LLMpediaThe first transparent, open encyclopedia generated by LLMs

Double Ratchet Algorithm

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: WhatsApp Hop 4
Expansion Funnel Raw 86 → Dedup 16 → NER 13 → Enqueued 13
1. Extracted86
2. After dedup16 (None)
3. After NER13 (None)
Rejected: 3 (not NE: 3)
4. Enqueued13 (None)
Double Ratchet Algorithm
Double Ratchet Algorithm
Public domain · source
NameDouble Ratchet Algorithm
DeveloperOpen Whisper Systems
Introduced2013
TypeCryptographic key agreement and ratchet
RelatedSignal Protocol, Off-the-Record Messaging, Transport Layer Security

Double Ratchet Algorithm The Double Ratchet Algorithm is a key management mechanism used in modern end-to-end encrypted messaging, designed to provide forward secrecy and post-compromise security. It evolved from research by Open Whisper Systems and builds on prior work in secure messaging such as Off-the-Record Messaging, Pretty Good Privacy, Signal Protocol, Transport Layer Security, and designs by researchers associated with Phil Zimmermann, Moxie Marlinspike, and Trevor Perrin. The algorithm has been influential in messaging systems deployed by organizations like WhatsApp, Signal (software), Facebook Messenger, and adopted in standards discussed at Internet Engineering Task Force meetings.

Overview

The Double Ratchet Algorithm combines ideas from the Diffie–Hellman key exchange tradition exemplified by Whitfield Diffie and Martin Hellman with symmetric-key ratcheting inspired by Merkle and later work associated with Ronald Rivest, Adi Shamir, and Leonard Adleman. It addresses threats considered in literature from conferences such as USENIX Security Symposium, IEEE Symposium on Security and Privacy, and ACM Conference on Computer and Communications Security. Designers referenced practical deployments like Google Talk transitions and academic protocols such as Axolotl Ratchet and standards discussions at the IETF SecDir community.

Cryptographic Components

The algorithm uses asymmetric primitives often instantiated with curves like Curve25519 and secp256k1, hash functions such as SHA-256 and SHA-512, and symmetric primitives like AES and HMAC. The Diffie–Hellman operations derive shared secrets via algorithms associated with Elliptic-curve cryptography pioneers including Daniel J. Bernstein and works referenced by Tanja Lange. Key derivation functions are based on constructs like HKDF designed by researchers at Internet Engineering Task Force and guided by cryptographers including Hugo Krawczyk. Message authentication leverages MAC schemes with heritage from Bell Labs cryptography and proposals discussed by Ronald Rivest and colleagues. The design draws on formal models from the Canetti–Krawczyk framework and analysis techniques presented by Ran Canetti and Divya Gupta.

Protocol Operation

Operation alternates between a Diffie–Hellman ratchet and a symmetric-key ratchet. Parties perform periodic asymmetric handshakes informed by deployments at Open Whisper Systems and academic protocols evaluated at NDSS events, then derive chain keys via HKDF similar to constructions used in IKEv2 and Signal Protocol. Message keys are produced using symmetric-key derivation chains modeled after constructions used by John Gilmore and discussed in work by Matt Green. The protocol handles out-of-order delivery patterns encountered in services like Apple iMessage and XMPP deployments, leveraging techniques utilized by Matrix (protocol) and servers such as Ejabberd. Session setup and rekeying mirror practices from Secure Shell and handshake patterns seen in Noise Protocol Framework specifications authored by Trevor Perrin and collaborators.

Security Properties and Analysis

The algorithm provides forward secrecy and post-compromise security examined in proofs following methodologies by Borisov and Dolev as seen in foundational work like the Dolev–Yao model. Formal security analyses have been undertaken in venues such as CRYPTO and Eurocrypt and by researchers affiliated with CWI and Microsoft Research. Threat models reference adversaries discussed in NSA disclosures and academic treatments at Black Hat briefings. Security properties include deniability influenced by concepts from Off-the-Record Messaging and unlinkability discussed in papers from Privacy Enhancing Technologies Symposium. Analyses often cite comparisons to protocols like IKEv2 and MLS (Messaging Layer Security), and assessments by institutions like Electronic Frontier Foundation.

Implementations and Use Cases

Implementations appear in client software and libraries produced by projects such as Signal (software), libsignal-protocol-java, libsignal-protocol-c, and vendor integrations like WhatsApp. Enterprise and open-source systems incorporating the algorithm include Matrix (protocol), Wire (software), and research prototypes from universities like MIT and Stanford University. Use cases extend to secure messaging in platforms exemplified by Telegram Messenger integrations discussions, secure IoT communications in projects at IBM Research, and secure collaboration tools evaluated in deployments by GitHub and Mozilla. Libraries are used across platforms supported by ecosystems including Android (operating system), iOS, Linux, and Windows.

Limitations and Attacks

Limitations include dependence on correct implementation of primitives like Curve25519 and correct state management, issues highlighted in audits by organizations such as Krebs on Security reports and security firms like Cure53 and Trail of Bits. Attacks exploit metadata leakage analyzed in studies by Open Technology Fund grantees and research at University of Cambridge and University of Oxford. Known practical attacks target replay, state desynchronization, and side channels reported in papers presented at USENIX and ACM CCS. Mitigations borrow approaches from countermeasures in Transport Layer Security and protocol hardening recommended by standards bodies like IETF and security advisories from CERT Coordination Center.

Category:Cryptographic protocols