Signal Protocol: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 09:18, 17 April 2021 edit Anton.bersh (talk \| contribs) Extended confirmed users 4,452 edits Add {{About}} template Tag: Visual edit ← Previous edit		Latest revision as of 11:30, 7 October 2024 edit undo Explicit (talk \| contribs) Autopatrolled, Administrators 318,181 edits m Replaced duplicate file.
(43 intermediate revisions by 34 users not shown)
Line 1: {{About\|encryption protocol\|messenger implementing this protocol\|Signal (~~software~~messaging app)\|the charitable foundation\|Signal Foundation}} {{short description\|Non-federated cryptographic protocol}} {{Use dmy dates\|date=November 2020}} {{Infobox networking protocol \| title = Signal Protocol \| image = Double Ratchet Algorithm.png \| caption = Signal Protocol full double ratchet step. \| is stack = no \| purpose = End-to-end encrypted communications \| developer = [[Signal ~~Technology~~ Foundation]] \| date = <!-- {{Start date and age\|yyyy\|mm\|dd}} --> \| based on = [[Off-the-~~Record~~record ~~Messaging~~messaging\|OTR]], [[Silent Circle Instant Messaging Protocol\|SCIMP]]<ref name="advanced-ratcheting"/> \| influenced = [[OMEMO]], [[Matrix (~~communication~~ protocol)\|Matrix]]<ref name="Ermoshina-2016">{{cite conference\|last1=Ermoshina\|first1=Ksenia\|last2=Musiani\|first2=Francesca\|last3=Halpin\|first3=Harry\|title=Internet Science\|editor=Bagnoli, Franco \|display-editors=etal \|pages=244–254\|~~title~~chapter=End-to-End Encrypted Messaging Protocols: An Overview\|series=Lecture Notes in Computer Science\|book-title=Internet Science \|publisher=Springer \|location=Florence, Italy \|conference=INSCI 2016 \|doi=10.1007/978-3-319-45982-0_22 \|isbn=978-3-319-45982-0 \|date=September 2016 \|volume=9934}}</ref> \| osilayer = [[Application layer]] }} The '''Signal Protocol''' (formerly known as the '''TextSecure Protocol''') is a non-[[Federation (information technology)\|federated]] [[cryptographic protocol]] that ~~can be used to provide~~provides [[end-to-end encryption]] for voice ~~calls, video calls,<ref name="signal-video-calls-beta"/>~~ and [[instant messaging]] conversations.<ref name="Ermoshina-2016"/> The protocol was developed by [[Open Whisper Systems]] in 2013<ref name="Ermoshina-2016"/> and was ~~first~~ introduced in the [[Open-source software\|open-source]] [[TextSecure]] app, which later became [[Signal (~~software~~messaging app)\|Signal]]. Several [[Proprietary software\|closed-source]] applications have implemented the protocol, such as [[WhatsApp]], which is said to encrypt the conversations of "more than a billion people worldwide".<ref>{{cite web\|title=WhatsApp's Signal Protocol integration is now complete\|url=https://signal.org/blog/whatsapp-complete/\|website=Signal\|publisher=Signal Blog.\|year=2016\|access-date=5 April 2016\|archive-date=29 January 2021\|archive-url=https://web.archive.org/web/20210129090529/https://signal.org/blog/whatsapp-complete/\|url-status=live}}</ref> or [[Google]] who provides end-to-end encryption by default to all [[Rich Communication Services\|RCS]]-based conversations between users of their [[Google Messages]] app for one-to-one conversations.<ref name=":0" /> [[Messenger (software)\|Facebook Messenger]] also say they offer the protocol for optional Secret Conversations, as does [[Skype]] for its Private Conversations. The protocol combines the [[Double Ratchet ~~algorithm~~Algorithm]], prekeys, and a triple [[Elliptic-curve Diffie–Hellman]] (3-DH) handshake,<ref>{{harvnb\|Unger\|Dechand\|Bonneau\|Fahl\|2015\|p=241}}</ref> and uses [[Curve25519]], [[AES-256]], and [[HMAC-SHA256]] as [[Cryptographic primitive\|primitives]].<ref name="Frosch 2016">{{harvnb\|Frosch\|Mainka\|Bader\|Bergsma\|2016}}</ref> ==History== The development of the Signal Protocol~~'s development~~ was started by Trevor Perrin and [[Moxie Marlinspike]] (Open Whisper Systems) in 2013. The first version of the protocol, TextSecure v1, was based on [[Off-the-~~Record~~record ~~Messaging~~messaging]] (OTR).