Messages like signal whatsapp Facebook Messenger, they all have some kind of end-to-end encryption these days

so this is not the same as when you go online to let's say an online shop and

You immediately have a conversation and set up an encrypted connection. This is much slower than that and much more asynchronous

So there's a lot of difficulties when using instant messaging or you know

Application based messaging because we don't know really what's going on between between the two parties

So I send you a message theoretically some trustworthy server takes that message or forwards its on onto your your phone, right?

Theoretically right how much do we trust the server? I suppose it depends on the app

but

But in any case maybe we want to try and use a protocol that means even if we don't trust a server

There's not a lot the server can do right and that's what the signal protocol uses and by association

What's app, facebook instant messenger and things like this?

I'll put my phone down and we'll talk about Allison Bob again because we always talk about Allison Bob, right?

So they want to have a conversation via a server

Between themselves, right? Now the problem is that maybe Bob installed the application?

so he installed signal or whatsapp or something like this six months ago and

He's just waiting patiently for some friend to turn up and install the app as well, right?

I get lots of invites to install various different chat apps

Most of them I turned down because I don't want that many icons on my phone

So what will happen is Bob will start by installing the app and completely aside from whoever he wants to talk to later

He's going to send a few things to the server. He's going to send a public key. That's his identity

So that's his identity public key for Bob

This is going to be a public key on an elliptic curve

Like lots of the ones we've talked about and it'll have a private component or a private key associated with it

That will be kept to himself

He's also going to sign a public key to

Verify that he's in control of his private key

That's kind of standard in cryptography and then he's going to produce a list of one-time pre keys

remember that what he wants to do is have key exchange conversations between

Alice or Charlie or anyone else that comes along and he wants to do that not knowing when they're going to come along

So he's gonna send his parts of her messages ahead of time to the server

So he's going to have you know, one use public key here and another one

another one

And he's gonna numbered Eve or something like this. So this is one two, three and number four

So these are all public keys of which he has the private keys stashed on his phone ,right? On his application

Now the server is going to do this for anyone that installs the application, right? This will happen between your your

Your signal app and their service or your whatsapp and their servers and so on

What will happen next is some time down the line

Hopefully Bob's made some friends and they've agreed to talk to him on their phones

So Alice comes along and she wants to set up a communication with Bob now the exact same problems that Bob faced she faces

Right. The first one is the Bob might have his phone switched off so she can't start up a conversation

Right, and she also doesn't know where Bob is

So the server does have a server based on Bob mobile phone number or IP address or something?

We'll know how to get in contact with him

So she goes to the server and says I'd like to talk to Bob, but can I have a pre key bundle?

And this is a set of parameters from Bob or she can use to form a communication

So the server is going to send to Alice Bob's identity key

Bob's signed pre-key and one

Either at random or sequentially of these let's say number three of these one use keys is is going to be sent three

different public keys from Bob, right? Alice is going to generate an identity key of her own for Alice and

she's going to generate an ephemeral key, which is like a one use session key

Which is very common in diffie hellman for herself there. All right, what do all B's going to do?

Well, let's let's get rid of this paper or just move for sort of flopping around

So we've got a I seem to change pens, but it's not worry about that

I've got Bob's identity key that should identify him

Like if we know that Bob has the private key and we know that's Bob the fact that this key has been used means it

Must be Bob on the other end of a line

All right. That's a really good thing to know his sign pre key for Bob

This stops the server messing about of his pre keys because he signed it and a server can't do that and a one use

Public key for Bob and what that's going to do is make sure that no one can replay attack Bob by sending this whole conversation again later

Bob is gonna delete this when he's seen it for the first time

So when you fetch a pre-key bundle and you use it to talk to someone on one of these apps

They will delete that pre-key so that they can never use it again, and we've got Alice

We've got the identity key from Alice and her a femoral key now. I'm going to use a different pen

We've got five different public keys here

right, and we're going to perform four Diffie-Hellman, right, which is again a little bit hairy, but you know

Bear with me to remind you

we did a video on Diffie-Hellman which you might like to watch but

What difficult as you both send public key to each other you exchange them you use your secrets to calculate a shared secret

So any of these two?

