ACE Seminar: Post-compromise Security and the Signal Protocol

Speaker: Katriel Cohn-Gordon

Date/Time: 09-Mar-2017, 16:00 UTC

Venue: Gordon Street(25)
Room 505



Signal is a new messaging protocol with end-to-end encryption, recently adopted by WhatsApp, Facebook Messenger and Google Allo among many others. The first two of these have at least 1 billion active users. Signal claims various security properties, including forward secrecy and KCI resistance, enabled by a novel technique called ratcheting in which session keys are updated with every message sent. We describe the first formal security analysis of Signal,

   (i) extracting from the implementation a formal description of the abstract protocol,
   (ii) defining a security model which can capture the "ratcheting" key update structure, and
   (iii) proving the security of Signal in our model.

One novel property which Signal admits is a form of post-compromise security (PCS). Protocols with PCS may prevent the adversary from impersonating an actor even after stealing their key, traditionally considered impossible.


Katriel Cohn-Gordon is a PhD student at the Oxford Cyber Security CDT. His research is on the security of the protocols that underlie modern communications, lately messaging protocols but also with interests in TLS and the associated public-key infrastructure. Before joining the CDT he studied mathematics at Cambridge, with a brief stint working in finance.

Add to Calendar

This page was last modified on 27 Mar 2014.