Signal Protocol — In Pictures
The idea is to illustrate the signal protocol flow using pictures with minimal text.
Imagine two people having a conversation and wanting to encrypt all their messages. They want to ensure that if someone tries to intercept and decode their messages, that person can only decipher one message at most, without being able to understand the ones before or after it. This is called Forward and Future secrecy respectively.
Forward Secrecy — Compromise of keys should not compromise secrecy of the past communication. Signal tackles this by generating a fresh key for each message and promptly discarding it afterward. They do this through a method called a symmetric key ratchet.
Post-Compromise (Future Secrecy) — To ensure future communication remains secure, it’s important that compromising keys doesn’t expose secrecy. One way to do this is by regularly adding new entropy (randomness) to the key material using the Diffie-Hellman ratchet technique.
The X3DH protocol creates a ROOT key to start a conversation. It’s useful when Alice wants to chat with Bob, even if he’s not online at the same time. Essentially, it provides a secure way for them to communicate, acting like symmetric key cryptography even though it’s asymmetric.
This ROOT key is the starting point of the HKDF chain.
Signal use HMAC-SHA256 based KDF function and it works like below:
Basically, we’re talking about a two-way security mechanism here. The concern is, how do we safeguard our future keys if someone gets hold of our current one? Or if the security mechanism breaks or falls out of sync between two parties? This is where the Double Ratchet comes in handy.
KDF Chain + Diffie Hellman = Double Ratchet
The Diffie-Hellman method adds randomness to future keys, catching attackers off guard. It also incorporates a self-healing mechanism for when keys are compromised or become out of sync.
The Double Ratchet plays the role of a “post-X3DH” protocol which takes the session key SK (the blue key in the above diagram) negotiated by X3DH and uses it as the Double Ratchet’s initial root key.
Time has come to bring all of it together. Every conversation has 3 KDF chains between two people:
- Root Chain (starts with X3DH and Later DH ratchet take over)
- Sending Chain (Alice’s sending is in SYNC with Bob’s receiving)
- Receiving Chain (Alice’s receiving is in SYNC with Bob’s sending)
In case you would like me to add more details that i missed out, send me on tomdeore@gmail.com.
