Hubbry Logo
Signal ProtocolSignal ProtocolMain
Open search
Signal Protocol
Community hub
Signal Protocol
logo
8 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Contribute something
Signal Protocol
Signal Protocol
Signal Protocol
View on Wikipedia
from Wikipedia

Signal Protocol
Communication protocol
Signal Protocol full double ratchet step
PurposeEnd-to-end encrypted communications
Developer(s)Signal Foundation
Based onOTR, SCIMP[1]
InfluencedOMEMO, Matrix[2]
OSI layerApplication layer
Websitesignal.org/docs

The Signal Protocol (formerly known as the TextSecure Protocol) is a non-federated cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations.[2] The protocol was developed by Open Whisper Systems in 2013[2] and was introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide"[3] or Google who provides end-to-end encryption by default to all RCS-based conversations between users of their Google Messages app for one-to-one conversations.[4] Facebook Messenger also say they offer the protocol for optional "Secret Conversations", as did Skype for its "Private Conversations".

The protocol combines the Double Ratchet Algorithm, prekeys (i.e., one-time ephemeral public keys that have been uploaded in advance to a central server), and a triple elliptic-curve Diffie–Hellman (3-DH) handshake,[5] and uses Curve25519, AES-256, and HMAC-SHA256 as primitives.[6]

History

[edit]

The development of the Signal Protocol was started by Trevor Perrin and Moxie Marlinspike (Open Whisper Systems) in 2013. The first version of the protocol, TextSecure v1, was based on Off-the-record messaging (OTR).[7][8]

On 24 February 2014, Open Whisper Systems introduced TextSecure v2,[9] which migrated to the Axolotl Ratchet.[7][10] The design of the Axolotl Ratchet is based on the ephemeral key exchange that was introduced by OTR and combines it with a symmetric-key ratchet modeled after the Silent Circle Instant Message Protocol (SCIMP).[1] It brought about support for asynchronous communication ("offline messages") as its major new feature, as well as better resilience with distorted order of messages and simpler support for conversations with multiple participants.[11] The Axolotl Ratchet was named after the critically endangered aquatic salamander Axolotl, which has extraordinary self-healing capabilities. The developers refer to the algorithm as self-healing because it automatically disables an attacker from accessing the cleartext of later messages after having compromised a session key.[1]

The third version of the protocol, TextSecure v3, made some changes to the cryptographic primitives and the wire protocol.[7] In October 2014, researchers from Ruhr University Bochum published an analysis of TextSecure v3.[6][7] Among other findings, they presented an unknown key-share attack on the protocol, but in general, they found that it was secure.[12]

In March 2016, the developers renamed the protocol to Signal Protocol. They also renamed the Axolotl Ratchet to the Double Ratchet algorithm to better differentiate between the ratchet and the full protocol[13] because some had used the name Axolotl when referring to the full protocol.[14][13]

As of October 2016, the Signal Protocol is based on TextSecure v3, but with additional cryptographic changes.[7] In October 2016, researchers from the UK's University of Oxford, Australia's Queensland University of Technology, and Canada's McMaster University published a formal analysis of the protocol, concluding that the protocol was cryptographically sound.[15][16]

Another audit of the protocol was published in 2017.[17]

Properties

[edit]

The protocol provides confidentiality, integrity, authentication, participant consistency, destination validation, forward secrecy, post-compromise security (aka future secrecy), causality preservation, message unlinkability, message repudiation, participation repudiation, and asynchronicity.[18] It does not provide anonymity preservation and requires servers for the relaying of messages and storing of public key material.[18]

The Signal Protocol also supports end-to-end encrypted group chats. The group chat protocol is a combination of a pairwise double ratchet and multicast encryption.[18] In addition to the properties provided by the one-to-one protocol, the group chat protocol provides speaker consistency, out-of-order resilience, dropped message resilience, computational equality, trust equality, subgroup messaging, as well as contractible and expandable membership.[18]

Authentication

[edit]

For authentication, users can manually compare public key fingerprints through an outside channel.[19] This makes it possible for users to verify each other's identities and avoid a man-in-the-middle attack.[19] An implementation can also choose to employ a trust on first use mechanism in order to notify users if a correspondent's key changes.[19]

Metadata

[edit]

The Signal Protocol does not prevent a company from retaining information about when and with whom users communicate.[20][21] There can therefore be differences in how messaging service providers choose to handle this information. Signal's privacy policy states that recipients' identifiers are only kept on the Signal servers as long as necessary in order to transmit each message.[22] In June 2016, Moxie Marlinspike told The Intercept: "the closest piece of information to metadata that the Signal server stores is the last time each user connected to the server, and the precision of this information is reduced to the day, rather than the hour, minute, and second."[21]

In October 2018, Signal Messenger announced that they had implemented a "sealed sender" feature into Signal, which reduces the amount of metadata that the Signal servers have access to by concealing the sender's identifier.[23][24] The sender's identity is conveyed to the recipient in each message, but is encrypted with a key that the server does not have.[24] This is done automatically if the sender is in the recipient's contacts or has access to their Signal Profile.[24] Users can also enable an option to receive "sealed sender" messages from non-contacts and people who do not have access to their Signal Profile.[24] A contemporaneous wiretap of the user's device and/or the Signal servers may still reveal that the device's IP address accessed a Signal server to send or receive messages at certain times.[23]

Usage

[edit]

Open Whisper Systems first introduced the protocol in application TextSecure. They later merged an encrypted voice call application named RedPhone into TextSecure and renamed it Signal.

