Encryption

- Reading time: 2 minutes / whole rubric: 10 minutes -

Many people understand encryption to mean only “end-to-end” encryption, which ensures that no one other than the respective participants can (co-)read the exchanged content. However, encryption is much more than that, because secure and traceable encryption (cryptography) includes so-called protection goals:

  • Confidentiality (data may only be read or modified by authorized persons. This applies to access to stored data as well as during data transmission.
  • Integrity (data must not be changed unauthorized and unnoticed. All changes must be traceable).
  • Authenticity (proof of the authenticity and credibility of data or subjects, based on unique identity or properties).
  • Bindingness (protection against inadmissible denial of actions performed or subject cannot deny that an action has been performed).

Beyond these protection goals of cryptography, however, depending on the requirements, inconsequentiality to third parties is also a very important point. This is to be achieved by means of “perfect forward secrecy” (external). This ensures that even someone who eavesdrops on and stores the encrypted communication cannot decrypt it if they later learn a key.

Double ratchet

… is the encryption technique developed as “Axolotl” (external; PDF file) by Signal. Between two endpoints (hence “end-to-end encryption”), the previous encryption process is taken as the starting point for each new encryption process - and the ratchet is turned a bit further, as it were.

The Signal encryption technique with the double ratchet is the basis for many other implementations such as OMEMO (XMPP), OLM/MEGOLM (Matrix) or others.

A great site with introduction and special knowledge about cryptography: https://kryptografie.de/kryptografie/index.htm (extern)