SIGNAL PROTOCOL Rohan Shaji THE SILENT WAR
Cypherpunks Government (eavesdroppers) WHAT DID THE GOVERNMENT THINK OF THEM?
Ø Cypherpunks - dangerous (compared to weapons) Ø ultimate control ⟹ no control Ø Clipper chip. PRETTY GOOD PRIVACY
Jsjhdkojfg4 kewjawlae 65465awe wor8786
sdhksfhdg5 4654sfdg PRETTY GOOD PRIVACY
Eve sucks Eve eats poop
Saw her do it once PGP DRAWBACKS
Ø lacks future/ forward secrecy Ø lacks deniability Ø complicated setup and usage WHAT DO WE NEED?
Ø limited damage from key compromise Ø opinionated defaults Ø opportunistic, transparent encryption Ø mobile oriented, multi-device, modern world AXOLOTL
Ø Asynchronous (mobile devices) Ø Multi - device functionality Ø Forward and future secrecy Ø Deniability SIGNAL PROTOCOL
Ø Formerly known as TextSecure Protocol. Ø provides end to end encryption for voice calls, video calls and instant messaging conversations. Ø Developed by Open Whisper systems. Ø Introduced first as Text Secure application and now known as Signal. Ø WhatsApp, Facebook Messenger, Google Allo and Microsoft Skype all have started using Signal Protocol for encryption. Ø Double Ratchet Algorithm (key management) + triple Diffie – Hellman (3-DH) handshake (key agreement protocol) + Curve22519, HMAC-SHA256 and AES256 (primitives) DOUBLE RATCHET ALGORITHM
Ø Key Management algorithm. Ø A combination of symmetric key ratchet and Diffie – Hellman ratchet. Ø It is used by two parties to exchange encrypted messages based on a shared secret key. Ø The parties have a key agreement protocol to agree on the shared secret key. Ø The parties derive new keys for every Double Ratchet message so that earlier keys cannot be calculated by from older ones. KDF CHAINS SYMMETRIC KEY RATCHET DIFFIE – HELLMAN RATCHET (DR) DIFFIE – HELLMAN RATCHET (DR) DIFFIE – HELLMAN RATCHET (DR) DIFFIE – HELLMAN RATCHET (DR) – SENDING CHAIN / RECEIVING CHAINS DIFFIE – HELLMAN WITH KDF DOUBLE RATCHET DOUBLE RATCHET SIGNAL PRIVATE MESSENGER, HOW IS IT DIFFERENT TO WHATSAPP?
Ø Both use Signal protocol for end to end encryption. Ø WhatsApp uses Signal as a part of security but the rest of the application is still WhatsApp, so it’s obvious that WhatsApp is still collecting information about it’s users. Ø WhatsApp backs up data, which means people hand over data automatically to third party applications. Ø People share their contact list with WhatsApp. Even if you avoid sharing, you must be present on someone else’s list and WhatsApp can put the puzzle together. Ø My verdict – Signal is better. ANY QUESTIONS? Thankyou!