Encryption is a valuable tool for protecting the privacy of communications. However, the privacy of secure communications relies on the security of the encryption algorithms and keys used to protect them.
If encryption keys are exposed (we’ll detail how that could happen below), then an attacker may be able to read all messages encrypted with those keys, including copies of past messages (backups, traffic collected by monitoring network traffic, etc.). Perfect forward secrecy helps to protect against this.
The Need for Perfect Forward Secrecy
Data can be encrypted in a few different ways. Symmetric encryption algorithms use the same key for both encryption and decryption, while asymmetric or public key cryptography has a public key for encryption and a private key used for decryption.
In both cases, decrypting the data requires knowledge of a secret key. If an attacker has access to this key, they can decrypt all the messages protected by it.
Secret keys can be revealed to an attacker in a few different ways, including:
• Leaked/Stolen Keys: Secret keys need to be stored somewhere, and this is often on the computer or other device used to send and receive the data. If these devices are compromised by an attacker, the attacker may be able to access these keys and use them for data decryption.
• Weak Passwords: In some cases, encryption keys are derived from or protected by users’ passwords. If someone uses a weak password – which is unfortunately very common – then an attacker may be able to guess the password and gain access to the encryption key.
• Quantum Computing: Quantum computers have the ability to break classical asymmetric encryption algorithms. When sufficiently powerful quantum computers become available, they will make it possible to brute-force the encryption keys used for these vulnerable algorithms.
In all of these cases, a compromised encryption key can cause many messages to be exposed. Perfect forward secrecy helps to prevent this.
Perfect Forward Secrecy Solves These Problems
In systems without perfect forward secrecy, the problem is that a semi-permanent encryption key is the only secret used to protect multiple different encrypted messages. If this key is exposed, then all of the messages encrypted with it are exposed.
Perfect forward secrecy fixes this security risk by ensuring that every message is encrypted with a different encryption key. This is accomplished by taking the encryption key shared between the communicating parties and transforming it to produce unique, single-use encryption keys for each message.
Once a message has been received, the sender and recipient delete the single-use key and any additional data used to derive it. This makes it impossible for an attacker to reconstruct the per-message keys needed to decrypt past messages even if they gain access to the original shared secret key.
With perfect forward secrecy, each message is encrypted with a unique secret key. This makes it much more difficult to crack the encryption than if all messages were encrypted with the same key. Brute-force attacks against encryption keys are theoretically possible but designed to be too time-consuming and expensive to be feasible. With perfect forward secrecy, even if an attacker can successfully crack an encryption key, they cannot access past messages in the conversation.
How Ciphr Implements Perfect Forward Secrecy
Ciphr uses Post-Quantum Elliptic Curve Cryptography (PQ-ECC) for data encryption. This combines a classical public key encryption algorithm with well-tested security with a post-quantum algorithm designed to protect against quantum computing. Both of these algorithms use their own private keys, so an attacker needs to know both encryption keys to successfully decrypt a message.
Ciphr uses separate double-ratchets to update its encryption keys so that the sender and recipient(s) of a message change their classical and post-quantum keys in sync with one another. The double-ratchet uses and destroys past encryption keys while producing their replacements. This design ensures that every message is encrypted with a unique combination of keys, providing perfect forward secrecy and protection against attack.
Our double-ratchet isn't the only mechanism used to produce fresh keys for every message – Ciphr also generates an ephemeral asymmetric key for every message whose private component is immediately destroyed. This is important because even if attacker somehow recovers a past session state, they can't decrypt future messages because they lack this component.
Perfect Forward Secrecy is Vital for Secure Communications
The security of a secure messaging system is based on the secrecy of the keys used for data encryption. If these keys are exposed to an attacker, then the rest of the security guarantees of the system fall apart.
Without perfect forward secrecy, these security assumptions are based on the ability to protect a single encryption key. With multiple ways that this key could be exposed to an attacker, this creates a dangerous single point of failure within the system.
Perfect forward secrecy helps to decrease this risk by eliminating the reliance on a single key. Each message uses its own key, making it harder to crack and decreasing the risk of past messages being exposed by a breached key. This decreased risk is why perfect forward secrecy is a core component of Ciphr’s data security strategy.