The Signal (formerly known as TextSecure) Protocol is an end-to-end encryption protocol developed for the instant messaging software Signal and also used by other software such as WhatsApp.
Questions tagged [signal-protocol]
66 questions
15
votes
2 answers
What is the difference between OTR and Signal protocols?
The Signal Protocol is a relatively new secure messaging protocol that was recently implemented in Signal, WhatsApp, and several other messenging apps. According to Wikipedia, the Signal protocol is an evolution of the OTR protocol…
therealrootuser
- 251
- 2
- 4
12
votes
0 answers
Why does the Signal protocol use AES/CBC instead of AES/GCM?
AES/GCM has obviously proved itself to be better than AES/CBC. Unless the key is re-used with the same initialization vector (see disadvantages of GCM). More information on its advantages against CBC can be found in source 1 and source 2.
Now, most…
OughtToPrevail
- 374
- 4
- 17
7
votes
4 answers
Is encrypted e-mail sent over TLS 1.3 a form of "forward secrecy" (similar to something like Signal)?
One common complaint about GPG-encrypted e-mail is that it doesn't provide forward secrecy; however with opportunistic TLS becoming increasingly common in both IMAP and SMTP, it's not unreasonable to expect that e-mail sent from one message transfer…
philomathic_life
- 181
- 1
- 8
7
votes
0 answers
Signal Protocol - Better way to generate one time pre keys (OTPK)
The following explains a different way (then one-time pre keys) for Bob to securely generate ephemeral keys asynchronously without a limit while still being able to delete the private key immediately after the session is created.
I am wondering can…
OughtToPrevail
- 374
- 4
- 17
6
votes
1 answer
Introduce a reference for cryptanalysis of WhatsApp software
I am studying on cryptanalysis of WhatsApp software. I know this is secure software but I want to present a documentary on this topic as a seminar at the university for applied mathematics students.
As you know, WhatsApp is based on the Signal…
user3571
- 63
- 4
6
votes
1 answer
Signal protocol, how is Signed PreKey created?
I am getting confused with what exactly is the nature of the Signed Prekey (SPK) used in signal protocol.
I understand what it is used for, but I think the confusion stems from its name.
Is it just the normal key-pair whose public part will get…
Dante
- 83
- 1
- 3
6
votes
1 answer
How has WhatsApp addressed group member authenticity and forged acknowledgements since the 2018 "More is Less" paper?
I’ve been reading the 2018 paper “More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema”, which outlines several interesting vulnerabilities in the group messaging protocols of Signal and WhatsApp at the time.
The…
ali khosravi
- 171
- 6
5
votes
1 answer
What is Post-Compromise security exactly?
After reading these papers on Post-Compromise Security:
Post Compromise Security
Asynchronous Ratcheting Trees
My understanding is the following: it is possible for a key-agreement protocol to offer post-compromise security if the protocol…
vxek
- 551
- 3
- 10
5
votes
1 answer
Why is pqxdh of Signal not secure against active adversaries while PQ3 of iMessage is?
I was going through the official documentation of pqxdh and A Formal Analysis of the iMessage PQ3 Messaging Protocol for PQ3.
The distinct difference I noticed is that pqxdh is not secure against active adversaries while PQ3 is. Is there a clear…
CHENHUA LI
- 51
- 2
5
votes
1 answer
Why is forward secrecy needed at X3DH?
In the official documentation of the X3DH Algorithm (link) is made an analysis about the forward secrecy. Forward secrecy would be an uselful property if we would repeat the protocol multiple times. But in the Signal-Protocol it is always used only…
p_1092131280
- 308
- 1
- 6
4
votes
1 answer
Is there a difference between the strength of Telgram's (MTproto) forward secrecy and Signal's?
If I understood correctly, the Signal protocol generates a new key after every message sent and forgets the previous one. Telegram, on the other hand, renews the key only after 100 messages or one week. Thus, is there a certain attack window (1 week…
lstk44
- 73
- 4
4
votes
2 answers
Signal Double Ratchet - How can Alice send 2+ messages in the beginning of the Signal Protocol?
I'm studying about Signal Protocol and I had a doubt in Double Ratchet Algorithm. This section describes how to derive the receiving and sending key messages.
Alice is initialized by Bob public ratchet key but what if Bob is offline? For example:
…
Vivi
- 159
- 1
- 6
4
votes
1 answer
Impersonation in signal group messaging
For group messaging, signal uses the sender keys protocol where each message is encrypted using a group symmetric key thats shared with all other members of the group.
My question is, how does signal stop members of the group from impersonating each…
DerekKnowles
- 594
- 2
- 13
4
votes
1 answer
Is the X3DH protocol used by Signal overly complex?
I feel that the X3DH protocol's use of a 3-way DH handshake is unecessary. Couldn't Bob just publish his set of one-time prekeys (each signed with his identity key) to the server, then Alice creates a shared secret using her ephemeral key (signed…
DerekKnowles
- 594
- 2
- 13
4
votes
1 answer
E2EE Group message encryption
I'm studying E2EE (end to end encryption) at the moment. I have come across Whatsapp white paper and watched a greatly explanatory video of TextSecure (the precursor of E2EE nowadays).
I have a concern about how sender keys are handled in case of a…
Huan
- 43
- 3