessera is designed so no server observes the graph.

Does Tessera support group chat like Matrix?

Tessera targets one-to-one authenticated, metadata-private delivery. It is a protocol primitive, not a full-featured messaging platform with group chat, VoIP, or a client ecosystem. Matrix is the better fit if those features are the priority.

Why is Tessera decentralized while Matrix is federated?

Federation still requires homeservers that each act as a metadata concentration point for their users. Tessera uses bucketed broadcast over P2P gossip with pairwise local enrolment, so no single node — and no operator — sees the full routing graph.

Need metadata privacy Matrix's homeservers can't give?

Tessera hides the social graph with bucketed broadcast, DP cover traffic, and ZK sender authentication — no homeserver required.

pip install tessera