In November 2014, Open Whisper Systems announced a partnership with WhatsApp to provide end-to-end encryption by incorporating the Signal Protocol into each WhatsApp client platform.[25] Open Whisper Systems said that they had already incorporated the protocol into the latest WhatsApp client for Android and that support for other clients, group/media messages, and key verification would be coming soon after.[26] On April 5, 2016, WhatsApp and Open Whisper Systems announced that they had finished adding end-to-end encryption to "every form of communication" on WhatsApp, and that users could now verify each other's keys.[27][28] In February 2017, WhatsApp announced a new feature, WhatsApp Status, which uses the Signal Protocol to secure its contents.[29] In October 2016, WhatsApp's parent company Facebook also deployed an optional mode called Secret Conversations in Facebook Messenger which provides end-to-end encryption using an implementation of the Signal Protocol.[30][31][32][33]

In September 2015, G Data Software launched a new messaging app called Secure Chat which used the Signal Protocol.[34][35] G Data discontinued the service in May 2018.[36]

In September 2016, Google launched a new messaging app called Allo, which featured an optional "incognito mode" that used the Signal Protocol for end-to-end encryption.[37][38] In March 2019, Google discontinued Allo in favor of their Google Messages app on Android.[39][40] In November 2020, Google announced that they would be using the Signal Protocol to provide end-to-end encryption by default to all RCS-based conversations between users of their Google Messages app, starting with one-to-one conversations.[4][41]

In January 2018, Open Whisper Systems and Microsoft announced the addition of Signal Protocol support to an optional Skype mode called Private Conversations.[42][43]

Influence

[edit]

The Signal Protocol has had an influence on other cryptographic protocols. In May 2016, Viber said that their encryption protocol is a custom implementation that "uses the same concepts" as the Signal Protocol.[44][45] Forsta's developers have said that their app uses a custom implementation of the Signal Protocol.[46][47][independent source needed]

The Double Ratchet Algorithm that was introduced as part of the Signal Protocol has also been adopted by other protocols. OMEMO is an XMPP Extension Protocol (XEP) that was introduced in the Conversations messaging app and approved by the XMPP Standards Foundation (XSF) in December 2016 as XEP-0384.[48][2] Matrix is an open communications protocol that includes Olm, a library that provides optional end-to-end encryption on a room-by-room basis via a Double Ratchet Algorithm implementation.[2] The developers of Wire have said that their app uses a custom implementation of the Double Ratchet Algorithm.[49][50][51]

Messaging Layer Security, an IETF proposal, uses Asynchronous ratcheting trees to efficiently improve upon security guarantees over Signal's Double Ratchet.[52]

Implementations

[edit]

Signal Messenger maintains a reference implementation of the Signal Protocol library written in Rust under the AGPLv3 license on GitHub. There are bindings to Swift, Java, TypeScript, C, and other languages that use the reference Rust implementation.

Signal previously maintained the following deprecated libraries:

There are also alternative libraries written by third-parties in other languages, such as TypeScript.[53]

See also

[edit]

References

[edit]

Literature

[edit]
  • Cohn-Gordon, Katriel; Cremers, Cas; Dowling, Benjamin; Garratt, Luke; Stebila, Douglas (25 October 2016). "A Formal Security Analysis of the Signal Messaging Protocol". Cryptology ePrint Archive. International Association for Cryptologic Research (IACR). Archived from the original on 28 December 2016. Retrieved 27 October 2016.
  • Ermoshina, Ksenia; Musiani, Francesca; Halpin, Harry (September 2016). "Internet Science". In Bagnoli, Franco; et al. (eds.). Internet Science. INSCI 2016. Lecture Notes in Computer Science. Vol. 9934. Florence, Italy: Springer. pp. 244–254. doi:10.1007/978-3-319-45982-0_22. ISBN 978-3-319-45982-0.
  • Frosch, Tilman; Mainka, Christian; Bader, Christoph; Bergsma, Florian; Schwenk, Jörg; Holz, Thorsten (March 2016). "How Secure is TextSecure?". 2016 IEEE European Symposium on Security and Privacy (EuroS&P). Saarbrücken, Germany: IEEE. pp. 457–472. CiteSeerX 10.1.1.689.6003. doi:10.1109/EuroSP.2016.41. ISBN 978-1-5090-1752-2.
  • Rottermanner, Christoph; Kieseberg, Peter; Huber, Markus; Schmiedecker, Martin; Schrittwieser, Sebastian (December 2015). Privacy and Data Protection in Smartphone Messengers (PDF). Proceedings of the 17th International Conference on Information Integration and Web-based Applications & Services (iiWAS2015). ACM International Conference Proceedings Series. ISBN 978-1-4503-3491-4. Archived (PDF) from the original on 27 March 2016. Retrieved 25 September 2016.
  • Unger, Nik; Dechand, Sergej; Bonneau, Joseph; Fahl, Sascha; Perl, Henning; Goldberg, Ian Avrum; Smith, Matthew (2015). "SoK: Secure Messaging" (PDF). 2015 IEEE Symposium on Security and Privacy. Proceedings of the 2015 IEEE Symposium on Security and Privacy. IEEE Computer Society's Technical Committee on Security and Privacy. pp. 232–249. doi:10.1109/SP.2015.22. ISBN 978-1-4673-6949-7. Archived (PDF) from the original on 4 March 2016. Retrieved 23 September 2016.
  • Rösler, Paul; Mainka, Christian; Schwenk, Jörg (2017). More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema. Cryptology ePrint Archive. International Association for Cryptologic Research (IACR). Archived from the original on 3 February 2019. Retrieved 26 June 2019.
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Signal Protocol

View on Grokipedia
from Grokipedia
The Signal Protocol is an open-source cryptographic framework designed to provide for , voice, and video calls, ensuring that only the intended recipients can access message contents while protecting against interception, metadata leakage, and key compromise. Developed initially in 2013 by cryptographers and Trevor Perrin under (now the ), the protocol combines several innovative mechanisms to achieve strong security properties, including —where past messages remain secure even if long-term keys are compromised—and post-compromise security, which allows recovery from key exposures through ongoing key updates. Its core innovations stem from the integration of the X3DH key agreement protocol for initial secure handshakes using public keys and the for symmetric key ratcheting during message exchanges, both leveraging like Curve25519 for efficiency and security. Since its open-sourcing, the Signal Protocol has been widely adopted as the gold standard for secure messaging, powering end-to-end encryption in over a billion users' daily communications across platforms including WhatsApp (fully integrated by 2016), Facebook Messenger, Google Messages via RCS, Skype, and Wire. In response to emerging threats from quantum computing, recent enhancements like the PQXDH key agreement (introduced in 2023) and post-quantum ratchets (2025) incorporate lattice-based cryptography to maintain resistance against future attacks without significantly increasing computational overhead. These updates underscore the protocol's ongoing evolution, supported by formal security analyses that verify its robustness against advanced adversaries.

