If you run an exchange with 200K+ active users, you're paying ₹50L+/month for SMS that gets SIM-swapped, intercepted by SS7 lookups, and phished by lookalike Telegram support bots. Zoza Auth swaps SMS OTP for a device-bound cryptographic challenge that lives in your users' Secure Enclave. Same UX. Lower cost. No interception.
If you onboard 200,000 users a month and average 6 OTPs per active user (login, withdrawal, KYC re-verify, password reset, P2P trade approval, security event), you're sending ~1.2M SMS/month. At Indian carrier OTP rates of ₹0.18-0.30 per SMS, your monthly bill looks like:
For the first three to six months, the pilot runs at zero cost to you. No credit card, no contract, no usage cap. Long-term pricing stays off the table until we have both earned your trust and seen what real usage on your traffic actually looks like — and even then the target is roughly 5% of what you currently pay carriers. Cryptographic challenges go over the same HTTPS connection your app already has open; the marginal cost per challenge on our side is a Postgres row, not a telco invoice.
The above assumes you keep SMS as a fallback for users who haven't enrolled their device key. In practice, the savings ramp over 4-6 months as your install base migrates. We model that ramp explicitly during the pilot.
SMS OTP for a crypto exchange isn't just expensive — it's the most-attacked part of your security perimeter. The attack surface specific to your industry:
| Attack class | What happens | SMS OTP | Zoza Auth |
|---|---|---|---|
| SIM swap | Attacker socials the carrier into porting the victim's number; intercepts withdrawal OTP; drains wallet within 12 minutes. | Vulnerable | Immune (key in SE/Keystore, not SIM) |
| SS7 lookup interception | Telecom-grade attacker (or a $250 Hacking Team residual) reads SMS in transit. Used in the Bitfinex 2016 case and several Indian exchange incidents not publicly disclosed. | Vulnerable | Immune (no SMS to intercept) |
| Lookalike Telegram support drain | User joins fake "@CoinDCX_support". Attacker convinces them to read out the OTP "for verification." Withdrawal lands in attacker wallet. | Vulnerable | Immune (challenge requires biometric on user's device, not a typed code) |
| Adversary-in-the-middle (AITM) | Phishing site proxies your real login page, captures OTP, replays in real-time. Modlishka / Evilginx. | Vulnerable | Immune (challenge bound to TLS channel via channel-binding nonce) |
| Carrier outage during a market event | Bitcoin pumps 18%, every user tries to log in, your SMS provider rate-limits, users can't withdraw, Twitter erupts. | Vulnerable | Resilient (challenges go over your own HTTPS; load tested to 10K req/s/instance) |
| Per-message cost in a flash event | 3× login spike during volatility = 3× SMS bill that month. No scaling discount from carriers. | Linear cost | Marginal cost ≈ ₹0 |
| Vendor | What they sell | SIM-swap-proof? | Cost / 1M auths |
|---|---|---|---|
| Twilio Verify | SMS OTP delivery API + voice fallback | No (it's still SMS) | ~$5,000 (₹4.2L) |
| MSG91 | Indian SMS aggregator, OTP + WhatsApp OTP | No | ~₹1.8L (cheaper, same risk) |
| AWS SNS / Cognito | SMS OTP + TOTP fallback | TOTP option exists; few users enrol | ~$3,500 (₹2.9L) |
| WebAuthn / Passkeys (raw) | Browser-native passkey via FIDO2 | Yes | $0 (you self-host) |
| Zoza Auth | Device-bound Secure Enclave / Keystore challenges with double-seal protocol + formal model + Swift/Kotlin/Go SDKs + admin UI | Yes | ₹0 during pilot |
You can. Many exchanges should. The reasons teams come to us instead: (1) Passkey UX on Android-WebView in your existing app is rough, our SDKs handle the platform fragmentation; (2) you want a managed audit-chain + admin dashboard for compliance evidence, not "build it yourself on AWS"; (3) you want device-bound keys with our double-seal so even your own server can't replay a challenge it observed; (4) you want a vendor that signs an MSA with a 90-day exit clause and ciphertext export — try getting that from AWS Cognito.
Full handshake including the double-seal step (server → device challenge is itself sealed against the device's session key, so even a leaked TLS session can't extract reusable challenges) is documented in the protocol section. A formal ProVerif model proving secrecy and authenticity of the handshake is in products/zoza-auth/formal-model/auth.pv.
Zoza Auth is in the same state as a healthy seed-stage infra product: world-class technical surface, zero customers in production, founder-led sales. Specifically:
@zoza/vault, @zoza/auth, @zoza/shield, @zoza/sign, @zoza/verify, @zoza/ai) and GitHub (CoreCogitAI/*-js-sdk) under MIT. Backend server code is source-available under NDA for customers and auditors; broader open-source release sequenced post-first-pilot. We're transparent about this so you don't make procurement decisions on a misunderstanding.One engineer to one engineer. We walk you through the live API, the SDK in your language, and the threat-model fit for your exchange. No salesperson. No deck longer than five slides.
Email hello@zoza.world Or apply via self-serve formBanks need RBI conformance before deployment, which is an 8-week + ₹15L process we're scheduling for Q3 2026. Exchanges have no equivalent regulatory gate, the in-house security teams are crypto-literate, and the SMS pain is acute enough that the buying decision can move in weeks instead of quarters. Once the exchange wedge has 2-3 case studies, RBI conversations get easier.
That's exactly where the savings concentrate. Indian SMS is ₹0.25; UAE/Singapore/EU long-code can be ₹3-8 per send. If a meaningful slice of your KYC'd users are international, the pilot economics get better, not worse.
Yes — that's the recommended rollout. New device enrolments go through Zoza; existing users keep SMS until they next update the app. Most exchanges hit 50% migration in 60 days and 90% in 6 months without a forced migration prompt.
The device-side key never leaves the user's Secure Enclave / Android Keystore — it's not ours to lose. The server-side device-pubkey registry is exportable on demand under the MSA's 90-day exit clause; you can stand it up behind your own infra in roughly 2 days using the open verifier reference (planned for the same release as the open-source code drop).
Honestly: not yet. Sign has the Bybit ($1.46B) story, Auth doesn't have its hero exchange-incident write-up. The first pilot we run becomes that case study — that's why exclusivity is part of the ask.
Live. curl https://auth-api.zoza.world/health right now. Apply for an app key via the self-serve form, get a real key inside 24h, hit /v1/challenges with cURL. No demo environment — you're talking to the same API the docs describe.