Double Ratchet

A cryptographic key management algorithm that provides end-to-end encryption with automatic, per-message re-keying for forward secrecy and post-compromise security.

The Double Ratchet algorithm, developed by Trevor Perrin and Moxie Marlinspike in 2013, is the backbone of the Signal Protocol and secures communications for over 2 billion users on platforms like WhatsApp and Facebook Messenger. It functions by nesting two distinct cryptographic processes: a symmetric-key ratchet based on a Key Derivation Function (KDF) and an asymmetric ratchet utilizing Diffie-Hellman (DH) exchanges. This dual-layered approach ensures that every message uses a unique, short-lived session key. If an attacker compromises a specific key, they cannot calculate previous keys (forward secrecy) or predict future ones (post-compromise security), as the DH ratchet constantly injects new entropy into the system to 'heal' the connection.

https://signal.org/docs/specifications/doubleratchet/