Introduction

Overview

The Signal Protocol is an open-source suite designed for (E2EE) in applications, with a primary emphasis on securing asynchronous communications between users. It enables private, authenticated exchanges by ensuring that only the communicating parties can access message contents, even if the or intermediaries are compromised. Developed to address vulnerabilities in earlier messaging systems, the protocol has become a standard for secure digital communication. Released in 2013 by (now the ), the Signal Protocol emerged as a direct response to the prevalence of insecure messaging apps that lacked robust . Its open-source nature allows for independent verification and widespread adoption, powering E2EE in applications used by billions of users globally. At a high level, the protocol operates through an initial key agreement phase, where parties establish a , followed by the symmetric of subsequent messages using short-lived ephemeral keys to enhance security. Core components include the PQXDH (a post-quantum extension of X3DH) protocol for asynchronous key agreement, an enhanced incorporating the Sparse Post-Quantum Ratchet () for evolving keys over message exchanges, and for efficient key generation and exchange. Recent updates, including PQXDH in 2023 and in 2025, incorporate to address emerging quantum threats. These elements collectively provide benefits such as , where past messages remain secure even if long-term keys are later compromised, and post-compromise security to recover from key exposures.

Design Goals

The Signal Protocol was designed to provide robust (E2EE) for messaging applications, ensuring that only the communicating parties can access message contents while minimizing exposure of metadata such as communication patterns or participant identities. This approach limits the role of servers to and message relay without decryption capabilities, thereby reducing trust requirements and potential surveillance risks. Additionally, the protocol prioritizes support for asynchronous messaging, allowing users to send encrypted messages even when recipients are offline, which is essential for real-world mobile usage where devices may not maintain persistent connections. for resource-constrained mobile devices was a core objective, achieved through efficient cryptographic operations that avoid computationally intensive real-time negotiations. A key emphasis in the is cryptographic deniability, enabling participants to plausibly deny the origin or authenticity of without provable cryptographic , while also providing resistance to man-in-the-middle (MITM) attacks through authenticated key exchanges. Deniability is facilitated by structures like signed prekeys that allow forgery without compromising checks, ensuring no long-term signatures tie messages to specific authors. MITM resistance relies on multiple Diffie-Hellman computations during initial key agreement to verify identities and prevent unauthorized interceptions. These features collectively aim to protect against both passive and active adversaries, including those compromising long-term keys. Usability considerations drove the inclusion of automatic key management, where the protocol handles , distribution, and rotation seamlessly without user intervention, reducing the risk of misconfiguration in everyday use. The ratcheting mechanism briefly referenced here supports these secrecy goals by enabling incremental key updates per message, though its implementation details are covered elsewhere. The protocol builds on prior systems like Off-the-Record (OTR) Messaging, which introduced asymmetric for key freshness and deniability in synchronous sessions, and , its direct predecessor that combined OTR's concepts with symmetric key derivation to address limitations in for real-time chats. These influences helped evolve the design toward handling asynchronous, mobile-first scenarios while retaining core privacy primitives.

Development History

Origins

The Signal Protocol traces its origins to the efforts of security researcher and roboticist Stuart Anderson, who cofounded Whisper Systems in 2010 to develop mobile privacy tools. That year, the startup released , an Android app for end-to-end encrypted text messaging over , and RedPhone, a companion app providing encrypted voice calls using the ZRTP protocol. These early applications laid the groundwork for secure mobile communication, addressing vulnerabilities in standard and cellular voice networks. In 2011, Twitter acquired Whisper Systems, integrating into its team while releasing and RedPhone as under the GPLv3 license. This move democratized access to the tools but was short-lived, as Twitter discontinued active development. left the company in early 2013 to establish (OWS), a San Francisco-based non-profit dedicated to advancing privacy-focused software. OWS revived and expanded the original apps, with 's serving as the initial prototype for what would evolve into the Signal Protocol. This evolution built directly on RedPhone's voice foundations, adapting them for asynchronous messaging while incorporating advanced techniques. The protocol's development gained urgency amid Edward Snowden's June 2013 revelations of widespread U.S. government programs, which exposed the risks of unencrypted or intermediated communications in popular apps like Apple's . These disclosures underscored the need for robust that prevented even service providers from accessing message contents, inspiring OWS to formalize the TextSecure encryption into a reusable framework. By late 2013, and cryptographer Trevor Perrin had begun designing the core Signal Protocol at OWS, prioritizing and usability in response to these privacy threats. OWS marked a pivotal shift toward openness by publishing the full Signal Protocol specification in November 2016, to encourage widespread adoption and scrutiny. This documentation detailed key agreement, ratcheting, and session management, enabling integration into other platforms while maintaining cryptographic rigor. The non-profit structure ensured the protocol remained free from commercial pressures, aligning with its origins in grassroots privacy advocacy.

Key Milestones

In 2013, published the initial version of the Signal Protocol, establishing it as a foundational standard for in messaging applications. In 2014, the organization unified its messaging app and RedPhone voice calling app into a single Android application rebranded as Signal, marking the protocol's first integrated deployment. In November 2014, OWS announced a partnership with to integrate the protocol, with work commencing to provide . By 2016, the Signal Protocol received its first formal security audit, confirming its robustness and paving the way for broader specifications and analyses. That year, Open Whisper Systems released detailed protocol specifications, including the X3DH key agreement and Double Ratchet mechanisms, enabling verifiable implementations. Google adopted the protocol for optional end-to-end encryption in its Allo messaging app, announced on May 18, 2016, though Allo was later deprecated in 2019. From 2018 to 2020, the protocol expanded to support secure group messaging, with enhancements to handle dynamic membership and pairwise encryption for up to 1,000 participants, as detailed in a December 2019 system design paper. In 2020, Signal introduced end-to-end encrypted group video calls using a selectively forwarding unit architecture, supporting up to 50 participants and extending the protocol's to real-time media streams. These developments influenced the IETF's () protocol drafts, which built on Signal's asynchronous and concepts to improve for large groups, culminating in RFC 9420 in 2023. In 2018, transitioned to the nonprofit Signal Technology Foundation, funded by a $50 million endowment from co-founder , to ensure long-term sustainability and expand development without commercial pressures. Between 2021 and 2025, the protocol explored quantum resistance, with the PQXDH key agreement proposal released on September 19, 2023, combining and (CRYSTALS-Kyber) to protect against future quantum threats while maintaining . In October 2025, Signal introduced the Sparse Post-Quantum Ratchet (SPQR), enhancing the Double Ratchet with for improved post-quantum security. By 2025, the protocol saw widespread adoption in numerous applications beyond Signal, including , Facebook Messenger, and , securing communications for hundreds of millions of users globally.

Technical Architecture

Initial Key Agreement

The PQXDH (Post-Quantum Extended Triple Diffie-Hellman) protocol serves as the asynchronous key agreement mechanism in the Signal Protocol, extending the original X3DH design to provide post-quantum security while maintaining compatibility with classical . Introduced in 2023, PQXDH enables two parties to establish a key using a hybrid approach based on elliptic curves and lattice-based post-quantum primitives. It is designed for scenarios where one party, such as the recipient, may be offline, relying on a server to store and distribute pre-published public keys. PQXDH combines multiple Diffie-Hellman (DH) exchanges with a post-quantum (KEM) to achieve , , and deniability without requiring real-time interaction between the parties. The process begins with the recipient (Bob) generating and publishing a bundle of public keys to a server, including his long-term identity key (IK_B), a signed prekey (SPK_B) that is periodically rotated and signed by IK_B for , optionally a one-time prekey (OPK_B) for enhanced , and post-quantum counterparts: a signed post-quantum prekey (PQSPK_B) and optional one-time post-quantum prekey (PQOPK_B). The initiator (Alice) retrieves this bundle, generates her own pair (EK_A), and performs a post-quantum encapsulation using CRYSTALS-Kyber-1024 to produce a (SS), along with three (or four if OPK available) DH exchanges: an ephemeral-static DH between EK_A and SPK_B, a signed prekey-static DH between Alice's identity key (IK_A) and SPK_B, and a one-time prekey-static DH between EK_A and OPK_B if available, plus an optional DH with PQOPK_B. These outputs, including SS, are concatenated and processed through a (KDF), typically , to yield the final key (SK). The mathematical foundation relies on Diffie-Hellman over , where each DH operation computes a shared value as shared=DH(private,publicopponent)\text{shared} = \text{DH}(\text{private}, \text{public}_\text{opponent}), with the private key being the scalar and the public key the corresponding point on the curve; the KDF extracts and expands this into SK using application-specific info. This design offers key advantages, including support for offline key setup—allowing Alice to initiate a session without Bob's immediate presence—and implicit derived from the signed prekeys, eliminating the need for verification servers. The of post-quantum KEM ensures resistance to quantum attacks like harvest-now-decrypt-later without significantly increasing overhead. Upon completion, the resulting SK serves as the initial symmetric key for the , bootstrapping ongoing session encryption in the Signal Protocol.

Ratcheting Mechanism

The Double Ratchet algorithm forms the foundational core of the Signal Protocol's mechanism for advancing encryption keys during ongoing communications between two parties, building on an initial shared secret established through key agreement protocols such as PQXDH. Developed by Trevor Perrin and Moxie Marlinspike in 2013, it integrates a symmetric-key ratchet for sequential message encryption with a Diffie-Hellman (DH) ratchet for periodic asymmetric key rotations, ensuring that each message in a conversation uses a distinct encryption key. In October 2025, this was enhanced with the Sparse Post-Quantum Ratchet (SPQR), which adds a post-quantum component using Sparse Continuous Key Agreement (SCKA, e.g., ML-KEM Braid) to generate shared secrets at sparse epochs, providing quantum resistance while minimizing bandwidth in asynchronous settings. This dual (now triple) approach provides robust protection against key compromise by advancing keys in a one-way manner, where prior keys cannot be derived from subsequent ones. The symmetric-key ratchet operates by deriving message keys from a chain key in a linear, forward-only progression, preventing key reuse even if messages arrive out of order. For each outgoing message, a new message key is generated using the HMAC-based Key Derivation Function (HKDF), and the chain key is updated accordingly: \text{message_key}_i = \text{HKDF}(\text{chain_key}, \text{salt}_i) \text{chain_key}_{n+1} = \text{HKDF}(\text{chain_key}_n, \emptyset) Here, HKDF employs SHA-256 or SHA-512 as the underlying hash function, with the empty input for the chain key update ensuring irreversibility. Previous chain keys and message keys are deleted after use, enforcing forward secrecy within each ratchet step. This component handles the bulk of key derivations for efficiency in high-volume messaging. Complementing the symmetric ratchet, the DH ratchet introduces asymmetry by incorporating fresh ephemeral key pairs for periodic updates, typically triggered when one party sends a message with a new public key. The receiving party computes a DH output from its private key and the sender's new public key, then mixes this into the root key to derive a fresh chain key: (\text{root_key}', \text{chain_key}') = \text{HKDF}(\text{root_key}, \text{DH_output}) SPQR extends this by periodically advancing an SCKA ratchet to produce post-quantum shared secrets, which update the root and chain keys at defined epochs, resetting chains and ensuring post-quantum forward secrecy with controlled overhead. This process resets the symmetric ratchet chains on both sides, synchronizing them while discarding prior state to mitigate risks from long-term key exposure. Ephemeral keys are generated using elliptic curve cryptography (e.g., Curve25519), and public keys are exchanged in message headers to enable the ratchet advancement without requiring synchronous communication; SCKA public keys follow similar exchange for PQ updates. Overall, the enhanced Double Ratchet with guarantees that every message employs a unique key derived through these chained updates, rendering past messages secure even if an adversary compromises the current session state—provided the initial remains uncompromised. This mechanism supports asynchronous messaging by allowing skipped message keys for out-of-order deliveries, maintaining security without retransmissions.

Session Management

The session state in the Signal Protocol is managed locally through the algorithm, which organizes sessions for asynchronous messaging across multiple devices. Sesame structures this state using UserRecords for each correspondent's UserID, containing DeviceRecords that track active and inactive sessions per device. These records maintain critical components, including ratchet chains derived from the Double Ratchet mechanism, one-time prekeys, signed prekeys, and ephemeral message keys used for encrypting and decrypting communications. This local storage ensures that clients can persistently handle ongoing sessions without relying on constant server involvement for key material. Multi-device support is facilitated by the integration of signed prekeys and identity keys within 's framework, enabling seamless session resumption on newly linked devices. When a device joins a user's , it can fetch and validate the necessary prekey bundles from the server, allowing it to reconstruct or continue existing sessions without initiating a complete process for each pairwise connection. Identity keys, tied to the user or device level, provide during this linkage, while session states are synchronized across devices to maintain consistency in contexts. Resynchronization in the Signal Protocol addresses challenges from out-of-order or delayed messages by leveraging skipped message keys within the Sesame-managed states. When a message arrives on an inactive session—due to network issues or device offline periods—Sesame advances the Diffie-Hellman ratchet to generate the required keys, reactivating the session and decrypting the content without data loss. This mechanism ensures robustness in unreliable delivery scenarios, recovering skipped keys through controlled ratchet progression tied to the session's chain history. For group sessions, the protocol employs Sender Keys to enable efficient one-to-many message distribution, where a sender generates a chain key and distributes it pairwise to group members via individual secure channels, avoiding the overhead of full pairwise ratchets for every message. Each recipient stores the sender's key locally, allowing subsequent group messages from that sender to be decrypted using ratcheted message keys without redundant encryptions per recipient. This approach scales for larger groups by limiting key exchanges to join events and updates, such as when members leave. Session cleanup is handled automatically by to limit potential exposure from stored states, marking records as stale upon detection of deleted users or devices via server notifications. Old states are then purged after a maximum latency threshold—typically tied to message fetch intervals—ensuring that only relevant, recent session data persists locally and reducing the from device compromise.

Security Features

Forward

Forward secrecy in the Signal Protocol ensures that past communications remain secure even if an adversary compromises long-term private keys or the current session state at a later time. This property is realized through the use of ephemeral keys generated for each , which prevent the decryption of historical messages despite such compromises. The mechanism is primarily achieved via the Double Ratchet's one-way (KDF) chains, where keys advance in a manner that prohibits reversal to prior states. Once a chain key is derived and used to generate a key, advancing to the next chain key destroys the ability to reconstruct previous ones, as the KDF is designed to be irreversible. This integrates the symmetric-key ratchet for per-message uniqueness with Diffie-Hellman (DH) ratchet steps that inject fresh , ensuring that session roots update independently of past derivations. A sketches the proof of this under the assumption of secure DH exchanges: if an attacker obtains the root key at time tt, earlier message keys mkm_k for k<tk < t remain unlinkable and secure because they derive from independent, prior DH outputs that cannot be retroactively linked without breaking the DH assumption. This unlinkability holds due to the structure, which models sessions as a of stages where adversaries cannot correlate past ephemeral keys to the compromised present. In comparison to a single symmetric-key ratchet, which provides only within a but fails if a chain key is exposed (allowing derivation of subsequent but not prior keys), the Double Ratchet enhances unlinkability by incorporating periodic DH ratchet steps that introduce new, independent shared secrets, breaking potential chains of . A key limitation is that does not protect against compromise of an endpoint at the time a is sent or received, as the message key could be extracted before or after decryption in that instant.

Post-Compromise Security

Post-compromise security (PCS) in the Signal Protocol refers to the ability to derive new session keys from uncompromised material, thereby securing future messages even after a device or key compromise. This property ensures that ongoing conversations can recover security without necessarily discarding the entire session, provided that new is introduced through continued message exchanges. Unlike , which protects past communications from future compromises, PCS focuses on restoring and for subsequent interactions following a breach. The mechanism relies on the Double Ratchet Algorithm's asymmetric , where fresh Diffie-Hellman (DH) exchanges overwrite compromised symmetric key chains. Specifically, when a new DH ratchet step occurs, the new root key is derived as the output of the root key derivation function applied to the old root key and the new DH output: new RK, new CK=KDFRK(old RK,DH(DHs,DHr))\text{new RK, new CK} = \text{KDF}_\text{RK}(\text{old RK}, \text{DH}(\text{DH}_s, \text{DH}_r)) where KDFRK\text{KDF}_\text{RK} is based on , DHs\text{DH}_s is the sender's ratchet private key, and DHr\text{DH}_r is the receiver's ratchet public key. This process mixes fresh DH material into the and chain keys, enhancing resilience by advancing the symmetric-key ratchet and replacing potentially exposed states with uncompromised ones. The occurs in a ping-pong manner during message exchanges, ensuring that continued communication introduces sufficient new secrets to heal the session. Recovery from a involves detecting the breach and initiating recovery steps. For instance, a change in safety numbers, which are derived from the shared root key and identity keys, can signal a potential , prompting users to verify and potentially restart the session via a new X3DH-like key agreement. However, the protocol's PCS allows partial recovery without full rekeying through ongoing . The Double Ratchet includes heuristics for handling out-of-order or skipped messages, enabling the derivation of missed keys from uncompromised material up to a bounded storage limit, thus maintaining session continuity. This heuristics-based approach limits the while supporting efficient recovery in active conversations. The strength of PCS in Signal has been formally verified in a 2016 analysis using a multi-stage model, confirming security against key compromise under the Gap Diffie-Hellman assumption and model. The proof demonstrates that message keys remain indistinguishable from random even after compromise, as long as at least one key share per stage is uncompromised, with the adversary's advantage bounded negligibly. This verification highlights the protocol's robustness, distinguishing it from protocols lacking such recovery guarantees.

Authentication and Deniability

The Signal Protocol employs a decentralized authentication mechanism relying on public key fingerprints rather than a central certificate authority, enabling users to verify each other's identities out-of-band. Authentication is primarily achieved through safety numbers, which are 60-digit numeric representations (or equivalent QR codes) derived from a hash of the two parties' long-term identity public keys (IK_A and IK_B). This approach allows mutual verification without relying on trusted third parties, as the safety number uniquely identifies the shared secret established during key agreement. To perform verification, users compare safety numbers verbally, in person, or by scanning a QR code, which detects potential man-in-the-middle (MITM) attacks by revealing discrepancies in the public keys. If the numbers match, it confirms that no attacker has intercepted or altered the identity keys, providing implicit authentication tied to the X3DH key agreement protocol. The protocol's implementation supports implicit authentication through the X3DH handshake, where mutual authentication occurs via Diffie-Hellman (DH) computations incorporating identity keys and signed prekeys, without requiring explicit certificates. Prekeys are signed by the identity key (e.g., Sig(IK_B, Encode(SPK_B))), allowing the recipient to verify the sender's prekey authenticity during session initiation, but subsequent messages remain unsigned to preserve other security properties. This design ensures that authentication is bootstrapped from the initial , with the handling ongoing session keys without additional signing overhead. Deniability in the Signal Protocol manifests in two key forms: participant deniability, where a party can credibly deny having received or participated in a due to the absence of cryptographic proofs of , and insider deniability, which prevents outsiders from verifying message authorship because messages lack digital signatures. Participant deniability arises from the protocol's asynchronous nature and short-lived keys, making it impossible for a sender to produce a non-forgeable transcript proving without the recipient's . Insider deniability is facilitated by unsigned message payloads in the Double Ratchet, where even authenticated parties cannot generate verifiable proofs of origin, though optional prekey signatures provide limited traceability during setup. These properties align with the protocol's emphasis on , inherited from earlier systems like OTR but refined for .

Privacy Considerations

Metadata Protection

Metadata in encrypted communications refers to information such as the identities of communicating parties (who is messaging whom), the timing of messages (when), and the frequency of interactions, which exists separately from the encrypted content of the messages themselves. The Signal Protocol addresses metadata leakage primarily through its Sealed Sender feature, introduced in 2018, which conceals the sender's identity from the Signal servers. In this mechanism, messages are encrypted using one-time prekeys associated with the recipient, allowing the server to deliver the message to the intended recipient without knowing or storing the sender's identity; the server only observes "envelope" metadata, such as the recipient and basic delivery details. This hides the "who communicates with whom" aspect of metadata, reducing the social graph visibility that servers would otherwise have. Sealed Sender relies on prior authentication between parties for sender verification, ensuring recipients can confirm the message origin upon decryption. In group messaging, Signal's protocol enhances metadata privacy by hiding group membership from servers, with membership lists maintained exclusively on client devices. This prevents servers from accessing information about group compositions, differing from protocols like Messaging Layer Security (MLS), which may expose more metadata due to server-assisted scalability mechanisms. While Sealed Sender effectively obscures sender-recipient links, protections are implemented client-side, meaning the protocol itself does not prevent all server-side logging of other metadata elements. Signal servers retain limited data, including IP addresses used for account registration and the last connection, as well as timestamps for account creation and last connection activity, which can be disclosed under legal compulsion. These logs provide insights into user location approximations and activity patterns but do not include message contents or communication partners. Compared to standard TLS encryption, which exposes full metadata like sender-recipient pairs and traffic patterns to intermediaries, the Signal Protocol with Sealed Sender offers stronger protection against metadata collection by service providers. However, it does not achieve the network-level anonymity of systems like Tor, which routes traffic through multiple relays to obscure IP addresses and endpoints entirely.

Limitations and Trade-offs

The Signal Protocol's double ratchet mechanism, while providing strong and post-compromise security, incurs high computational costs due to the need for frequent key derivations and updates with each message exchange. This overhead becomes particularly pronounced in group messaging scenarios, where pairwise channels lead to linear scaling in communication and computation complexity as group size increases, limiting efficiency for very large groups. To mitigate this, the protocol employs Sender Keys, which allow a sender to establish a shared key via pairwise exchanges and then efficiently distribute messages to the group without per-recipient , improving scalability at the cost of slightly reduced forward secrecy granularity. The protocol remains susceptible to timing attacks in implementations that do not employ constant-time operations or adequate padding, particularly in its use of AES-256-CBC , where decryption timing could leak about contents or keys through side-channel observations. Additionally, as of November 2025, the core Signal Protocol provides hybrid post-quantum security through the PQXDH key agreement protocol, introduced in 2023, which incorporates using for initial handshakes alongside classical like ; however, full protection against quantum adversaries requires post-quantum enhancements to the mechanism, such as the Sparse Post-Quantum Ratchet (SPQR), announced in October 2025 and undergoing gradual deployment. Usability challenges arise from the protocol's design, where changes to safety numbers—used to verify communication integrity—require manual user verification, such as comparing numbers or scanning QR codes, to detect potential man-in-the-middle attacks, potentially disrupting seamless messaging if users overlook notifications. Furthermore, the protocol provides post-compromise security only for future messages after key recovery, offering no retroactive secrecy for previously exchanged sessions, meaning past communications remain exposed if long-term keys are compromised before detection. The protocol's security heavily depends on the continued strength of for Diffie-Hellman key exchanges, making it vulnerable to any breakthroughs in solving the problem on this curve. In high-volume usage scenarios, such as rapid initiation of multiple sessions, one-time prekeys can become exhausted, forcing fallback to the signed prekey and potentially degrading deniability or increasing server load if replenishment lags. Looking ahead, the Signal Protocol lacks native support for federated server architectures, relying instead on a centralized server model for and message relay, which heightens risks from single points of failure or targeted disruptions despite the of content.

Adoption and Implementations

Applications

The Signal Protocol was originally developed for the Signal Messenger app, which has utilized it since its rebranding in 2014 to secure (E2EE) , voice calls, and video communications across mobile and desktop platforms. This implementation ensures that only the communicating parties can access message contents, with the protocol handling key establishment and message encryption seamlessly in the app's core functionality. One of the most significant adoptions occurred with , which fully integrated the Signal Protocol in 2016 to enable E2EE for all user messages, calls, and media sharing by default. As of May 2025, WhatsApp reports over 3 billion monthly active users worldwide, making it the largest deployment of the protocol and securing billions of daily interactions indirectly through this platform. This rollout marked a pivotal shift, extending robust E2EE to a massive global audience previously reliant on less secure messaging standards. Facebook Messenger incorporated the Signal Protocol in 2016 for its "Secret Conversations" feature, allowing users to initiate opt-in E2EE chats for one-on-one text and media exchanges while supporting self-destructing messages. This feature, available across and Android, encrypts messages end-to-end using the protocol's double ratchet mechanism, ensuring for private discussions within the broader Messenger ecosystem. Wire, a secure collaboration app, implements the Signal Protocol's core via its proprietary protocol to provide E2EE for messages, calls, and file transfers in both personal and enterprise settings. This approach maintains the protocol's and deniability properties while integrating with Wire's federated architecture for team communications. Google Messages introduced partial support for the Signal Protocol in 2021 to deliver E2EE for (RCS) chats between compatible Android devices, enhancing security for advanced messaging features like high-quality media and read receipts. This implementation applies to one-on-one RCS conversations where both parties use the app, falling back to standard RCS or for broader compatibility, and represents an effort to upgrade default Android texting with protocol-grade protection. Clients built on the Matrix protocol, such as Element, draw directly from the Signal Protocol's innovations through their library, which implements a double ratchet for E2EE in one-to-one rooms, and Megolm for efficient group key distribution. This adaptation enables decentralized, federated messaging with , supporting text, voice, and video in open-source ecosystems while preserving the protocol's foundational security model. By 2025, these applications collectively secure communications for billions of users worldwide, with WhatsApp's scale underscoring the protocol's role in mainstream E2EE adoption across consumer and professional contexts.

