Wikipedia

Double Ratchet Algorithm: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Merge and rename
Copyedit lead
Line 3:
In [[cryptography]], the '''Double Ratchet Algorithm''' (previously referred to as the '''Axolotl Ratchet'''<ref name="Perrin-2016-03-30">{{cite web|last1=Perrin|first1=Trevor|title=Compare Revisions|url=https://github.com/trevp/double_ratchet/wiki/Home/_compare/6fa4a516b01327d736df1f52014d8b561a18189a...ab41721f9ed7ca0bdac3e24ce9fc573750e0614d|website=GitHub|access-date=9 April 2016|date=30 March 2016}}</ref><ref name="signal-inside-and-out">{{cite web|last1=Marlinspike|first1=Moxie|title=Signal on the outside, Signal on the inside|url=https://whispersystems.org/blog/signal-inside-and-out/|publisher=Open Whisper Systems|access-date=31 March 2016|date=30 March 2016}}</ref>) is a [[Key (cryptography)|key]] management algorithm that was developed by [[Trevor Perrin]] and [[Moxie Marlinspike]] in 2013. It can be used as part of a [[cryptographic protocol]] to provide [[end-to-end encryption]] for [[instant messaging]]. After an initial [[key-agreement protocol|key exchange]] it manages the ongoing renewal and maintenance of short-lived session keys. It combines a cryptographic so-called "ratchet" based on the [[Diffie–Hellman key exchange]] (DH) and a ratchet based on a [[key derivation function]] (KDF), such as a [[hash function]], and is therefore called a double ratchet.
 
The algorithm isprovides consideredforward self-healingsecrecy because under certain conditions it prevents an attacker from accessing the cleartext of futurefor messages, afterand havingimplicit compromised onerenegotiation of the user'sforward keys.<ref; name="advanced-ratcheting"/>properties Newfor session keys are exchanged after a few rounds of communication. This effectively forceswhich the attacker to [[man-in-the-middle attack|intercept]] ''all'' communication between the honest parties, since they lose access as soon as a key exchange occurs thatprotocol is not intercepted. This property was later named ''Future Secrecy'', or ''Post-Compromise Security''.<ref>{{cite journal|last1=Cohn-Gordon|first1=K.|last2=Cremers|first2=C.|last3=Garratt|first3=L.|title=On Post-compromise Security|journal=2016 IEEE 29th Computer Security Foundations Symposium (CSF)|year=2016|pages=164–178|doi=10.1109/CSF.2016.19|isbn=978-1-5090-2607-4|s2cid=5703986|url=https://ora.ox.ac.uk/objects/uuid:241da365-1c73-4b6a-826c-f122c4c1e1b8}}</ref>
 
== History ==
Retrieved from "https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm"