The Signal Protocol (formerly known as the TextSecure Protocol) is a non-federated cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations. The protocol was developed by Open Whisper Systems in 2013 and was introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide" or Google who provides end-to-end encryption by default to all RCS-based conversations between users of their Google Messages app for one-to-one conversations. Facebook Messenger also say they offer the protocol for optional "Secret Conversations", as did Skype for its "Private Conversations".

The protocol combines the Double Ratchet Algorithm, prekeys (i.e., one-time ephemeral public keys that have been uploaded in advance to a central server), and key agreement protocols including the original triple elliptic-curve Diffie–Hellman (3-DH) handshake and the post-quantum PQXDH protocol. Current Signal specifications model message encryption as authenticated encryption with associated data (AEAD), with recommended constructions including SIV-style AEAD schemes or a composition of AES-256 in CBC mode with HMAC.

The development of the Signal Protocol was started by Trevor Perrin and Moxie Marlinspike (Open Whisper Systems) in 2013. The first version of the protocol, TextSecure v1, was based on Off-the-record messaging (OTR).

On 24 February 2014, Open Whisper Systems introduced TextSecure v2, which migrated to the Axolotl Ratchet. The design of the Axolotl Ratchet is based on the ephemeral key exchange that was introduced by OTR and combines it with a symmetric-key ratchet modeled after the Silent Circle Instant Message Protocol (SCIMP). It brought about support for asynchronous communication ("offline messages") as its major new feature, as well as better resilience with distorted order of messages and simpler support for conversations with multiple participants. The Axolotl Ratchet was named after the critically endangered aquatic salamander Axolotl, which has extraordinary self-healing capabilities. The developers refer to the algorithm as self-healing because it automatically disables an attacker from accessing the cleartext of later messages after having compromised a session key.

The third version of the protocol, TextSecure v3, made some changes to the cryptographic primitives and the wire protocol. In October 2014, researchers from Ruhr University Bochum published an analysis of TextSecure v3. Among other findings, they presented an unknown key-share attack on the protocol, but in general, they found that it was secure.

In March 2016, the developers renamed the protocol to Signal Protocol. They also renamed the Axolotl Ratchet to the Double Ratchet algorithm to better differentiate between the ratchet and the full protocol because some had used the name Axolotl when referring to the full protocol.

As of October 2016^[update], the Signal Protocol is based on TextSecure v3, but with additional cryptographic changes. In October 2016, researchers from the UK's University of Oxford, Australia's Queensland University of Technology, and Canada's McMaster University published a formal analysis of the protocol, concluding that the protocol was cryptographically sound.

Another audit of the protocol was published in 2017.