Libraries and Protocols

The core implementation of the Signal Protocol is provided by libsignal, a platform-agnostic library maintained by the Signal Messenger organization. It exposes APIs in , , and , enabling integration into official Signal clients for Android, , and desktop platforms, as well as server-side components. Originally developed in C and , libsignal has transitioned to a Rust-based core for enhanced safety and performance, with bindings generated for cross-platform use. Official protocol specifications are documented on signal.org, detailing key algorithms such as X3DH for initial key agreement and the Double Ratchet for ongoing message encryption. A significant extension, the Post-Quantum Extended Diffie-Hellman (PQXDH) protocol, was introduced in 2023 to provide resistance against threats by incorporating post-quantum key encapsulation mechanisms alongside classical Diffie-Hellman exchanges. This upgrade replaces X3DH in new sessions, ensuring against both classical and harvest-now-decrypt-later quantum attacks. In 2025, the protocol was further enhanced with the Sparse Post-Quantum Ratchet (SPQR), which hybridizes post-quantum key agreement with the existing ratcheting mechanism to provide quantum-resistant . Several open-source libraries and forks offer compatibility with the Signal Protocol for diverse environments. For web applications, libsignal-protocol-js provides a implementation of the core ratcheting mechanisms, supporting asynchronous messaging in browsers and . Community-maintained forks, such as those extending libsignal-protocol-c for specific use cases like OMEMO encryption in XMPP, adapt the protocol while preserving its security properties. Additionally, the (MLS) protocol, standardized by the IETF in RFC 9420 (2024), draws inspiration from the Double Ratchet to enable scalable group messaging with and post-compromise security. Integrations of libsignal facilitate custom application development across platforms. Android and iOS developers can incorporate the library via SDKs that handle session management and encryption primitives, while Rust crates like libsignal-protocol and libsignal-rust enable efficient, memory-safe implementations for server-side or embedded systems. These tools support features like prekey bundles and identity key verification, allowing third-party apps to achieve Signal-level without direct server dependencies. Libsignal is licensed under the GNU Affero General Public License version 3 (AGPLv3), which mandates disclosure for any network-accessible modifications, promoting transparency while permitting commercial use under the terms. This licensing choice ensures the protocol remains freely available for reimplementation, with no patent encumbrances restricting adoption.

Influence and Analysis

Industry Impact

The Signal Protocol has profoundly shaped secure communication standards within the technology industry, most notably by inspiring the (IETF) to develop and standardize the (MLS) protocol as RFC 9420 in 2023. MLS extends key principles from the Signal Protocol, including and post-compromise security, to support asynchronous group keying and scalable for multi-party messaging applications. This standardization effort addresses limitations in earlier protocols, positioning MLS as a foundational technology for future interoperable secure group communications across platforms. The protocol's widespread implementation has accelerated an industry shift toward perfect (PFS) and default (E2EE) as normative features in consumer messaging services by 2020. High-profile adoptions, such as WhatsApp's integration of the Signal Protocol in , demonstrated the feasibility of E2EE at scale, compelling competitors like Telegram to enhance security options, including PFS in their optional "secret chats" mode. This momentum has elevated E2EE from a niche feature to an expected standard, influencing platforms from to RCS-based services and fostering a competitive landscape where privacy-by-design is a key differentiator. On the policy front, the Signal Protocol's architecture, which minimizes metadata collection and ensures robust user privacy, aligns with principles of data protection frameworks such as the European Union's General Data Protection Regulation (GDPR), by prohibiting data monetization and enabling verifiable privacy safeguards. Economically, the protocol's contributions to secure defaults have underpinned the expansion of the global application-to-person (A2P) messaging market, projected to reach approximately $104.5 billion by 2033. The nonprofit Signal Foundation, responsible for maintaining the protocol, was initially funded by a $50 million investment from Brian Acton in 2018, with ongoing user donations supporting projected annual operating costs of $50 million by 2025. This underscores the economic commitment required to sustain open-source privacy infrastructure. Beyond technical and economic spheres, the Signal Protocol has extended its impact to global activism, particularly in high-risk environments where secure communication is essential. During the 2019 Hong Kong protests, the Signal app—leveraging the protocol's E2EE—was adopted by demonstrators to coordinate actions and evade , highlighting its role in enabling resilient, leaderless movements amid state crackdowns. This usage in conflict zones, from to other regions facing authoritarian pressures, has amplified the protocol's reputation as a tool for advocacy and secure information sharing.

Security Reviews

The Signal Protocol has been subject to multiple formal verifications and independent audits to assess its cryptographic security properties. A seminal 2016 formal by Cohn-Gordon et al. modeled the protocol as a multi-stage authenticated , proving its achievement of perfect (PFS), which ensures that compromise of long-term keys does not reveal past session keys, and post-compromise security (PCS), which limits damage from key compromises by enabling recovery through fresh Diffie-Hellman exchanges. This analysis used game-based proofs in the model under the Gap Diffie-Hellman assumption, highlighting the Double Ratchet mechanism's role in these properties. Subsequent verifications have extended these findings to advanced features. A 2024 formal verification of the post-quantum variant, PQXDH, employed the ProVerif tool to confirm , , and resistance to key-compromise impersonation attacks, addressing potential vulnerabilities from quantum adversaries breaking . For deniability, a 2021 cryptographic analysis demonstrated that the protocol provides strong offline deniability, meaning parties cannot cryptographically prove message authorship to third parties, though forward deniability requires additional assumptions about device security. Independent audits have reinforced the protocol's robustness. The 2016 analysis by Cohn-Gordon et al. served as an initial comprehensive review commissioned in collaboration with , identifying no fundamental flaws in the core cryptographic design while recommending clarifications in specifications. More recent evaluations, including the 2024 ProVerif-based audit of PQXDH, confirmed no major implementation issues in the reference library libsignal, with fixes applied to minor modeling discrepancies during development. In 2025, Signal introduced the to extend post-quantum protections to the mechanism. efforts, including machine-checked proofs, have confirmed SPQR's achievement of and post-compromise security against quantum adversaries. Known vulnerabilities have been limited and promptly addressed. In 2016, a bug in Signal for Android's attachment processing allowed potential code execution from malicious media files, which was fixed in version 4.16.3 without impacting the protocol's core encryption. Theoretical threats from , such as the ability to retroactively decrypt past sessions via , are mitigated in the PQXDH draft through hybrid classical-post-quantum key agreement using X25519 and , ensuring IND-CCA security against passive quantum attackers. The protocol demonstrates strong resistance to common attacks. It is fully resilient to passive eavesdropping, as all messages are protected by with authenticated symmetric keys derived via the Double Ratchet. Against active man-in-the-middle (MITM) attacks, it offers partial protection through public key verification via safety numbers, which detect impersonation if users compare fingerprints, though initial key establishment assumes trusted prekeys. No critical (CVEs) affecting the protocol's cryptographic integrity have been reported since 2020, reflecting ongoing maintenance of its open-source implementations.

