Oddbean

Many Nostr users know that the Signal protocol is a very secure end-to-end encryption protocol, recommended by Snowden. However, many people do not know why the Signal protocol is secure. In fact, the design of the Signal protocol has a historical basis and is very intuitive and simple. End-to-end encryption protocols have gone through three key stages: the PGP (Pretty Good Privacy) protocol of the 1990s, the OTR (Off The Record) protocol of the 2000s, and the Signal protocol of the 201x. PGP achieved end-to-end encryption through public key encryption. But if a private key leaks, all [past and future] messages can be decrypted. No [forward secrecy] and [backward secrecy]. [[In the PGP protocol, the identity key and the encryption key are the same; it serves as both the identity and is used to encrypt messages.]] [[As an identity key, it is a long-term key, and the longer it is used, the greater the likelihood of private key exposure.]] The OTR protocol solves the problem of PGP. Its approach is simple: [[it separate the identity key from the encryption key and generates a unique encryption key for each conversation, which is deleted after use.]] The Signal protocol inherited ideas from the OTR protocol. It mainly consists of two parts: the X3DH protocol, which is responsible for the initial key agreement, and the Double Ratchet Algorithm, which is responsible for deriving encryption keys. [[The Signal protocol derives a new encryption key for each message, which is deleted after use.]] It achieved better forward and backward secrecy. BTW, the Signal protocol is not equivalent to the Signal app. WhatsApp also uses the Signal protocol for end-to-end encryption. The Signal protocol is only responsible for the end-to-end encryption of messages, meaning only the communicating parties can decrypt the content, not even the server administrators.