Signal Protocol

Last updated

Signal Protocol
Communication protocol
PurposeEnd-to-end encrypted communications
Developer(s) Signal Foundation
Based on OTR, SCIMP [1]
Influenced OMEMO, Matrix [2]
OSI layer Application layer
Website signal.org/docs

The Signal Protocol (formerly known as the TextSecure Protocol) is a non-federated cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations. [2] The protocol was developed by Open Whisper Systems in 2013 [2] and was first introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide" [3] or Google who provides end-to-end encryption by default to all RCS-based conversations between users of their Google Messages app for one-to-one conversations. [4] Facebook Messenger also say they offer the protocol for optional Secret Conversations, as does Skype for its Private Conversations.

Contents

The protocol combines the Double Ratchet Algorithm, prekeys, and a triple Elliptic-curve Diffie–Hellman (3-DH) handshake, [5] and uses Curve25519, AES-256, and HMAC-SHA256 as primitives. [6]

History

The development of the Signal Protocol was started by Trevor Perrin and Moxie Marlinspike (Open Whisper Systems) in 2013. The first version of the protocol, TextSecure v1, was based on Off-the-record messaging (OTR). [7] [8]

On 24 February 2014, Open Whisper Systems introduced TextSecure v2, [9] which migrated to the Axolotl Ratchet. [7] [10] The design of the Axolotl Ratchet is based on the ephemeral key exchange that was introduced by OTR and combines it with a symmetric-key ratchet modeled after the Silent Circle Instant Messaging Protocol (SCIMP). [1] It brought about support for asynchronous communication ("offline messages") as its major new feature, as well as better resilience with distorted order of messages and simpler support for conversations with multiple participants. [11] The Axolotl Ratchet was named after the critically endangered aquatic salamander Axolotl, which has extraordinary self-healing capabilities. The developers refer to the algorithm as self-healing because it automatically disables an attacker from accessing the cleartext of later messages after having compromised a session key. [1]

The third version of the protocol, TextSecure v3, made some changes to the cryptographic primitives and the wire protocol. [7] In October 2014, researchers from Ruhr University Bochum published an analysis of TextSecure v3. [6] [7] Among other findings, they presented an unknown key-share attack on the protocol, but in general, they found that it was secure. [12]

In March 2016, the developers renamed the protocol as the Signal Protocol. They also renamed the Axolotl Ratchet as the Double Ratchet algorithm to better differentiate between the ratchet and the full protocol [13] because some had used the name Axolotl when referring to the full protocol. [14] [13]

As of October 2016, the Signal Protocol is based on TextSecure v3, but with additional cryptographic changes. [7] In October 2016, researchers from the UK's University of Oxford, Australia's Queensland University of Technology, and Canada's McMaster University published a formal analysis of the protocol, concluding that the protocol was cryptographically sound. [15] [16]

Another audit of the protocol was published in 2017. [17]

Properties

The protocol provides confidentiality, integrity, authentication, participant consistency, destination validation, forward secrecy, post-compromise security (aka future secrecy), causality preservation, message unlinkability, message repudiation, participation repudiation, and asynchronicity. [18] It does not provide anonymity preservation and requires servers for the relaying of messages and storing of public key material. [18]

The Signal Protocol also supports end-to-end encrypted group chats. The group chat protocol is a combination of a pairwise double ratchet and multicast encryption. [18] In addition to the properties provided by the one-to-one protocol, the group chat protocol provides speaker consistency, out-of-order resilience, dropped message resilience, computational equality, trust equality, subgroup messaging, as well as contractible and expandable membership. [18]

Authentication

For authentication, users can manually compare public key fingerprints through an outside channel. [19] This makes it possible for users to verify each other's identities and avoid a man-in-the-middle attack. [19] An implementation can also choose to employ a trust on first use mechanism in order to notify users if a correspondent's key changes. [19]