Public keys can be combined to create a shared secret, right?

But if you only use two of them, you're not getting the whole picture and you're not, you know, for example

If you only use Bob's identity key and Alice is a ephemeral key

You aren't guaranteeing the identity of Alice by verifying this particular identity key here. Every public version has a private one

So there's going to be a little little private identity key for Alice

Little private ephemeral key for Alice and there you get used within the mathematic and the same on the other side

So there's a little one for Bob. So this is identity key

for Bob

I've gone out too many and this one is that it's let's say number. This was number three, wasn't it?

So so let's put in number three here. Bob's got a whole list of these right?

So he's got a whole list of these one two, three

And this is the one he's going to use. Alice is gonna perform Diffie-Hellman exchange four times, right?

So he's gonna do this one here. She's going to do this one here. She's going to do this one here

That's number three and she's going to do this one here number four, right?

So she's bringing all the keys into play then she's going to produce one master key

Shall we say with all of these pre master secrets? So she's going to take one and she's going to append it to two

She's gonna append it to three append it to four. She's gonna put that through something called a key derivation function

Which for the sake of simplicity we'll just say the very similar to a hash function and that's going to produce her master secret

She can then use that to encrypt things and

theoretically when she sends a message to Bob, Bob would be able to do the same thing and no one else will

Right, so she'll send a message including something encrypted

Her identity key and her ephemeral key

Bob will do the exact same procedure

And then he will be able to send her a message back the way that the signal protocol works with

With Alice and Bob and the server in between is called triple. Diffie-hellman

Why are we doing all these Diffie-Hellman, right?

In previous video, we just had a public key for Alice and a public key for Bob

We seem to be wasting a lot of time

Well, each of these different Diffie-Hellman exchanges gives us something different

But the really important ones I want to talk about are the ones involving these identity keys here the identity keys prove who you are

But of course if I'm Alice and you're Bob and I send you an identity key for myself

It doesn't prove who I am at all. I've just it's just a number. It doesn't say anything, right?

So, how do I actually how do you actually know that the message came from me?

Right and the answer is actually what you need to do is look at this number off line

Out-of-band you need to go outside of the normal line of communication over the Internet and face-to-face

Look at this number and if you see that, it's right, then, you know, they must have been me having this conversation

Okay, so I can send you a message using signal right? You've installed signal your Bob. I'm Alice in this case, right?

So you've already sent your pre keys to the server. Just waiting to go

I

My met my phone will send a message a server and say can I get a pre key bundle and then we'll perform an exchange

Right something like that. So I'm gonna send you a message. It's not going to be interesting. Hello

All right, so I send you a message

Hopefully it pops up on your phone. It does. There we go. I mean this is good evidence, but it was me

I literally sent a message and it appeared on your phone, but that didn't always happen in instant messaging so sometimes

I'm not around or you're not around at a time

So how did you know when it pops up my name on here?

but it is me and the answer is you don't write someone could have the server or someone else could have

Intercepted these messages and performed a man-in-the-middle attack, right the only way we can verify it

Is to check out each other's public keys by our identity keys

so the way that signal does this is it takes the identity public key of alice and the identity public key of

Bob and it combines them using a hash function into a safety number right that safety number is essentially a summary of our two

Public identity keys, right if we have the same safety number, that means we're having a conversation with the text

Same two identity keys, which means it must be a conversation just between us - that's the idea. So, let's have a look

I'm gonna go into my safety number and they're the same and

In in signal actually, you can press this a verified button, which says we've looked at these out-of-band

This is called an out-of-band communication because we're not using the normal encryption to verify our keys

So now actually when we send messages it will show as verified. So in whatsapp. It's not called a safety number

It's just called a security code, but you can see it's absolutely the same now, of course what most people don't do

It's right. Most people say messages in assume

There isn't a man in the middle and in all likelihood there probably isn't but if you want to be really sure

Maybe have a look at your safety number

We've only covered half the story we talked about this pre key bundles and this this initial triple. Diffie-hellman

I mean, we all have phones we talk about batteries all the time. So

If you hypothetically picked four words that were in the top 500