The Double Ratchet Algorithm | Signal
Appreciation
--
Importance
--
Date Added
2.27.26
TLDR
How the Signal chat client provides end-to-end encrypted communications. The goal is to provide forward secrecy (securing of past messages in event of current keys being compromised) and break-in recovery (securing of future messages).
2 Cents
--
Tags
#Clarifications on Diffie-Hellman ratchet (2.3)
This section was a bit confusing to parse so here’s what actually goes on.
Setup:
- Both sides have shared root key, and Alice knows Bob's ratchet public key
B_pub_0.
Alice sends first batch of messages:
- Alice generates her first key pair
(A_priv_0, A_pub_0). - Alice computes
DH(A_priv_0, B_pub_0)→ feeds into root chain → gets a sending chain key. - Alice sends messages encrypted by that chain key (ticking her sending chain once per message). Each message header includes
A_pub_0in the header.
Bob receives:
- Bob computes the same DH (
DH(B_priv_0, A_pub_0) → feeds into root chain → gets the matching receiving chain key. - Bob ticks his receiving chain to decrypt each message.
- We can view this as effectively replaying (or catch up) on Alice’s send chain, as this is symmetric encryption. Bob is “recovering” the key for decryption that Alice used for encryption. (Bob’s receive chain = Alice’s send chain).
Bob replies:
- Bob generates a NEW key pair
(B_priv_1, B_pub_1). - Bob computes
DH(B_priv_1, A_pub_0)→ feeds into root chain → gets a new sending chain key. - Bob sends messages, ticking his new sending chain. Each message header includes his new public key.
Alice receives:
- Alice computes the same DH → feeds into root chain → gets the matching receiving chain key.
- Alice ticks her receiving chain to decrypt each message.
Alice sends again:
- Go to step 1, but with a fresh key pair. Repeat forever, ping-ponging.
Importantly, at each stage we delete old private keys and new sending/receiving chains are born, used for one run of messages, then discarded when the root chain ticks forward!