double ratchet
also: Double Ratchet Algorithm, DR
A cryptographic algorithm that combines forward secrecy and break-in recovery by using two ratcheting mechanisms—a Diffie-Hellman ratchet for key agreement and a KDF (Key Derivation Function) ratchet for message key derivation. It ensures that compromising current keys doesn't expose past messages.
The Double Ratchet algorithm is a core cryptographic primitive used in end-to-end encrypted messaging systems like Signal and WhatsApp. It maintains two independent "ratchets" that advance with each message or key exchange, ensuring strong forward secrecy (past messages remain safe even if current keys leak) and break-in recovery (the system rapidly re-establishes security after a compromise).
The Diffie-Hellman ratchet runs less frequently and updates the shared secret between two parties through ephemeral key exchanges. The KDF ratchet runs on every message, deriving fresh message keys from the shared secret without modifying it. This two-layer approach means that even if an attacker steals today's message key, they cannot decrypt yesterday's messages or future ones.
Example: Alice and Bob exchange messages using the Double Ratchet. Each message Alice sends uses a key derived by the KDF ratchet from their shared secret. Periodically, they perform a Diffie-Hellman exchange to update the shared secret itself. If an attacker steals Alice's device today, they can only read messages from this point forward—not historical ones, because the attacker cannot reverse the ratcheting process.