<ref name="Cohn-Gordon-2016-p2"/><ref>{{cite web\|url=https://github.com/WhisperSystems/TextSecure/wiki/Protocol\|title=Protocol\|date=2 March 2014\|publisher=Open Whisper Systems\|via=[[GitHub]]\|archive-url=https://web.archive.org/web/20150107094950/https://github.com/WhisperSystems/TextSecure/wiki/Protocol\|archive-date=7 January 2015\|access-date=28 October 2016}}</ref> On 24 February 2014, Open Whisper Systems introduced TextSecure v2,<ref name="Donohue-2014">{{cite web \|date=24 February 2014 \|first=Brian \|last=Donohue \|url=https://threatpost.com/textsecure-sheds-sms-in-latest-version/104456 \|title=TextSecure Sheds SMS in Latest Version \|website=Threatpost \|access-date=14 July 2016 \|archive-date=15 February 2017 \|archive-url=https://web.archive.org/web/20170215020451/https://threatpost.com/textsecure-sheds-sms-in-latest-version/104456/ \|url-status=live }}</ref> which migrated to the Axolotl Ratchet.<ref name="Cohn-Gordon-2016-p2"/><ref>{{cite web\|url=https://github.com/WhisperSystems/TextSecure/wiki/ProtocolV2\|title=ProtocolV2\|date=2 March 2014\|publisher=Open Whisper Systems\|via=[[GitHub]]\|archive-url=https://web.archive.org/web/20141015215356/https://github.com/WhisperSystems/TextSecure/wiki/ProtocolV2\|archive-date=15 October 2014\|access-date=28 October 2016}}</ref> The design of the Axolotl Ratchet is based on the ephemeral key exchange that was introduced by OTR and combines it with a symmetric-key ratchet modeled after the [[Silent Circle Instant Messaging Protocol]] (SCIMP).<ref name="advanced-ratcheting">{{cite web\|url=https://whispersystems.org/blog/advanced-ratcheting/\|title=Advanced cryptographic ratcheting\|last=Marlinspike\|first=Moxie\|date=26 November 2013\|work=Signal Blog\|publisher=[[Open Whisper Systems]]\|access-date=23 September 2016\|archive-date=24 March 2017\|archive-url=https://web.archive.org/web/20170324070200/https://whispersystems.org/blog/advanced-ratcheting/\|url-status=live}}</ref> It brought about support for [[asynchronous communication]] ("offline messages") as its major new feature, as well as better resilience with distorted order of messages and simpler support for conversations with multiple participants.<ref>{{harvnb\|Unger\|Dechand\|Bonneau\|Fahl\|2015}}</ref> The Axolotl Ratchet was named after the critically endangered aquatic salamander [[Axolotl]], which has extraordinary self-healing capabilities. The developers refer to the algorithm as self-healing because it automatically disables an attacker from accessing the [[cleartext]] of later messages after having compromised a [[session key]].<ref name="advanced-ratcheting"/> Line 31 ⟶ 34: The protocol provides confidentiality, integrity, [[authenticated encryption\|authentication]], participant consistency, destination validation, [[forward secrecy]], post-compromise security (aka future secrecy), causality preservation, message unlinkability, [[Deniable authentication\|message repudiation]], participation repudiation, and asynchronicity.<ref name="Unger-2015-p239"/> It does not provide anonymity preservation and requires servers for the relaying of messages and storing of public key material.<ref name="Unger-2015-p239">{{harvnb\|Unger\|Dechand\|Bonneau\|Fahl\|2015\|p=239}}</ref> The Signal Protocol also supports end-to-end encrypted group chats. The group chat protocol is a combination of a pairwise [[Double Ratchet Algorithm\|double ratchet]] and [[multicast encryption]].<ref name="Unger-2015-p239"/> In addition to the properties provided by the one-to-one protocol, the group chat protocol provides speaker consistency, out-of-order resilience, dropped message resilience, computational equality, trust equality, subgroup messaging, as well as contractible and expandable membership.<ref name="Unger-2015-p239"/> === Authentication === Line 42 ⟶ 45: ==Usage== Open Whisper Systems first introduced the protocol in application ''[[TextSecure]]''. They later merged an encrypted voice call application named ''[[RedPhone]]'' into TextSecure and renamed it [[Signal (messaging app)\|''Signal'']]. Open Whisper Systems first introduced the protocol in their [[TextSecure]] app. They later merged an encrypted voice calling application called [[RedPhone]] into the TextSecure app and renamed it as [[Signal (software)\|Signal]]. RedPhone used [[ZRTP]] to encrypt its calls. In March 2017, Signal transitioned to a new [[WebRTC]]-based<ref name="signal-video-calls-beta"/> calling system that also introduced the ability to make video calls.<ref name="signal-video-calls">{{cite web\|url=https://whispersystems.org/blog/signal-video-calls/\|title=Video calls for Signal out of beta\|last1=Marlinspike\|first1=Moxie\|date=13 March 2017\|website=Signal Blog\|publisher=[[Open Whisper Systems]]\|access-date=7 April 2017\|archive-date=15 March 2017\|archive-url=https://web.archive.org/web/20170315175109/https://whispersystems.org/blog/signal-video-calls/\|url-status=live}}</ref> Signal's new calling system uses the Signal Protocol for end-to-end encryption.<ref name="signal-video-calls-beta">{{cite web\|url=https://whispersystems.org/blog/signal-video-calls-beta/\|title=Video calls for Signal now in public beta\|last1=Marlinspike\|first1=Moxie\|date=14 February 2017\|website=Signal Blog\|publisher=[[Open Whisper Systems]]\|access-date=7 April 2017\|archive-date=15 March 2017\|archive-url=https://web.archive.org/web/20170315184106/https://whispersystems.org/blog/signal-video-calls-beta//\|url-status=live}}</ref> In November 2014, Open Whisper Systems announced a partnership with [[WhatsApp]] to provide end-to-end encryption by incorporating the Signal Protocol into each WhatsApp client platform.<ref name="techcrunch1">{{cite web\|url=https://techcrunch.com/2014/11/18/end-to-end-for-everyone/\|title=WhatsApp Partners With Open Whisper Systems To End-To-End Encrypt Billions Of Messages A Day\|last=Evans\|first=Jon\|date=18 November 2014\|website=[[TechCrunch]]\|access-date=14 March 2016\|archive-date=18 November 2014\|archive-url=https://web.archive.org/web/20141118220338/http://techcrunch.com/2014/11/18/end-to-end-for-everyone/\|url-status=live}}</ref> Open Whisper Systems said that they had already incorporated the protocol into the latest WhatsApp client for [[Android (operating system)\|Android]] and that support for other clients, group/media messages, and key verification would be coming soon after.<ref name="whatsapp">{{cite web\|url=https://whispersystems.org/blog/whatsapp/\|title=Open Whisper Systems partners with WhatsApp to provide end-to-end encryption\|last=Marlinspike\|first=Moxie\|author-link=Moxie Marlinspike\|date=18 November 2014\|publisher=Open Whisper Systems\|access-date=14 March 2016\|archive-date=18 November 2014\|archive-url=https://web.archive.org/web/20141118161936/https://www.whispersystems.org/blog/whatsapp/\|url-status=live}}</ref> On April 5, 2016, WhatsApp and Open Whisper Systems announced that they had finished adding end-to-end encryption to "every form of communication" on WhatsApp, and that users could now verify each other's keys.<ref name="Metz-2016-04-05">{{cite ~~journal~~magazine\|url=https://www.wired.com/2016/04/forget-apple-vs-fbi-whatsapp-just-switched-encryption-billion-people/\|title=Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People\|last1=Metz\|first1=Cade\|date=5 April 2016\|~~journal~~magazine=[[Wired (magazine)\|Wired]]\|access-date=5 April 2016\|archive-date=5 April 2016\|archive-url=https://web.archive.org/web/20160405164942/http://www.wired.com/2016/04/forget-apple-vs-fbi-whatsapp-just-switched-encryption-billion-people/\|url-status=live}}</ref><ref>{{cite web\|url=https://techcrunch.com/2016/04/05/whatsapp-completes-end-to-end-encryption-rollout/\|title=WhatsApp completes end-to-end encryption rollout\|last1=Lomas\|first1=Natasha\|date=5 April 2016\|website=[[TechCrunch]]\|access-date=5 April 2016\|archive-date=6 April 2016\|archive-url=https://web.archive.org/web/20160406010346/http://techcrunch.com/2016/04/05/whatsapp-completes-end-to-end-encryption-rollout/\|url-status=live}}</ref> In February 2017, WhatsApp announced a new feature, WhatsApp Status, which uses the Signal Protocol to secure its contents.<ref>{{Cite web\|url=https://blog.whatsapp.com/10000630/WhatsApp-Status\|title=WhatsApp Status\|date=20 February 2017\|website=WhatsApp\|publisher=Facebook\|access-date=23 February 2017\|archive-date=23 February 2017\|archive-url=https://web.archive.org/web/20170223061647/http://blog.whatsapp.com/10000630/WhatsApp-Status\|url-status=live}}</ref> In October 2016, WhatsApp's parent company [[Facebook]] also deployed an optional mode called Secret Conversations in [[Facebook Messenger]] which provides end-to-end encryption using an implementation of the Signal Protocol.<ref>{{cite web\|url=https://www.nytimes.com/2016/07/09/technology/facebook-messenger-app-encryption.html\|title=Facebook to Add 'Secret Conversations' to Messenger App\|last1=Isaac\|first1=Mike\|date=8 July 2016\|website=[[The New York Times]]\|access-date=12 July 2016\|archive-date=12 July 2016\|archive-url=https://web.archive.org/web/20160712043038/http://www.nytimes.com/2016/07/09/technology/facebook-messenger-app-encryption.html\|url-status=live}}</ref><ref>{{cite web\|title=Messenger Starts Testing End-to-End Encryption with Secret Conversations\|url=https://newsroom.fb.com/news/2016/07/messenger-starts-testing-end-to-end-encryption-with-secret-conversations/\|publisher=Facebook\|access-date=11 January 2018\|date=8 July 2016\|archive-date=12 January 2018\|archive-url=https://web.archive.org/web/20180112214633/https://newsroom.fb.com/news/2016/07/messenger-starts-testing-end-to-end-encryption-with-secret-conversations/\|url-status=live}}</ref><ref>{{cite ~~journal~~magazine\|url=https://www.wired.com/2016/07/secret-conversations-end-end-encryption-facebook-messenger-arrived/\|title='Secret Conversations:' End-to-End Encryption Comes to Facebook Messenger\|last1=Greenberg\|first1=Andy\|date=8 July 2016\|~~journal~~magazine=[[Wired (magazine)\|Wired]]\|access-date=12 July 2016\|archive-date=11 July 2016\|archive-url=https://web.archive.org/web/20160711073318/https://www.wired.com/2016/07/secret-conversations-end-end-encryption-facebook-messenger-arrived/\|url-status=live}}</ref><ref name="Greenberg-2016-10-05">{{cite ~~journal~~magazine\|url=https://www.wired.com/2016/10/facebook-completely-encrypted-messenger-update-now/\|title=You Can All Finally Encrypt Facebook Messenger, So Do It\|last1=Greenberg\|first1=Andy\|date=4 October 2016\|~~journal~~magazine=[[Wired (magazine)\|Wired]]\|access-date=5 October 2016\|archive-date=15 April 2017\|archive-url=https://web.archive.org/web/20170415004558/https://www.wired.com/2016/10/facebook-completely-encrypted-messenger-update-now\|url-status=live}}</ref> In September 2015, [[G Data CyberDefense\|G Data Software]] launched a new messaging app called Secure Chat which used the Signal Protocol.<ref name="G Data">{{cite web\|url=https://www.infosecurity-magazine.com/news/g-data-adds-encryption-for-secure/\|title=G DATA Adds Encryption for Secure Mobile Chat\|last=Seals\|first=Tara\|date=17 September 2015\|work=Infosecurity Magazine\|access-date=14 July 2016\|archive-date=22 July 2016\|archive-url=https://web.archive.org/web/20160722065627/http://www.infosecurity-magazine.com/news/g-data-adds-encryption-for-secure/\|url-status=live}}</ref><ref>{{cite web\|url=https://github.com/GDATASoftwareAG/SecureChat\|title=SecureChat\|publisher=G Data\|via=[[GitHub]]\|access-date=14 July 2016\|archive-date=7 May 2017\|archive-url=https://web.archive.org/web/20170507135213/https://github.com/GDATASoftwareAG/SecureChat\|url-status=live}}</ref> G Data discontinued the service in May 2018.<ref>{{cite web \|title=G DATA Secure Chat wird eingestellt \|url=https://www.gdata.de/support/faq/consumer/g-data-secure-chat-wird-eingestellt \|publisher=G DATA Software AG. \|access-date=26 April 2019 \|language=de \|date=18 May 2018 \|archive-date=26 April 2019 \|archive-url=https://web.archive.org/web/20190426093244/https://www.gdata.de/support/faq/consumer/g-data-secure-chat-wird-eingestellt \|url-status=live }}</ref> In September 2016, [[Google]] launched a new messaging app called [[Google Allo\|Allo]], which featured an optional Incognito Mode that used the Signal Protocol for end-to-end encryption.<ref name="Greenberg-2016-05-18">{{Cite ~~journal~~magazine\|url=https://www.wired.com/2016/05/allo-duo-google-finally-encrypts-conversations-end-end/\|title=With Allo and Duo, Google Finally Encrypts Conversations End-to-End\|last=Greenberg\|first=Andy\|date=18 May 2016\|~~journal~~magazine=[[Wired (magazine)\|Wired]]\|access-date=18 May 2016\|archive-date=2 February 2017\|archive-url=https://web.archive.org/web/20170202161556/https://www.wired.com/2016/05/allo-duo-google-finally-encrypts-conversations-end-end/\|url-status=live}}</ref><ref name="Gibbs-2016-9-21">{{cite web\|url=https://www.theguardian.com/technology/2016/sep/21/google-whatsapp-allo-google-assistant\|title=Google launches WhatsApp competitor Allo – with Google Assistant\|last1=Gibbs\|first1=Samuel\|date=21 September 2016\|website=[[The Guardian]]\|access-date=21 September 2016\|archive-date=7 January 2019\|archive-url=https://web.archive.org/web/20190107054254/https://www.theguardian.com/technology/2016/sep/21/google-whatsapp-allo-google-assistant\|url-status=live}}</ref> In March 2019, Google discontinued Allo in favor of their [[~~Messages~~Google ~~(Google)\|~~Messages]] app on Android.<ref>{{cite web \|last1=Porter \|first1=Jon \|title=Google is finally saying goodbye to Allo today \|url=https://www.theverge.com/2019/3/12/18261932/google-allo-messaging-app-shutting-down-march-12th-2019 \|website=The Verge \|publisher=Vox Media \|access-date=26 April 2019 \|date=12 March 2019 \|archive-date=12 March 2019 \|archive-url=https://web.archive.org/web/20190312221640/https://www.theverge.com/2019/3/12/18261932/google-allo-messaging-app-shutting-down-march-12th-2019 \|url-status=live }}</ref><ref>{{cite web \|last1=Klainer \|first1=Matt \|title=The latest on Messages, Allo, Duo and Hangouts \|url=https://www.blog.google/products/messages/latest-messages-allo-duo-and-hangouts/ \|access-date=26 April 2019 \|date=5 December 2018 \|archive-date=13 April 2019 \|archive-url=https://web.archive.org/web/20190413210055/https://www.blog.google/products/messages/latest-messages-allo-duo-and-hangouts/ \|url-status=live }}</ref> In November 2020, Google announced that they would be using the Signal Protocol to provide end-to-end encryption by default to all [[Rich Communication Services\|RCS]]-based conversations between users of their [[~~Messages (~~Google)\| Messages]] app, starting with one-to-one conversations.<ref name=":0">{{cite web \|last1=Bohn \|first1=Dieter \|title=Google is rolling out end-to-end encryption for RCS in Android Messages beta \|url=https://www.theverge.com/platform/amp/2020/11/19/21574451/android-rcs-encryption-message-end-to-end-beta \|website=The Verge \|publisher=Vox Media, Inc. \|access-date=28 November 2020 \|date=19 November 2020}}</ref><ref>{{cite web \|last1=Omara \|first1=Emad \|title=Messages End-to-End Encryption Overview \|url=https://www.gstatic.com/messages/papers/messages_e2ee.pdf \|website=gstatic.com \|publisher=Google \|access-date=28 November 2020 ~~\|format=PDF~~ \|date=November 2020}}</ref> In January 2018, Open Whisper Systems and [[Microsoft]] announced the addition of Signal Protocol support to an optional [[Skype]] mode called Private Conversations.<ref name="Newman-2018-1-11">{{cite ~~journal~~magazine\|url=https://www.wired.com/story/skype-end-to-end-encryption-voice-text/\|title=Skype's Rolling Out End-to-End Encryption For Hundreds of Millions of People\|last1=Newman\|first1=Lily Hay\|date=11 January 2018\|~~journal~~magazine=[[Wired (magazine)\|Wired]]\|access-date=13 January 2018\|archive-date=12 January 2018\|archive-url=https://web.archive.org/web/20180112215711/https://www.wired.com/story/skype-end-to-end-encryption-voice-text/\|url-status=live}}</ref><ref name="Lund-2018-1-11">{{cite web\|url=https://signal.org/blog/skype-partnership/\|title=Signal partners with Microsoft to bring end-to-end encryption to Skype\|last1=Lund\|first1=Joshua\|date=11 January 2018\|website=Signal Blog\|publisher=Open Whisper Systems\|access-date=13 January 2018\|archive-date=2 February 2020\|archive-url=https://web.archive.org/web/20200202152037/https://signal.org/blog/skype-partnership/\|url-status=live}}</ref> ==Influence== The Signal Protocol has had an influence on other cryptographic protocols. In May 2016, [[Viber]] said that their encryption protocol is a custom implementation that "uses the same concepts" as the Signal Protocol.<ref>{{cite web\|title=Viber Encryption Overview\|archive-url=https://web.archive.org/web/20160711035838/http://www.viber.com/en/security-overview\|url=https://www.viber.com/en/security-overview\|publisher=Viber\|date=3 May 2016\|archive-date=11 July 2016\|access-date=8 July 2017}}</ref><ref>{{cite web\|last1=Eyal\|first1=Ofir\|title=Canada, Germany and Australia are getting e2e encryption\|url=https://www.viber.com/en/blog/2016-05-03/canada-germany-and-australia-are-getting-e2e-encryption\|publisher=Viber\|access-date=9 October 2016\|date=3 May 2016\|archive-date=5 October 2016\|archive-url=https://web.archive.org/web/20161005083000/http://www.viber.com/en/blog/2016-05-03/canada-germany-and-australia-are-getting-e2e-encryption\|url-status=live}}</ref> Forsta's developers have said that their app uses a custom implementation of the Signal Protocol.<ref>{{Cite web\|author=u/tooker\|url=https://www.reddit.com/r/crypto/comments/8b1m6n/forsta_signal_based_messaging_platform_for/\|title=r/crypto - Forsta - Signal based messaging platform for enterprises\|website=reddit\|date=9 April 2018 \|language=en\|access-date=2019-02-06\|archive-date=2 May 2018\|archive-url=https://web.archive.org/web/20180502045526/https://www.reddit.com/r/crypto/comments/8b1m6n/forsta_signal_based_messaging_platform_for/\|url-status=live}}</ref><ref>{{Cite web\|url=https://github.com/ForstaLabs/libsignal-node\|title=ForstaLabs/libsignal-node\|publisher=Forsta Inc.\|website=GitHub\|language=en\|access-date=2019-02-06\|date=2019-02-03\|archive-date=13 June 2018\|archive-url=https://web.archive.org/web/20180613054634/https://github.com/ForstaLabs/libsignal-node\|url-status=live}}</ref>{{third-party inline\|date=February 2019}} The [[Double Ratchet ~~algorithm~~Algorithm]] that was introduced as part of the Signal Protocol has also been adopted by other protocols. [[OMEMO]] is an XMPP Extension Protocol (XEP) that was introduced in the [[Conversations (software)\|Conversations]] messaging app and approved by the [[XMPP Standards Foundation]] (XSF) in December 2016 as XEP-0384.<ref name="OMEMO-XEP">{{cite web \| author=Andreas Straub \| title=XEP-0384: OMEMO Encryption \| url=https://xmpp.org/extensions/xep-0384.html \| date=7 December 2016 \| access-date=28 April 2017 \| work=XMPP Standards Foundation website \| archive-date=25 February 2017 \| archive-url=https://web.archive.org/web/20170225060620/https://xmpp.org/extensions/xep-0384.html \| url-status=live }}</ref><ref name="Ermoshina-2016"/> [[Matrix (communication protocol)\|Matrix]] is an open communications protocol that includes Olm, a library that provides ~~for~~ optional end-to-end encryption on a room-by-room basis via a Double Ratchet ~~algorithm~~Algorithm implementation.<ref name="Ermoshina-2016"/> The developers of [[Wire (software)\|Wire]] have said that their app uses a custom implementation of the Double Ratchet ~~algorithm~~Algorithm.