Name: Instant Messaging and the Signal Protocol - Computerphile
Uploaded: 2020-03-27T17:00:28.000Z
Duration: 9 min 44 s
Description: Thousands of YouTube videos with English-Chinese subtitles! Now you can learn to understand native speakers, expand your vocabulary, and improve your pronunciation...

Adverbs of degree

A lot of people are communicating over the internet on their phone now not just SMS, you know

Messages like signal whatsapp Facebook Messenger, they all have some kind of end-to-end encryption these days

so this is not the same as when you go online to let's say an online shop and

You immediately have a conversation and set up an encrypted connection. This is much slower than that and much more asynchronous

So there's a lot of difficulties when using instant messaging or you know

Application based messaging because we don't know really what's going on between between the two parties

So I send you a message theoretically some trustworthy server takes that message or forwards its on onto your your phone, right?

Theoretically right how much do we trust the server? I suppose it depends on the app

But in any case maybe we want to try and use a protocol that means even if we don't trust a server

There's not a lot the server can do right and that's what the signal protocol uses and by association

What's app,  facebook instant messenger and things like this?

I'll put my phone down and we'll talk about Allison Bob again because we always talk about Allison Bob, right?

So they want to have a conversation via a server

Between themselves, right? Now the problem is that maybe Bob installed the application?

so he installed signal or whatsapp or something like this six months ago and

He's just waiting patiently for some friend to turn up and install the app as well, right?

I get lots of invites to install various different chat apps

Most of them I turned down because I don't want that many icons on my phone

So what will happen is Bob will start by installing the app and completely aside from whoever he wants to talk to later

He's going to send a few things to the server. He's going to send a public key. That's his identity

So that's his identity public key for Bob

This is going to be a public key on an elliptic curve

Like lots of the ones we've talked about and it'll have a private component or a private key associated with it

Verify that he's in control of his private key

That's kind of standard in cryptography and then he's going to produce a list of one-time pre keys

remember that what he wants to do is have key exchange conversations between

Alice or Charlie or anyone else that comes along and he wants to do that not knowing when they're going to come along

So he's gonna send his parts of her messages ahead of time to the server

So he's going to have you know, one use public key here and another one

And he's gonna numbered Eve or something like this. So this is one two, three and number four

So these are all public keys of which he has the private keys stashed on his phone ,right? On his application

Now the server is going to do this for anyone that installs the application, right? This will happen between your your

Your signal app and their service or your whatsapp and their servers and so on

What will happen next is some time down the line

Hopefully Bob's made some friends and they've agreed to talk to him on their phones

So Alice comes along and she wants to set up a communication with Bob now the exact same problems that Bob faced she faces

Right. The first one is the Bob might have his phone switched off so she can't start up a conversation

Right, and she also doesn't know where Bob is

So the server does have a server based on Bob mobile phone number or IP address or something?

We'll know how to get in contact with him

So she goes to the server and says I'd like to talk to Bob, but can I have a pre key bundle?

And this is a set of parameters from Bob or she can use to form a communication

So the server is going to send to Alice Bob's identity key

Either at random or sequentially of these let's say number three of these one use keys is is going to be sent three

different public keys from Bob, right? Alice is going to generate an identity key of her own for Alice and

she's going to generate an ephemeral key, which is like a one use session key

Which is very common in diffie hellman for herself there. All right, what do all B's going to do?

Well, let's let's get rid of this paper or just move for sort of flopping around

So we've got a I seem to change pens, but it's not worry about that

I've got Bob's identity key that should identify him

Like if we know that Bob has the private key and we know that's Bob the fact that this key has been used means it

All right. That's a really good thing to know his sign pre key for Bob

This stops the server messing about of his pre keys because he signed it and a server can't do that and a one use

Public key for Bob and what that's going to do is make sure that no one can replay attack Bob by sending this whole conversation again later

Bob is gonna delete this when he's seen it for the first time

So when you fetch a pre-key bundle and you use it to talk to someone on one of these apps

They will delete that pre-key so that they can never use it again, and we've got Alice

We've got the identity key from Alice and her a femoral key now. I'm going to use a different pen

We've got five different public keys here

right, and we're going to perform four Diffie-Hellman, right, which is again a little bit hairy, but you know

we did a video on Diffie-Hellman which you might like to watch but

What difficult as you both send public key to each other you exchange them you use your secrets to calculate a shared secret

Public keys can be combined to create a shared secret, right?

But if you only use two of them, you're not getting the whole picture and you're not, you know, for example

If you only use Bob's identity key and Alice is a ephemeral key

You aren't guaranteeing the identity of Alice by verifying this particular identity key here. Every public version has a private one

So there's going to be a little little private identity key for Alice

Little private ephemeral key for Alice and there you get used within the mathematic and the same on the other side

So there's a little one for Bob. So this is identity key

I've gone out too many and this one is that it's let's say number. This was number three, wasn't it?

So so let's put in number three here. Bob's got a whole list of these right?

So he's got a whole list of these one two, three

And this is the one he's going to use. Alice is gonna perform Diffie-Hellman exchange four times, right?

So he's gonna do this one here. She's going to do this one here. She's going to do this one here

That's number three and she's going to do this one here number four, right?

So she's bringing all the keys into play then she's going to produce one master key

Shall we say with all of these pre master secrets? So she's going to take one and she's going to append it to two

She's gonna append it to three append it to four. She's gonna put that through something called a key derivation function

Which for the sake of simplicity we'll just say the very similar to a hash function and that's going to produce her master secret

She can then use that to encrypt things and

theoretically when she sends a message to Bob, Bob would be able to do the same thing and no one else will

Right, so she'll send a message including something encrypted

And then he will be able to send her a message back the way that the signal protocol works with

With Alice and Bob and the server in between is called triple. Diffie-hellman

Why are we doing all these Diffie-Hellman, right?

In previous video, we just had a public key for Alice and a public key for Bob

Well, each of these different Diffie-Hellman exchanges gives us something different

But the really important ones I want to talk about are the ones involving these identity keys here the identity keys prove who you are

Subtitles ListPlay Video

Instant Messaging and the Signal Protocol - Computerphile

evidence

conversation

mess

exact