References

  1. https://signal.org/blog/pqxdh/
  2. https://www.wired.com/story/signal-encryption-protocol-hacker-lexicon/
  3. https://eprint.iacr.org/2016/1013.pdf
  4. https://signal.org/docs/specifications/x3dh/
  5. https://signal.org/docs/specifications/doubleratchet/
  6. https://signal.org/blog/whatsapp-complete/
  7. https://signal.org/blog/spqr/
  8. https://engineering.fb.com/wp-content/uploads/2023/12/MessengerEnd-to-EndEncryptionOverview_12-6-2023.pdf
  9. https://signal.org/docs/
  10. https://signal.org/blog/signal-is-expensive/
  11. https://signal.org/blog/
  12. https://signal.org/blog/asynchronous-security/
  13. https://signal.org/blog/simplifying-otr-deniability/
  14. https://signal.org/docs/specifications/sesame/
  15. https://signal.org/blog/advanced-ratcheting/
  16. https://www.forbes.com/sites/andygreenberg/2013/12/09/ten-million-more-android-users-text-messages-will-soon-be-encrypted-by-default/
  17. https://increment.com/security/story-of-signal/
  18. https://signal.org/blog/the-new-textsecure/
  19. https://time.com/5893114/signal-app-privacy/
  20. https://www.theregister.com/2016/11/23/open_whisper_publishes_endtoend_security_specs/
  21. https://signal.org/blog/license-update/
  22. https://www.businessofapps.com/data/signal-statistics/
  23. https://cyberscoop.com/signal-security-audit-encryption-facebook-messenger-whatsapp/
  24. https://signal.org/blog/allo/
  25. https://signal.org/blog/pdfs/signal_private_group_system.pdf
  26. https://signalfanclub.com/is-signal-end-to-end-encrypted-for-group-calls
  27. https://blog.phnx.im/rfc-9420-mls/
  28. https://signal.org/blog/signal-foundation/
  29. https://signal.org/docs/specifications/pqxdh/
  30. https://signal.org/docs/specifications/doubleratchet/doubleratchet.pdf
  31. https://eprint.iacr.org/2016/1013
  32. https://signal.org/docs/specifications/doubleratchet/#2.1
  33. https://signal.org/docs/specifications/doubleratchet/#2.3
  34. https://signal.org/docs/specifications/doubleratchet/#3.3
  35. https://signal.org/docs/specifications/doubleratchet/#3.5
  36. https://signal.org/blog/safety-number-updates/
  37. https://support.signal.org/hc/en-us/articles/360007060632-What-is-a-safety-number-and-why-do-I-see-that-it-changed
  38. https://ssd.eff.org/module/how-to-use-signal
  39. https://www.research-collection.ethz.ch/bitstreams/ababdf55-18a9-4e38-aa81-b33a7c27cbae/download
  40. https://academicworks.cuny.edu/cgi/viewcontent.cgi?article=6191&context=gc_etds
  41. https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-4_24180_paper.pdf
  42. https://signal.org/blog/sealed-sender/
  43. https://signal.org/blog/pdfs/signal-private-group-system.pdf
  44. https://signal.org/bigbrother/
  45. https://www.usenix.org/system/files/sec21-cremers.pdf
  46. https://signal.org/blog/signal-private-group-system/
  47. https://cseweb.ucsd.edu/~cdisselk/papers/pitchfork.pdf
  48. https://signal.org/blog/verified-safety-number-updates/
  49. https://signal.org/blog/the-ecosystem-is-moving/
  50. https://techcrunch.com/2025/05/01/whatsapp-now-has-more-than-3-billion-users/
  51. https://www.eff.org/deeplinks/2016/04/whatsapp-rolls-out-end-end-encryption-its-1bn-users
  52. https://signal.org/blog/facebook-messenger/
  53. https://about.fb.com/wp-content/uploads/2016/07/messenger-secret-conversations-technical-whitepaper.pdf
  54. https://wire.com/en/security
  55. https://cyberinsider.com/secure-encrypted-messaging-apps/wire/
  56. https://arstechnica.com/gadgets/2021/06/google-enables-end-to-end-encryption-for-androids-default-sms-rcs-app/
  57. https://www.androidpolice.com/mls-encryption-may-be-coming-to-google-messages/
  58. https://element.io/features/end-to-end-encryption
  59. https://matrix.org/blog/2024/10/29/matrix-2.0-is-here/
  60. https://github.com/signalapp/libsignal
  61. https://kerkour.com/signal-app-rust
  62. https://people.ischool.berkeley.edu/~nick/signal-protocol-js/
  63. https://github.com/dino/libomemo-c
  64. https://datatracker.ietf.org/doc/rfc9420/
  65. https://docs.rs/libsignal-protocol
  66. https://crates.io/crates/libsignal-protocol
  67. https://www.feistyduck.com/newsletter/issue_103_rfc_9420_messaging_layer_security
  68. https://www.businessinsider.com/elon-musk-encrypted-messenger-app-wars-telegram-signal-2024-5
  69. https://blog.cryptographyengineering.com/2024/08/25/telegram-is-not-really-an-encrypted-messaging-app/
  70. https://support.signal.org/hc/en-us/articles/360007059412-Signal-and-the-General-Data-Protection-Regulation-GDPR
  71. https://www.businesswire.com/news/home/20250123133234/en/A2P-Messaging-Market-Global-Forecast-Report-2024-2033-Increasing-Need-for-Secure-Communication-and-Growing-E-Commerce-Will-Fuel-the-%2524104.5-Billion-Industry---ResearchAndMarkets.com
  72. https://www.vox.com/recode/2020/6/3/21278558/protest-apps-signal-citizen-twitter-instagram-george-floyd
  73. https://abcnews.go.com/Technology/tech-fueled-leaderless-protest-hong-kong/story?id=66158665
  74. https://www.usenix.org/system/files/usenixsecurity24-bhargavan.pdf
  75. https://cryspen.com/post/signal-spqr-verification/
  76. https://signal.org/blog/signal-android-attachment-bug/
Add your contribution
Related Hubs
Contribute something
User Avatar
No comments yet.