Content deleted Content added
Reworded a sentence to be grammatically correct and read better, and fixed a formatting issue. |
Fixed a grammatical issue. |
||
Line 1:
{{short description|Cryptographic key management algorithm}}
{{Redirect|Double ratchet|the hand tool|Wrench}}
In [[cryptography]], the '''Double Ratchet Algorithm''' (previously referred to as the '''Axolotl Ratchet'''<ref name="Perrin-2016-03-30">{{cite web|last1=Perrin|first1=Trevor|title=Compare Revisions|url=https://github.com/trevp/double_ratchet/wiki/Home/_compare/6fa4a516b01327d736df1f52014d8b561a18189a...ab41721f9ed7ca0bdac3e24ce9fc573750e0614d|website=GitHub|accessdate=9 April 2016|date=30 March 2016}}</ref><ref name="signal-inside-and-out">{{cite web|last1=Marlinspike|first1=Moxie|title=Signal on the outside, Signal on the inside|url=https://whispersystems.org/blog/signal-inside-and-out/|publisher=Open Whisper Systems|accessdate=31 March 2016|date=30 March 2016}}</ref>) is a [[Key (cryptography)|key]] management algorithm that was developed by [[Trevor Perrin]] and [[Moxie Marlinspike]] in 2013. It can be used as part of a [[cryptographic protocol]] to provide [[end-to-end encryption]] for [[instant messaging]]. After an initial [[key-agreement protocol|key exchange]] it manages the ongoing renewal and maintenance of short-lived session keys. It combines a cryptographic so-called "ratchet" based on the [[Diffie–Hellman key exchange]] (DH) and a ratchet based on a [[key derivation function]] (KDF), such as a [[hash function]], and is therefore called a double ratchet.
The developers refer to the algorithm as self-healing because under certain conditions, it disables an attacker from accessing the cleartext of messages ("the communication") after having compromised a session key.<ref name="advanced-ratcheting"/> This condition is that between the compromise of the key and the communication in question, there has been at least one message which was not tampered with by the attacker. This effectively forces the attacker to [[man-in-the-middle attack|intercept]] ''all'' communication between the honest parties, since he loses access as soon as one uncompromised message is passed between them. This property was later named ''Future Secrecy'', or ''Post-Compromise Security''.<ref>{{cite journal|last1=Cohn-Gordon|first1=K.|last2=Cremers|first2=C.|last3=Garratt|first3=L.|title=On Post-compromise Security|journal=2016 IEEE 29th Computer Security Foundations Symposium (CSF)|year=2016|pages=164–178|doi=10.1109/CSF.2016.19|isbn=978-1-5090-2607-4|s2cid=5703986|url=https://ora.ox.ac.uk/objects/uuid:241da365-1c73-4b6a-826c-f122c4c1e1b8}}</ref>
| |||