Skip Navigation
Privacy @lemmy.ml Voxel @infosec.exchange

So, I'm interested how the implementation of "Perfect Forward Secrecy" in Signal looks like, like does every messages has a different encryption key? or does it change over time like [#whatsapp](https

So, I'm interested how the implementation of "Perfect Forward Secrecy" in Signal looks like, like does every messages has a different encryption key? or does it change over time like #whatsapp does? I tried to find any official documention of this, sadly did not find anything.

Thats why I'm asking, does anyone of you know smth about this and maybe can provide a link to a official source?

#signal #signalapp #privacy #encryption @signalapp @SignalUpdateInfo @privacy

15
15 comments

  • https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm

    This is the encryption that they developed. Whatsapp and OMEMO (XMPP) use it as well. It has forward secrecy because if an attacker has the key for a message they can't calculate the key for the key for the next message etc.

  • WhatsApp uses the encryption protocol developed for Signal, so I'd not expect them to be significantly different.

    • @Rose True, but there are still differences, for example Signal encrypts everything, while WA only encrypts chats and calls, so the implementation is a bit different, which maybe could be also in Signal with PFS.

      • The main advantages of Signal over WA is that Signal minimises the amount of metadata Signal has access to and promises to not store or analyse the little remaining metadata.

        The data (as in: the actual message content) should be similarly secure in both.

  • In a very simplified explanation. Yes.

  • Don't know about Signal but the way PFS usually works is there is something like a Diffie-Hellman (DH) key exchange. Each person generates a random (private) number, remembers it, crunches it mathematically into a public number, and sends the public number to the other person. Each then combines their private number with the public number that they got from the other person, and this (because of how DH works) cleverly gives both people the same secret number they use for the encryption, but the secret can't be reconstructed without knowing at least one of the private numbers. Finally, the PFS part is simply that each person permanently deletes both the shared secret and the private number they generated for that exchange (they will create new ones next time they want to communicate). That means there is no way to reconstruct the secret and re-decrypt the message.

    Of course, authentication also has to be added to all this.

    For more info, probably easiest to look up Diffie-Hellman key exchange online.

  • Asked GPT about that after skimming through the wiki to confirm if it’s also comes to the same conclusion that the keys are periodically changed and yeah it did confirm it:

    The "Double Ratchet Algorithm" used by Signal provides both forward and future secrecy for messages. Here's a basic breakdown of how this works:

    The Double Ratchet Algorithm:

    Initialization Phase: The two communicating parties (let's call them Alice and Bob) establish a shared secret using the Diffie-Hellman key exchange. Ratcheting Phase: After the shared secret is established, every message is encrypted using a new symmetric key. Keys are derived in a chain where the next key is a function of the previous key. This is the "symmetric-key ratchet". After sending or receiving a message, Alice and Bob independently update their chain keys, which helps ensure forward secrecy. Diffie-Hellman Ratchet: Periodically, Alice and Bob also update their Diffie-Hellman key pairs, exchange the public components, and derive a new shared secret. This helps provide future secrecy. Example:

    Let's consider a simple conversation between Alice and Bob.

    Initialization: Alice and Bob meet in person and exchange public keys. They generate a shared secret that only they know using these keys. First Message (from Alice to Bob): Alice derives an encryption key from the shared secret. Alice sends "Hello, Bob!" encrypted with this key. After sending the message, Alice updates her chain key. Bob's Reply: Bob derives the same encryption key from the shared secret, decrypts Alice's message, and reads "Hello, Bob!". Bob then derives a new encryption key from his updated chain and sends "Hi, Alice!" encrypted with this new key. After sending the message, Bob updates his chain key. Diffie-Hellman Ratchet: After a few messages or after a certain period, Alice decides to perform a Diffie-Hellman ratchet. She generates a new key pair. Alice sends her new public key to Bob along with her next message. Both derive a new shared secret using Alice's new public key and Bob's current private key. This new shared secret is used to start a new chain of symmetric keys. Continued Conversation: Alice sends another message: "How are you?" with a key derived from the new shared secret. After every message, sender and receiver update their chain keys. Periodically, they will also perform the Diffie-Hellman ratchet to refresh the shared secret. The benefit of this mechanism is that even if an attacker compromises a single message key, they cannot decrypt past messages (forward secrecy) or future messages (future secrecy). Even if they compromise a current Diffie-Hellman private key, they can't decrypt messages that were sent before the compromise (because of the symmetric ratchet) or messages sent after the next Diffie-Hellman ratchet (because a new shared secret will be established).

You've viewed 15 comments.