[Cryptography] Signal double-ratchet vs. future breaks in ECC?

Natanael natanael.l at gmail.com
Tue Jul 31 16:45:44 EDT 2018

Den tis 31 juli 2018 20:47Nemo <nemo at self-evident.org> skrev:

> This is very informal, and I am not sure whether it would hold up
> formally or even practically (e.g. does Signal ever fall back to a
> completely fresh key agreement)

When the Signal app rekeys, it does a key exchange and then hashes together
that new key material with the most recent ratchet state.

When you add a completely new device (or reinstall the app), it will
however rekey from scratch from that new install.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180731/4f7a2b0f/attachment.html>

More information about the cryptography mailing list