How Modern Secure Messaging Protocols Work

Encrypted messaging sounds simple: encrypt messages so only the recipient can read them. In practice, it’s a mess of protocols solving problems you didn’t know existed.

Here’s how it actually works.

The Basic Problem

Alice wants to send Bob a message. Easy with symmetric encryption: they share a key, Alice encrypts, Bob decrypts.

But how do they share the key? They’ve never met. They might never meet. And they want security even if their devices get compromised later.

Key Exchange

Diffie-Hellman lets two parties establish a shared secret over a public channel. Alice and Bob each generate keypairs. They exchange public keys. Mathematics produces the same shared secret on both sides.

An eavesdropper sees the public keys but can’t compute the shared secret. It’s not magic. It’s the discrete logarithm problem being hard.

Forward Secrecy

Basic DH has a problem. If someone records all your traffic and later gets your private key, they can decrypt everything retroactively.

Forward secrecy fixes this: use ephemeral keys for each session. After the session, delete the keys. Now there’s nothing to steal.

The Signal Protocol takes this further with the Double Ratchet. Every message uses a new key, derived from the previous one. Compromise one key, you can only read messages going forward, not backward.

The Double Ratchet

Two ratchets interlock:

  1. Symmetric ratchet: Each message derives a new key from the previous. Like a hash chain.
  2. Asymmetric ratchet: Periodically exchange new DH keys. This “heals” the session. After the exchange, even a compromised key is useless.

The result: message-level forward secrecy and post-compromise security.

Group Messaging

Everything gets harder with groups. You can’t do DH with 50 people efficiently.

The solution: a shared group key that encrypts messages, plus a mechanism to add and remove members.

MLS (Messaging Layer Security) is the new standard. It uses tree structures so adding or removing members is logarithmic, not linear.

Metadata

Encryption hides content. It doesn’t hide who’s talking to whom, when, or how often.

Signal minimizes metadata: sealed sender hides the sender from Signal’s servers. Messages are stored briefly in encrypted blobs. They genuinely don’t know much.

Matrix tries a different approach: federated servers, where you can run your own. The metadata exists but you control where.

The Trust Problem

All this assumes you’re talking to who you think you’re talking to. How do you know Bob’s public key is really Bob’s?

Signal uses safety numbers, a hash of both parties’ keys. Compare them in person or over a trusted channel. If they match, you’re secure.

It’s not perfect. Most people never verify. But the option exists.

What Actually Matters

For most people: use Signal or a protocol that copied it. Don’t roll your own. The mistakes are subtle and catastrophic.

For developers: understand the layers. Transport encryption (TLS) isn’t the same as end-to-end encryption. Encrypted at rest isn’t the same as encrypted in transit.

The threat model matters. Against your ISP? TLS is fine. Against the service provider? You need end-to-end. Against state actors? You need metadata protection too.

Match your tools to your threats.

← Back to all posts