Wikipedia

Double Ratchet Algorithm: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Clarify post-compromise security (self-healing) description
Monkbot (talk | contribs)
Bots
3,695,952 edits
m Task 18 (cosmetic): eval 21 templates: hyphenate params (18×);
Line 1:
{{short description|Cryptographic key management algorithm}}
{{Redirect|Double ratchet|the hand tool|Wrench}}
In [[cryptography]], the '''Double Ratchet Algorithm''' (previously referred to as the '''Axolotl Ratchet'''<ref name="Perrin-2016-03-30">{{cite web|last1=Perrin|first1=Trevor|title=Compare Revisions|url=https://github.com/trevp/double_ratchet/wiki/Home/_compare/6fa4a516b01327d736df1f52014d8b561a18189a...ab41721f9ed7ca0bdac3e24ce9fc573750e0614d|website=GitHub|accessdateaccess-date=9 April 2016|date=30 March 2016}}</ref><ref name="signal-inside-and-out">{{cite web|last1=Marlinspike|first1=Moxie|title=Signal on the outside, Signal on the inside|url=https://whispersystems.org/blog/signal-inside-and-out/|publisher=Open Whisper Systems|accessdateaccess-date=31 March 2016|date=30 March 2016}}</ref>) is a [[Key (cryptography)|key]] management algorithm that was developed by [[Trevor Perrin]] and [[Moxie Marlinspike]] in 2013. It can be used as part of a [[cryptographic protocol]] to provide [[end-to-end encryption]] for [[instant messaging]]. After an initial [[key-agreement protocol|key exchange]] it manages the ongoing renewal and maintenance of short-lived session keys. It combines a cryptographic so-called "ratchet" based on the [[Diffie–Hellman key exchange]] (DH) and a ratchet based on a [[key derivation function]] (KDF), such as a [[hash function]], and is therefore called a double ratchet.
 
The algorithm is considered self-healing because under certain conditions it prevents an attacker from accessing the cleartext of future messages after having compromised one of the user's keys.<ref name="advanced-ratcheting"/> New session keys are exchanged after a few rounds of communication. This effectively forces the attacker to [[man-in-the-middle attack|intercept]] ''all'' communication between the honest parties, since they lose access as soon as a key exchange occurs that is not intercepted. This property was later named ''Future Secrecy'', or ''Post-Compromise Security''.<ref>{{cite journal|last1=Cohn-Gordon|first1=K.|last2=Cremers|first2=C.|last3=Garratt|first3=L.|title=On Post-compromise Security|journal=2016 IEEE 29th Computer Security Foundations Symposium (CSF)|year=2016|pages=164–178|doi=10.1109/CSF.2016.19|isbn=978-1-5090-2607-4|s2cid=5703986|url=https://ora.ox.ac.uk/objects/uuid:241da365-1c73-4b6a-826c-f122c4c1e1b8}}</ref>
Line 48:
* [[ChatSecure]]{{efn|name=OMEMO}}
* [[Conversations (software)|Conversations]]{{efn|name=OMEMO|Via the [[OMEMO]] protocol}}
* [[Cryptocat]]{{efn|name=OMEMO}}<ref>{{Cite web|url=https://crypto.cat/security.html|title=Security|publisher=Cryptocat|accessdateaccess-date=14 July 2016|archive-url=https://web.archive.org/web/20160407125207/https://crypto.cat/security.html|archive-date=7 April 2016|url-status=dead}}</ref>
* [[Facebook Messenger]]{{efn|Only in "secret conversations"}}{{efn|name=SIGNAL|Via the [[Signal Protocol]]}}<ref>{{cite web|last1=Greenberg|first1=Andy|url=https://www.wired.com/2016/10/facebook-completely-encrypted-messenger-update-now/|title=You Can All Finally Encrypt Facebook Messenger, So Do It|website=Wired|publisher=Condé Nast|accessdateaccess-date=5 October 2016|date=4 October 2016}}</ref>
*[[G Data Software|G Data]] Secure Chat{{efn|name=SIGNAL}}<ref name="G Data"/><ref>{{cite web|title=SecureChat|url=https://github.com/GDATASoftwareAG/SecureChat|website=GitHub|publisher=G Data|accessdateaccess-date=14 July 2016}}</ref>
* [[Gajim]]{{efn|name=OMEMO}}{{efn|name=Plugin|A third-party [[Plug-in (computing)|plug-in]] must be installed separately}}
* [[GNOME Fractal]]{{efn|name=Matrix}}
* [[Google Allo]]{{efn|Only in "incognito mode"}}{{efn|name=SIGNAL}}<ref name="Greenberg-2016-05-18">{{Cite web|last=Greenberg|first=Andy|url=https://www.wired.com/2016/05/allo-duo-google-finally-encrypts-conversations-end-end/|title=With Allo and Duo, Google Finally Encrypts Conversations End-to-End|website=Wired|publisher=Condé Nast|date=18 May 2016|accessdateaccess-date=14 July 2016}}</ref>
* [[Haven (software)|Haven]]{{efn|name=SIGNAL}}<ref>{{cite web|title=Haven Attributions|url=https://github.com/guardianproject/haven#attributions|website=GitHub|publisher=Guardian Project|accessdateaccess-date=22 December 2017}}</ref><ref>{{cite web|last1=Lee|first1=Micah|title=Snowden's New App Uses Your Smartphone To Physically Guard Your Laptop|url=https://theintercept.com/2017/12/22/snowdens-new-app-uses-your-smartphone-to-physically-guard-your-laptop/|website=The Intercept|publisher=First Look Media|accessdateaccess-date=22 December 2017|date=22 December 2017}}</ref>
* Pond<ref name="Pond"/>
* [[Element (software)|Element]]{{efn|name=Matrix|Via the [[Matrix (communication protocol)|Matrix]] protocol}}<ref>{{Cite web|url=https://techcrunch.com/2016/09/19/riot-wants-to-be-like-slack-but-with-the-flexibility-of-an-underlying-open-source-platform/|title=Riot wants to be like Slack, but with the flexibility of an underlying open source platform|last=Butcher|first=Mike|website=TechCrunch|publisher=AOL Inc.|date=19 September 2016|accessdateaccess-date=20 September 2016}}</ref>
* [[Signal (software)|Signal]]{{efn|name=SIGNAL}}
* [[Silent Circle (software)|Silent Phone]]{{efn|name=zina|Via the Zina protocol}}<ref name="libzina">{{cite web|title=Silent Circle/libzina |url=https://github.com/SilentCircle/libzina/ |website=Github|publisher=Silent Circle|accessdateaccess-date=19 December 2017}}</ref>
* [[Skype]]{{efn|Only in "private conversations"}}{{efn|name=SIGNAL}}<ref>{{cite web|last1=Lund|first1=Joshua|title=Signal partners with Microsoft to bring end-to-end encryption to Skype|url=https://signal.org/blog/skype-partnership/|publisher=Open Whisper Systems|accessdateaccess-date=11 January 2018|date=11 January 2018}}</ref>
* [[Viber]]{{efn|Viber "uses the same concepts of the "double ratchet" protocol used in Open Whisper Systems Signal application"}}<ref>{{cite web|title=Viber Encryption Overview|url=https://www.viber.com/app/uploads/viber-encryption-overview.pdf|publisher=Viber|date=25 July 2018|accessdateaccess-date=26 October 2018}}</ref>
* [[WhatsApp]]{{efn|name=SIGNAL}}<ref name="Metz-2016-04-05">{{cite web|last1=Metz|first1=Cade|title=Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People|url=https://www.wired.com/2016/04/forget-apple-vs-fbi-whatsapp-just-switched-encryption-billion-people/|website=Wired|publisher=Condé Nast|accessdateaccess-date=5 April 2016|date=5 April 2016}}</ref>
* [[Wire (software)|Wire]]{{efn|name=Proteus|Via the Proteus protocol}}<ref name="Wire Security Whitepaper">{{Cite web|url=https://wire-docs.wire.com/download/Wire+Security+Whitepaper.pdf|title=Wire Security Whitepaper|publisher=Wire Swiss GmbH|date=17 August 2018|accessdateaccess-date=28 August 2020}}</ref>
{{end div col}}
 