<ref name="proteus-attribution">{{cite web\|title=Add attribution\|url=https://github.com/wireapp/proteus/blob/develop/src/internal/session.rs#L2\|website=GitHub\|publisher=Wire Swiss GmbH\|date=9 May 2016\|access-date=9 October 2016\|archive-date=7 May 2017\|archive-url=https://web.archive.org/web/20170507135204/https://github.com/wireapp/proteus/blob/develop/src/internal/session.rs#L2\|url-status=live}}</ref><ref name="Wire Security Whitepaper">{{Cite web\|url=https://wire-docs.wire.com/download/Wire+Security+Whitepaper.pdf\|title=Wire Security Whitepaper\|publisher=Wire Swiss GmbH\|date=3 March 2016\|access-date=7 February 2019\|archive-date=10 September 2018\|archive-url=https://web.archive.org/web/20180910220210/https://wire-docs.wire.com/download/Wire+Security+Whitepaper.pdf\|url-status=live}}</ref><ref>{{cite web \|last1=Lomas \|first1=Natasha \|title=Encrypted messaging app Wire adds usernames so you can limit what you share with contacts \|url=https://techcrunch.com/2016/12/16/encrypted-messaging-app-wire-adds-usernames-so-you-can-limit-what-you-share-with-contacts/ \|website=TechCrunch \|publisher=Verizon Media \|access-date=8 February 2019 \|date=16 December 2016 \|archive-date=9 February 2019 \|archive-url=https://web.archive.org/web/20190209180036/https://techcrunch.com/2016/12/16/encrypted-messaging-app-wire-adds-usernames-so-you-can-limit-what-you-share-with-contacts/ \|url-status=live }}</ref> [[Messaging Layer Security]], an [[Internet Engineering Task Force\|IETF]] proposal, uses ''Asynchronous ratcheting trees'' to efficiently improve upon security guarantees over Signal's ''Double Ratchet''.<ref>{{Cite web \|title=The Messaging Layer Security (MLS) Protocol \|archive-url=https://archive.today/20210606070115/https://datatracker.ietf.org/doc/draft-ietf-mls-protocol/ \|archive-date=6 June 2021 \|url=https://datatracker.ietf.org/doc/draft-ietf-mls-protocol/ \|date=22 Dec 2020 \|last1=Barnes \|first1=Richard \|last2=Beurdouche \|first2=Benjamin \|last3=Millican \|first3=Jon \|last4=Omara \|first4=Emad \|first5=Katriel \|last5=Cohn-Gordon \|first6=Raphael \|last6=Robert \|publisher=IETF}}</ref> ==Implementations== Signal Messenger maintains ~~the~~a ~~following~~[https://github.com/signalapp/libsignal reference implementation] of the Signal Protocol [[Library (computing)\|~~libraries~~library]] written in [[Rust_(programming_language)\|Rust]] under the [[~~GPLv3~~GNU Affero General Public License\|AGPLv3]] license on [[GitHub]]:. There are bindings to Swift, Java, TypeScript, C, and other languages that use the reference Rust implementation. [https://github.com/signalapp/libsignal-protocol-c libsignal-protocol-c]: A library written in [[C (programming language)\|C]] with additional licensing permissions for Apple's [[App Store (iOS)\|App Store]].▼ Signal maintained the following deprecated libraries: ▲[https://github.com/signalapp/libsignal-protocol-c libsignal-protocol-c]: A library written in [[C (programming language)\|C]] with additional licensing permissions for Apple's [[App Store (~~iOS~~Apple)\|App Store]]. [https://github.com/signalapp/libsignal-protocol-java libsignal-protocol-java]: A library written in [[Java (programming language)\|Java]]. [https://github.com/signalapp/libsignal-protocol-javascript libsignal-protocol-javascript]: A library written in [[JavaScript]]. There also exist alternative libraries written by third-parties in other languages, such as [[TypeScript]].<ref>{{cite web \|title=libsignal-protocol-typescript \|url=https://github.com/privacyresearchgroup/libsignal-protocol-typescript~~\|title=libsignal-protocol-typescript\|author=Privacy~~ ~~Research, LLC\|website=github.com~~\|access-date=28 November 2020 \|website=github.com}}</ref> ==See also== Line 74 ⟶ 80: ==Literature== {{Refbegin\|30em}} * {{cite journal\|last1=Cohn-Gordon\|first1=Katriel\|last2=Cremers\|first2=Cas\|last3=Dowling\|first3=Benjamin\|last4=Garratt\|first4=Luke\|last5=Stebila\|first5=Douglas\|title=A Formal Security Analysis of the Signal Messaging Protocol\|url=https://eprint.iacr.org/2016/1013\|website=Cryptology ePrint Archive\|publisher=International Association for Cryptologic Research (IACR)\|date=25 October 2016~~\|ref={{harvid\|Cohn-Gordon\|Cremers\|Dowling\|Garratt\|2016}}~~\|access-date=27 