What advantage does Signal protocol have over basic public key encryption?

Sun Jan 31 12:50:04 PST 2021

On 1/29/21, David Barrett <dbarrett at expensify.com> wrote:
> Wow, these are (mostly) great responses, and exactly what I was looking
> for.  Thank you!  To call out a couple responses:
>
> 6, the ratchet protocol produces a hash of previous messages that provides
>> for detection of dropped data, among many other things.  pgp does not do
>> this.
>
>
> It feels like there are easier ways to detect dropped/tampered message,
> such as with an a simple accumulated hash of all past messages (or even a
> CBC mode).  We do this with https://bedrockdb.com/blockchain.html and it
> works great.  However, I get your point that the double ratchet provides
> other benefits beyond just forward secrecy.

There's a lot of value to using a protocol that is normalised and
standardised and widely used in some way.  It has many eyes looking at
it and thinking about bugs and such.  But yeah.

And yeah, the ratchet protocol accomplishes more than just that.

> Decryption of destroyed messages is a big thing that signal deters.
>> Journalists can get seriously physically injured when that happens.
>
>
> Yes, I agree, it seems that forward secrecy is both 1) very valuable, 2)
> very hard to do, and 3) Signal's primary design goal.

I see Signal's primary design goal as being easy to use, public,
audited private communications, for everybody.

It would make sense to contribute or work with a project like Signal
rather than making a new messenger, to continue to try to get
communications more secure, with more eyes looking at problems, making
things easy to use, and getting people to use them, etc.  A messenger
only works if the people you want to talk to use it.

> Re Signal and Javascript, Signal offers its code in a signed binary, and
>> offers the source to that binary for anybody to build and check.
>
> Signal offers source, but given that it's distributing binaries via app
> stores, there's really no way to guarantee that the binary matches that
> source code.  Open source is great (Expensify.cash is as well), but still
> requires that you trust the party giving you the binaries.

I don't see your argument here.  The only reasonable way to sell
something on an app store is to distribute a binary.  Meanwhile with
the source available, people can build their own clients, and share
them via other channels.

I visited expensify.cash but didn't notice an obvious link to the
source code.  It can be hard for me to see things, though.

> They [Signal] have an automated system that gives their donated money to
>> people who contribute improvements.
>
>
> Wait really?  I'm not really finding that mentioned anywhere; can you link
> me to this?  The FAQ doesn't really mention it, but it seems like this
> would be front and center:
> https://support.signal.org/hc/en-us/articles/360007319831-How-can-I-contribute-to-Signal-

It looks like the autopayment system broke in 2017 and nobody fixed
it: https://github.com/signalapp/Signal-Android/commit/258910504cc2fcc57b8868cb0ea210b21086d314#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5
.  Sorry for the outdated information.

I post during psychotic breaks, so some of what I say may not be quite right.

Thank you so much for your open source work.  Please work with
existing open source projects when you can both benefit from the work,
so the community can grow.