Line 70:
== References ==
{{Reflist|colwidth=30em|refs=
<ref name="advanced-ratcheting">{{cite web|title = Advanced cryptographic ratcheting |url = https://whispersystems.org/blog/advanced-ratcheting/ |accessdateaccess-date = 20 January 2021|work = whispersystems.org |last = Marlinspike |first = Moxie |date = 26 November 2013 |quote = The OTR style ratchet has the nice property of being 'self healing.' |publisher = Open Whisper Systems}}</ref>
 
<ref name="Pond">{{cite web|url=https://github.com/agl/pond/commit/338395668fbb8a7819c0fccf54dccaa4d7f0ae9e |first= Adam|last=Langley|title=Wire in new ratchet system|type=GitHub contribution|date=9 November 2013|website=GitHub|accessdateaccess-date=16 January 2016}}</ref>
 
<ref name="G Data">{{cite web
Line 82:
|publisher=Reed Exhibitions Ltd.
|date=17 September 2015
|accessdateaccess-date=16 January 2016}}</ref>
}}
 
Line 88:
{{Refbegin|30em}}
* {{cite web|last1=Cohn-Gordon|first1=Katriel|last2=Cremers|first2=Cas|last3=Dowling|first3=Benjamin|last4=Garratt|first4=Luke|last5=Stebila|first5=Douglas|title=A Formal Security Analysis of the Signal Messaging Protocol |url=https://eprint.iacr.org/2016/1013.pdf |website=Cryptology ePrint Archive |publisher=International Association for Cryptologic Research (IACR) |date=25 October 2016 |ref={{harvid|Cohn-Gordon|Cremers|Dowling|Garratt|2016}} }}
* {{cite web|last1=Frosch |first1=Tilman |last2=Mainka |first2=Christian |last3=Bader |first3=Christoph |last4=Bergsma |first4=Florian |last5=Schwenk |first5=Jörg |last6=Holz |first6=Thorsten |title=How Secure is TextSecure? |website=Cryptology ePrint Archive |publisher= International Association for Cryptologic Research (IACR) |url=https://eprint.iacr.org/2014/904.pdf |year=2014 |ref={{harvid|Frosch|Mainka|Bader|Bergsma|2014}} |accessdateaccess-date=16 January 2016}}
* {{cite conference |first1 = Nik |last1=Unger |first2=Sergej |last2=Dechand |first3=Joseph |last3=Bonneau |first4=Sascha |last4=Fahl |first5= Henning |last5=Perl |first6=Ian Avrum |last6=Goldberg |first7= Matthew |last7= Smith |title = SoK: Secure Messaging |publisher = IEEE Computer Society's Technical Committee on Security and Privacy |conference = Proceedings of the 2015 IEEE Symposium on Security and Privacy |year = 2015 |pages = 232–249 |doi=10.1109/SP.2015.22 |url = http://ieee-security.org/TC/SP2015/papers-archived/6949a232.pdf|ref={{harvid|Unger|Dechand|Bonneau|Fahl|2015}} }}
{{Refend}}
Retrieved from "https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm"