SIGNAL PROTOCOL Rohan Shaji the SILENT WAR

Home , Double Ratchet Algorithm, Open Whisper Systems, Pretty Good Privacy, Signal Protocol, TextSecure

SIGNAL PROTOCOL Rohan Shaji THE SILENT WAR

Cypherpunks Government (eavesdroppers) WHAT DID THE GOVERNMENT THINK OF THEM?

Ø Cypherpunks - dangerous (compared to weapons) Ø ultimate control ⟹ no control Ø Clipper chip. PRETTY GOOD PRIVACY

Jsjhdkojfg4 kewjawlae 65465awe wor8786

sdhksfhdg5 4654sfdg PRETTY GOOD PRIVACY

Eve sucks Eve eats poop

Saw her do it once PGP DRAWBACKS

Ø lacks future/ forward secrecy Ø lacks deniability Ø complicated setup and usage WHAT DO WE NEED?

Ø limited damage from key compromise Ø opinionated defaults Ø opportunistic, transparent encryption Ø mobile oriented, multi-device, modern world AXOLOTL

Ø Asynchronous (mobile devices) Ø Multi - device functionality Ø Forward and future secrecy Ø Deniability SIGNAL PROTOCOL

Ø Formerly known as TextSecure Protocol. Ø provides end to end encryption for voice calls, video calls and instant messaging conversations. Ø Developed by Open Whisper systems. Ø Introduced first as Text Secure application and now known as Signal. Ø WhatsApp, Facebook Messenger, Google Allo and Microsoft Skype all have started using Signal Protocol for encryption. Ø Double Ratchet Algorithm (key management) + triple Diffie – Hellman (3-DH) handshake (key agreement protocol) + Curve22519, HMAC-SHA256 and AES256 (primitives) DOUBLE RATCHET ALGORITHM

Ø Key Management algorithm. Ø A combination of symmetric key ratchet and Diffie – Hellman ratchet. Ø It is used by two parties to exchange encrypted messages based on a shared secret key. Ø The parties have a key agreement protocol to agree on the shared secret key. Ø The parties derive new keys for every Double Ratchet message so that earlier keys cannot be calculated by from older ones. KDF CHAINS SYMMETRIC KEY RATCHET DIFFIE – HELLMAN RATCHET (DR) DIFFIE – HELLMAN RATCHET (DR) DIFFIE – HELLMAN RATCHET (DR) DIFFIE – HELLMAN RATCHET (DR) – SENDING CHAIN / RECEIVING CHAINS DIFFIE – HELLMAN WITH KDF DOUBLE RATCHET DOUBLE RATCHET SIGNAL PRIVATE MESSENGER, HOW IS IT DIFFERENT TO WHATSAPP?

Ø Both use Signal protocol for end to end encryption. Ø WhatsApp uses Signal as a part of security but the rest of the application is still WhatsApp, so it’s obvious that WhatsApp is still collecting information about it’s users. Ø WhatsApp backs up data, which means people hand over data automatically to third party applications. Ø People share their contact list with WhatsApp. Even if you avoid sharing, you must be present on someone else’s list and WhatsApp can put the puzzle together. Ø My verdict – Signal is better. ANY QUESTIONS? Thankyou!