Oddbean new post about | logout
keychat | 6 months ago (raw) | export | reply | flag +12 
 A ratchet can only turn in one direction.

The double ratchet means two types of ratchets: a KDF ratchet (the small ratchet in the diagram) and a DH ratchet (the large ratchet in the diagram).

KDF stands for Key Derivation Function. A hash function is the simplest KDF because it is one-way. K1=hash(K0), K2=hash(K1), K3=hash(K2), K4=hash(K3)... K1 is used to encrypt the first message, K2 to encrypt the second message, and so on. Once used, the key is deleted. If an attacker obtains the latest encryption key K5, they cannot reverse-engineer K4, K3, K2, or K1, ensuring the security of historical messages. Thus, the KDF provides forward secrecy to the encryption protocol.

However, the attacker can derive K6, K7, K8..., which means there is no backward secrecy. This is where the DH ratchet comes into play.

The Diffie–Hellman (DH) key exchange is a mathematical method for securely exchanging cryptographic keys over a public channel. Alice, using her private key S1 and Bob’s public key P2, can compute a value. Similarly, Bob, using his private key S2 and Alice’s public key P1, can compute a value. These two values are equal.

Alice and Bob continuously generate new DH key pairs for new messages on the client side and attach the public key in plaintext to the message. The message recipient can then use this public key and their private key to perform the DH computation. This DH ratchet effectively resets the KDF ratchet with the DH ratchet. Because the attacker does not know the latest DH private key, they cannot derive future encryption keys, thus providing backward secrecy.

Therefore, in the double ratchet algorithm, the KDF ratchet ensures forward secrecy, and the DH ratchet ensures backward secrecy, together achieving both forward and backward secrecy.

We recommend the following video, which provides a more intuitive animation demonstration.

https://youtu.be/9sO2qdTci-s?si=BXLU33BRANWAJKMz

https://youtu.be/7uEeE3TUqmU?si=jpPOR_O61IppgJxl 

(We hope users can understand the basic principles to judge for themselves which chat applications are good.) https://image.nostr.build/02cf8185e461b3ce03d84397debf4901724f5ed4d1198f83913fa2303e3a0214.png  nostr:note1ffgsgvkltl96wzwe6lakv2ntjfkq2u48msx57mrvnnhtyde5s2js8antlr
Enki | 6 months ago (raw) | root | parent | reply | flag 
 This kinda stuff makes me wish I was better at math. Its super interesting. 

nostr:nevent1qqsw5mdanjsqev4x3zp5u0srheslve7c90cc9y2sl6gwv3g95n9j4mspr9mhxue69uhhq7tjv9kkjepwve5kzar2v9nzucm0d5pzpwleyw4fy3sxt7yvgrran0mpenxqlululur94r9jlax0hd3q3rc7qvzqqqqqqyuseehm
AVERAGE_GARY | 6 months ago (raw) | root | parent | reply | flag 
 This was great to read.
What do yout recommend for someone wanting to read more on these sort of primitives? Ideally in a coding lense
Botanical Llama | 6 months ago (raw) | root | parent | reply | flag +1 
 Nice, finally I understand the underlying process.
nostr:nevent1qqsw5mdanjsqev4x3zp5u0srheslve7c90cc9y2sl6gwv3g95n9j4msppemhxue69uhkummn9ekx7mp0qgsth7fr42fyvpjl3rzqclvm7cwves8l8l8lqedgevhlfnamvgyg78srqsqqqqqpt6fzah
keychat | 6 months ago (raw) | root | parent | reply | flag 
 👏👏👏