Signal Messenger
Table of Contents
- Do you know Signal Messenger?
- Could you explain the end-to-end encryption protocol?
- But this means it'll take more space to store all the keys on each device, doesn't it?
- The device will store the decrypted version of messages, or the encrypted?
- Does this mean if I lost my device, all of my old messages would be gone forever?
- You mentioned Telegram storing messages on their servers. Are those messages encrypted on their servers? If those messages are encrypted, where do they store the key to decrypt?
Do you know Signal Messenger?
Yes, I'm familiar with Signal Messenger. It's an encrypted messaging app focused on privacy and security. Signal is known for its end-to-end encryption protocol (the Signal Protocol) which is also used by other messaging services. The app allows users to send text messages, voice messages, make voice and video calls, share files, and create group chats, all with strong privacy protections.
The app was created by Moxie Marlinspike and Brian Acton (who was also a co-founder of WhatsApp), and it's operated by the Signal Foundation, a non-profit organization. Signal stands out for its commitment to privacy - it doesn't collect user data or metadata, and its code is open source so it can be independently verified.
Would you like to know more about any specific aspect of Signal?
Could you explain the end-to-end encryption protocol?
I'll explain the Signal Protocol's end-to-end encryption in understandable terms.
The Signal Protocol uses a concept called the "Double Ratchet Algorithm" which works like this:
- Initial Key Exchange
- When two users want to chat, their devices first exchange public keys
- They create a shared secret key that only these two devices know
- This happens without either user needing to do anything
- Message Encryption
- For each message, a new unique encryption key is generated
- The message is encrypted with this key on the sender's device
- Only the recipient's device has the ability to decrypt it
- Even Signal's servers can't read the messages
- Forward Secrecy
- The protocol regularly rotates keys as messages are sent
- If someone manages to steal a key, they can't decrypt previous messages
- Each message uses different keys, like constantly changing locks and keys
- This is where the "ratchet" name comes from - like a ratchet tool, it only moves forward
- Session Management
- If a device is offline, the protocol ensures messages can still be delivered securely once it reconnects
- Multiple devices (like phone and desktop) can be linked while maintaining security
The brilliance of the Signal Protocol is that all this complexity happens automatically - users just see a normal messaging interface while getting extremely strong security guarantees.
What's particularly impressive is that this protocol has been so well-designed that it's been adopted by other major messaging apps like WhatsApp and Google's RCS messaging.
But this means it'll take more space to store all the keys on each device, doesn't it?
Actually, the Signal Protocol is quite efficient with storage space. Rather than storing every individual key, it uses a clever mathematical system to generate new keys:
- Key Generation
- Instead of storing all keys, devices store a small "root key"
- New keys are mathematically derived from this root key using "ratchet" operations
- Each step in the ratchet creates the next key using cryptographic hash functions
- Previous keys can be deleted since they can't be used to decrypt future messages
- Storage Requirements
- The actual storage needed is quite minimal - just a few kilobytes per conversation
- The root key and current ratchet state are all that needs to be stored
- Old keys can be safely deleted after messages are decrypted
- This means the storage requirement stays constant, not growing with message count
This is one of the elegant aspects of the Double Ratchet design - it provides forward secrecy and security while being very efficient with device resources. The mathematical operations to generate new keys are also computationally lightweight, so it doesn't drain battery life either.
The device will store the decrypted version of messages, or the encrypted?
The messages are stored on the device in an encrypted form, but not with the same encryption used during transmission. Here's how it works:
- Message Storage
- When messages arrive, they're decrypted from the transmission encryption
- They're then re-encrypted with a different key that's specific to your device
- This local encryption key is derived from your Signal PIN or biometrics
- Why This Approach?
- It lets you read old messages without keeping all the transmission keys
- The device-specific encryption protects messages if someone gets physical access to your phone
- It allows for efficient search through messages while maintaining security
- It enables backup/restore functionality while keeping messages secure
This is why if you lose your Signal PIN or need to reinstall Signal, you can't recover old messages - they're encrypted with keys that were specific to your device setup. It's also why Signal Desktop can only show messages received after it was linked, not your full message history.
Does this mean if I lost my device, all of my old messages would be gone forever?
Yes, if you lose your device and haven't manually backed up your messages, they will be gone forever. This is actually a deliberate security feature of Signal:
- Regular Signal Backups
- Signal for Android can create backups (iOS currently doesn't support this)
- These backups must be manually enabled - they're off by default
- The backups themselves are encrypted with a 30-digit passphrase
- You need to save this passphrase somewhere safe to restore the backup
- Cloud Storage
- Unlike WhatsApp or Telegram, Signal doesn't store messages on their servers
- There's no cloud backup option by design
- Even if someone hacks Signal's servers, they can't get your message history
- The tradeoff is that you can lose messages if you lose your device
- Transferring to New Device
- You can transfer your message history to a new device directly from your old one
- This requires both devices to be physically present and working
- The transfer happens locally over WiFi, not through Signal's servers
This "feature" of potential message loss is part of Signal's security-first philosophy - they prioritize ensuring messages can't be compromised over convenience of recovery. For many users, especially those dealing with sensitive information, this is actually preferable to having messages potentially accessible through cloud storage.
You mentioned Telegram storing messages on their servers. Are those messages encrypted on their servers? If those messages are encrypted, where do they store the key to decrypt?
Let me break down Telegram's approach to message storage and encryption:
- Regular Chats
- Messages are stored on Telegram's servers
- They use client-server encryption (messages are encrypted in transit)
- However, on the servers, messages are stored in a way that Telegram can access them
- Telegram holds the keys to decrypt these messages
- This enables features like: message sync across all devices, cloud storage, message search
- Secret Chats
- These are different - they use end-to-end encryption
- Messages are only stored on the participating devices
- Telegram servers can't decrypt these messages
- However, secret chats don't support multi-device access
- They also don't backup to the cloud
So while Telegram claims to be secure, their regular chats are less private than Signal because:
- Telegram could potentially read your messages
- Government agencies could compel Telegram to turn over messages
- If Telegram's servers are compromised, your messages could be exposed
This is why privacy advocates often recommend Signal over Telegram for sensitive communications. Telegram prioritizes features and convenience over maximum privacy, while Signal prioritizes privacy above all else.