The Signal (formerly known as TextSecure) Protocol is an end-to-end encryption protocol developed for the instant messaging software Signal and also used by other software such as WhatsApp.
Questions tagged [signal-protocol]
41 questions
14
votes
2 answers
What is the difference between OTR and Signal protocols?
The Signal Protocol is a relatively new secure messaging protocol that was recently implemented in Signal, WhatsApp, and several other messenging apps. According to Wikipedia, the Signal protocol is an evolution of the OTR protocol…
therealrootuser
- 241
- 2
- 4
11
votes
0 answers
Why does the Signal protocol use AES/CBC instead of AES/GCM?
AES/GCM has obviously proved itself to be better than AES/CBC. Unless the key is re-used with the same initialization vector (see disadvantages of GCM). More information on its advantages against CBC can be found in source 1 and source 2.
Now, most…
OughtToPrevail
- 314
- 3
- 17
7
votes
4 answers
Is encrypted e-mail sent over TLS 1.3 a form of "forward secrecy" (similar to something like Signal)?
One common complaint about GPG-encrypted e-mail is that it doesn't provide forward secrecy; however with opportunistic TLS becoming increasingly common in both IMAP and SMTP, it's not unreasonable to expect that e-mail sent from one message transfer…
philomathic_life
- 181
- 1
- 7
7
votes
0 answers
Signal Protocol - Better way to generate one time pre keys (OTPK)
The following explains a different way (then one-time pre keys) for Bob to securely generate ephemeral keys asynchronously without a limit while still being able to delete the private key immediately after the session is created.
I am wondering can…
OughtToPrevail
- 314
- 3
- 17
6
votes
1 answer
Introduce a reference for cryptanalysis of WhatsApp software
I am studying on cryptanalysis of WhatsApp software. I know this is secure software but I want to present a documentary on this topic as a seminar at the university for applied mathematics students.
As you know, WhatsApp is based on the Signal…
user3571
- 63
- 4
5
votes
1 answer
Signal protocol, how is Signed PreKey created?
I am getting confused with what exactly is the nature of the Signed Prekey (SPK) used in signal protocol.
I understand what it is used for, but I think the confusion stems from its name.
Is it just the normal key-pair whose public part will get…
Dante
- 73
- 3
4
votes
1 answer
Is there a difference between the strength of Telgram's (MTproto) forward secrecy and Signal's?
If I understood correctly, the Signal protocol generates a new key after every message sent and forgets the previous one. Telegram, on the other hand, renews the key only after 100 messages or one week. Thus, is there a certain attack window (1 week…
lstk44
- 41
- 3
4
votes
2 answers
Signal Double Ratchet - How can Alice send 2+ messages in the beginning of the Signal Protocol?
I'm studying about Signal Protocol and I had a doubt in Double Ratchet Algorithm. This section describes how to derive the receiving and sending key messages.
Alice is initialized by Bob public ratchet key but what if Bob is offline? For example:
…
Vivi
- 159
- 1
- 6
3
votes
1 answer
Signal protocol: X3DH
I've been trying to get a grasp of how the Signal protocol works. According to the spec, DH is done on four keys: IK_A, SPK_B, EK_A and IK_B:
If the bundle does not contain a one-time prekey, she calculates:
DH1 = DH(IK_A, SPK_B)
DH2 =…
John M.
- 131
- 2
3
votes
1 answer
What is Post-Compromise security exactly?
After reading these papers on Post-Compromise Security:
Post Compromise Security
Asynchronous Ratcheting Trees
My understanding is the following: it is possible for a key-agreement protocol to offer post-compromise security if the protocol…
vxek
- 413
- 2
- 9
3
votes
1 answer
Does the authenticity of messages by Alice still holds if the state of bob is compromised in Double Ratchet
In the double ratchet algorithm, let's say if bob's device is compromised including his long term key.
Does the ephemeral keys generated by Alice during the half Diffie–Hellman key exchange produces a new sending chain for Alice which is not yet…
Shrenik Chhajer
- 31
- 2
3
votes
1 answer
How does future secrecy fail for Signal group messaging?
In the paper More is Less: On the End-to-End Security of Group Chats in
Signal, WhatsApp, and Threema, the abstract claims that
We additionally show that strong security properties, such
as Future Secrecy which is a core part of the …
rlee827
- 234
- 1
- 8
3
votes
1 answer
Signal's Key Wrap: is it safe and is it custom?
The iOS version of Signal application (not the protocol) includes a form of key wrap that I've never seen elsewhere: SHA256-HMAC-SIV.
It's used to encrypt your master key with your pwHash(PIN) before sending it to signal.org's Key Backup Service.
So…
Tim Shadel
- 161
- 5
3
votes
0 answers
Are there any projects leveraging a combination of (1) Noise and (2) Signal / Double Ratchet to augment the former with per-message forward secrecy?
Are there examples (in code, or a blog post / writeup) of using Noise and Signal together?
Here is a link to Noise.
For example, using the Double Ratchet per each message to achieve forward secrecy, but leveraging Noise as a foundation for its…
user3325588
- 49
- 7
2
votes
1 answer
Is it safe to implement elliptic curve Diffie Hellman with secp256k1
I need to implement X3DH Key Agreement Protocol according to Signal specification, in the document they suggest using either X25519 or X448 curves. I assume those curves have been chosen for this protocol for a reason. In the codebase elliptic curve…
shotex
- 121
- 1