Metadata

The Signal Protocol does not prevent a company from retaining information about when and with whom users communicate. [20] [21] There can therefore be differences in how messaging service providers choose to handle this information. Signal's privacy policy states that recipients' identifiers are only kept on the Signal servers as long as necessary in order to transmit each message. [22] In June 2016, Moxie Marlinspike told The Intercept : "the closest piece of information to metadata that the Signal server stores is the last time each user connected to the server, and the precision of this information is reduced to the day, rather than the hour, minute, and second." [21]

In October 2018, Signal Messenger announced that they had implemented a "sealed sender" feature into Signal, which reduces the amount of metadata that the Signal servers have access to by concealing the sender's identifier. [23] [24] The sender's identity is conveyed to the recipient in each message, but is encrypted with a key that the server does not have. [24] This is done automatically if the sender is in the recipient's contacts or has access to their Signal Profile. [24] Users can also enable an option to receive "sealed sender" messages from non-contacts and people who do not have access to their Signal Profile. [24] A contemporaneous wiretap of the user's device and/or the Signal servers may still reveal that the device's IP address accessed a Signal server to send or receive messages at certain times. [23]

Usage

Open Whisper Systems first introduced the protocol in application TextSecure . They later merged an encrypted voice call application named RedPhone into TextSecure and renamed it Signal.

In November 2014, Open Whisper Systems announced a partnership with WhatsApp to provide end-to-end encryption by incorporating the Signal Protocol into each WhatsApp client platform. [25] Open Whisper Systems said that they had already incorporated the protocol into the latest WhatsApp client for Android and that support for other clients, group/media messages, and key verification would be coming soon after. [26] On April 5, 2016, WhatsApp and Open Whisper Systems announced that they had finished adding end-to-end encryption to "every form of communication" on WhatsApp, and that users could now verify each other's keys. [27] [28] In February 2017, WhatsApp announced a new feature, WhatsApp Status, which uses the Signal Protocol to secure its contents. [29] In October 2016, WhatsApp's parent company Facebook also deployed an optional mode called Secret Conversations in Facebook Messenger which provides end-to-end encryption using an implementation of the Signal Protocol. [30] [31] [32] [33]

In September 2015, G Data Software launched a new messaging app called Secure Chat which used the Signal Protocol. [34] [35] G Data discontinued the service in May 2018. [36]

In September 2016, Google launched a new messaging app called Allo, which featured an optional Incognito Mode that used the Signal Protocol for end-to-end encryption. [37] [38] In March 2019, Google discontinued Allo in favor of their Google Messages app on Android. [39] [40] In November 2020, Google announced that they would be using the Signal Protocol to provide end-to-end encryption by default to all RCS-based conversations between users of their Google Messages app, starting with one-to-one conversations. [4] [41]

In January 2018, Open Whisper Systems and Microsoft announced the addition of Signal Protocol support to an optional Skype mode called Private Conversations. [42] [43]

Influence

The Signal Protocol has had an influence on other cryptographic protocols. In May 2016, Viber said that their encryption protocol is a custom implementation that "uses the same concepts" as the Signal Protocol. [44] [45] Forsta's developers have said that their app uses a custom implementation of the Signal Protocol. [46] [47] [ third-party source needed ]

The Double Ratchet Algorithm that was introduced as part of the Signal Protocol has also been adopted by other protocols. OMEMO is an XMPP Extension Protocol (XEP) that was introduced in the Conversations messaging app and approved by the XMPP Standards Foundation (XSF) in December 2016 as XEP-0384. [48] [2] Matrix is an open communications protocol that includes Olm, a library that provides optional end-to-end encryption on a room-by-room basis via a Double Ratchet Algorithm implementation. [2] The developers of Wire have said that their app uses a custom implementation of the Double Ratchet Algorithm. [49] [50] [51]

Messaging Layer Security, an IETF proposal, uses Asynchronous ratcheting trees to efficiently improve upon security guarantees over Signal's Double Ratchet. [52]

Implementations

Signal Messenger maintains a reference implementation of the Signal Protocol library written in Rust under the AGPLv3 license on GitHub. There are bindings to Swift, Java, TypeScript, C, and other languages that use the reference Rust implementation.

