Alice Whispers To Bob: At the core of privacy in the 21st Century is Extended Triple Diffie-Hellman and Ratchets

Our old digital world of insecure methods is coming to an end. Basically, we took protocols which had little in the way of security, and then applied a tunnel and fixed it with PKI. And thus HTTP became HTTPs, FTP became FTPs, and SMTP became SMTPs. Unfortunately, either end of the tunnel is insecure, along with anyone having the private key related to the tunnel being able to break it, and listen to the communications. Our world is now thus looking at complete end-to-end encrypted communications and where we create a new encryption key which is secret to Bob and Alice — for every single message that they send each other.

So let’s look at how the Signal protocol — as used by WhatsApp, Signal, Facebook Messenger, Skype, and a whole lot of methods — sets up a trusted end-to-end tunnel between Bob and Alice.

Some simple Diffie-Hellman

In the online creation of a secure tunnel, Bob and Alice will be actively communicating and can thus generate secrets and the associated public key to each other. With ECDH (Elliptic Curve Diffie Hellman), Bob and Alice generate a short-term secret (a and b) and then pass the public key version of these to the other side (aG and bG). They will then be able to…