Double Ratchet Algorithm

The Double Ratchet Algorithm is the engine that gives modern secure messengers their per-message key freshness. After two parties establish an initial shared secret, the Double Ratchet derives a brand-new key for every single message so that earlier keys cannot be recomputed from later ones. The name comes from its two interlocking mechanisms, the symmetric-key ratchet and the Diffie-Hellman ratchet.

The two ratchets

The symmetric-key ratchet advances a chain key through a key derivation function (KDF) for each message, producing a unique message key and then discarding the old chain key. Because the old key is deleted, a captured device cannot decrypt already-sent messages, this is forward secrecy. But a symmetric ratchet alone cannot recover from compromise, so the Diffie-Hellman ratchet runs alongside it: parties periodically attach a fresh DH public key to their messages, and each new exchange feeds a root chain that reseeds the sending and receiving chains with entropy an attacker cannot predict.

Forward secrecy and break-in recovery

The combination yields two distinct guarantees. Forward secrecy protects the past, because deleted keys cannot be regenerated. Break-in recovery (also called post-compromise security) protects the future, because once the uncompromised party introduces a new DH public key, the resulting shared secret is unknown to the attacker and the conversation becomes secure again. The ratchet also tolerates out-of-order and dropped messages by caching skipped message keys, which matters for the real-world unreliable networks a sovereign user often relies on.

The Double Ratchet runs after the initial handshake performed by X3DH, and both are components of the broader Signal Protocol.