October 2016\|archive-date=28 December 2016\|archive-url=https://web.archive.org/web/20161228222451/http://eprint.iacr.org/2016/1013\|url-status=live}} * {{cite conference\|last1=Ermoshina\|first1=Ksenia\|last2=Musiani\|first2=Francesca\|last3=Halpin\|first3=Harry\|title=Internet Science\|editor=Bagnoli, Franco \|display-editors=etal \|pages=244–254\|~~title~~chapter=End-to-End Encrypted Messaging Protocols: An Overview\|series=Lecture Notes in Computer Science\|book-title=Internet Science \|publisher=Springer \|location=Florence, Italy \|conference=INSCI 2016 \|doi=10.1007/978-3-319-45982-0_22 \|isbn=978-3-319-45982-0 \|date=September 2016 \|~~ref~~volume=~~{{harvid\|Ermoshina\|Musiani\|Halpin\|2016}}~~ 9934}} * {{Cite conference\|last1=Frosch \|first1=Tilman \|last2=Mainka \|first2=Christian \|last3=Bader \|first3=Christoph \|last4=Bergsma \|first4=Florian \|last5=Schwenk \|first5=Jörg \|last6=Holz \|first6=Thorsten \|title=2016 IEEE European Symposium on Security and Privacy (EuroS&P) \|chapter=How Secure is TextSecure? \|conference=2016 IEEE European Symposium on Security and Privacy (EuroS&P) \|publisher= IEEE \|location=Saarbrücken, Germany \|date=March 2016 \|pages=457–472 \|doi= 10.1109/EuroSP.2016.41 \|isbn= 978-1-5090-1752-2 \|~~ref~~citeseerx=~~{{harvid\|Frosch\|Mainka\|Bader\|Bergsma\|2016}}~~10.1.1.689.6003 }} * {{Cite conference\|last1=Rottermanner\|first1=Christoph\|last2=Kieseberg\|first2=Peter\|last3=Huber\|first3=Markus\|last4=Schmiedecker\|first4=Martin\|last5=Schrittwieser\|first5=Sebastian\|title=Privacy and Data Protection in Smartphone Messengers\|url=https://www.sba-research.org/wp-content/uploads/publications/paper_drafthp.pdf\|conference=Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services (iiWAS2015)\|publisher=ACM International Conference Proceedings Series\|isbn=978-1-4503-3491-4\|date=December 2015~~\|ref={{harvid\|Rottermanner\|Kieseberg\|Huber\|Schmiedecker\|2015}}~~\|access-date=25 September 2016\|archive-date=27 March 2016\|archive-url=https://web.archive.org/web/20160327011416/https://www.sba-research.org/wp-content/uploads/publications/paper_drafthp.pdf\|url-status=live}} * {{cite conference \|first1=Nik \|last1=Unger \|first2=Sergej \|last2=Dechand \|first3=Joseph \|last3=Bonneau \|first4=Sascha \|last4=Fahl \|first5=Henning \|last5=Perl \|first6=Ian Avrum \|last6=Goldberg \|first7=Matthew \|last7=Smith \|title=2015 IEEE Symposium on Security and Privacy \|chapter=SoK: Secure Messaging \|publisher=IEEE Computer Society's Technical Committee on Security and Privacy \|conference=Proceedings of the 2015 IEEE Symposium on Security and Privacy \|year=2015 \|pages=232–249 \|doi=10.1109/SP.2015.22 \|isbn=978-1-4673-6949-7 \|chapter-url=http://ieee-security.org/TC/SP2015/papers-archived/6949a232.pdf ~~\|ref={{harvid\|Unger\|Dechand\|Bonneau\|Fahl\|2015}}~~ \|access-date=23 September 2016 \|archive-date=4 March 2016 \|archive-url=https://web.archive.org/web/20160304002758/http://ieee-security.org/TC/SP2015/papers-archived/6949a232.pdf \|url-status=live }} * {{cite conference\|last1=Rösler\|first1=Paul\|last2=Mainka\|first2=Christian\|last3=Schwenk\|first3=Jörg\|date=2017\|title=More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema\|url=https://eprint.iacr.org/2017/713\|website=Cryptology ePrint Archive\|publisher=International Association for Cryptologic Research (IACR)\|access-date=26 June 2019\|archive-date=3 February 2019\|archive-url=https://web.archive.org/web/20190203132148/https://eprint.iacr.org/2017/713\|url-status=live}} {{Refend}} ==External links== ~~{{Commons category\|Signal Messenger}}~~ * {{Official}} * [https://www.youtube.com/watch?v=7WnwSovjYMs "TextSecure Protocol: Present and Future"], talk by Trevor Perrin at NorthSec 2015 (video) Line 89 ⟶ 94: {{Cryptography navbox \| public-key}} {{Cryptographic software}} {{Instant messaging}} [[Category:Application layer protocols]] [[Category:Cryptographic protocols]] [[Category:End-to-end encryption]]