Signal maintained the following deprecated libraries:

There also exist alternative libraries written by third-parties in other languages, such as TypeScript. [53]

See also

Related Research Articles

<span class="mw-page-title-main">Instant messaging</span> Form of communication over the internet

Instant messaging (IM) technology is a type of online chat allowing immediate transmission of messages over the Internet or another computer network. Messages are typically transmitted between two or more parties, when each user inputs text and triggers a transmission to the recipient(s), who are all connected on a common network. It differs from email in that conversations over instant messaging happen in real-time. Most modern IM applications use push technology and also add other features such as emojis, file transfer, chatbots, voice over IP, or video chat capabilities.

<span class="mw-page-title-main">Pidgin (software)</span> Open-source multi-platform instant messaging client

Pidgin is a free and open-source multi-platform instant messaging client, based on a library named libpurple that has support for many instant messaging protocols, allowing the user to simultaneously log in to various services from a single application, with a single interface for both popular and obsolete protocols, thus avoiding the hassle of having to deal with new software for each device and protocol.

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.

Off-the-record Messaging (OTR) is a cryptographic protocol that provides encryption for instant messaging conversations. OTR uses a combination of AES symmetric-key algorithm with 128 bits key length, the Diffie–Hellman key exchange with 1536 bits group size, and the SHA-1 hash function. In addition to authentication and encryption, OTR provides forward secrecy and malleable encryption.

In cryptography, forward secrecy (FS), also known as perfect forward secrecy (PFS), is a feature of specific key-agreement protocols that gives assurances that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised, limiting damage. For HTTPS, the long-term secret is typically the private key of the server. Forward secrecy protects past sessions against future compromises of keys or passwords. By generating a unique session key for every session a user initiates, the compromise of a single session key will not affect any data other than that exchanged in the specific session protected by that particular key. This by itself is not sufficient for forward secrecy which additionally requires that a long-term secret compromise does not affect the security of past session keys.

This is a comparison of voice over IP (VoIP) software used to conduct telephone-like voice conversations across Internet Protocol (IP) based networks. For residential markets, voice over IP phone service is often cheaper than traditional public switched telephone network (PSTN) service and can remove geographic restrictions to telephone numbers, e.g., have a PSTN phone number in a New York area code ring in Tokyo.

<span class="mw-page-title-main">Moxie Marlinspike</span> American entrepreneur

Moxie Marlinspike is an American entrepreneur, cryptographer, and computer security researcher. Marlinspike is the creator of Signal, co-founder of the Signal Technology Foundation, and served as the first CEO of Signal Messenger LLC. He is also a co-author of the Signal Protocol encryption used by Signal, WhatsApp, Google Messages, Facebook Messenger, and Skype.

<span class="mw-page-title-main">Cryptocat</span> Open source encrypted chat application

Cryptocat is a discontinued open-source desktop application intended to allow encrypted online chatting available for Windows, OS X, and Linux. It uses end-to-end encryption to secure all communications to other Cryptocat users. Users are given the option of independently verifying their buddies' device lists and are notified when a buddy's device list is modified and all updates are verified through the built-in update downloader.

Whisper Systems was an American enterprise mobile security company that was co-founded by security researcher Moxie Marlinspike and roboticist Stuart Anderson in 2010. The company was acquired by Twitter in November 2011. Some of the company's software products were released under open-source licenses after the acquisition. An independent group called Open Whisper Systems later picked up the development of this open-source software, which led to the creation of the Signal Technology Foundation.

<span class="mw-page-title-main">ChatSecure</span> Messaging application

ChatSecure is a messaging application for iOS which allows OTR and OMEMO encryption for the XMPP protocol. ChatSecure is free and open source software available under the GPL-3.0-or-later license.

TextSecure was an encrypted messaging application for Android that was developed from 2010 to 2015. It was a predecessor to Signal and the first application to use the Signal Protocol, which has since been implemented into WhatsApp and other applications. TextSecure used end-to-end encryption to secure the transmission of text messages, group messages, attachments and media messages to other TextSecure users.

<span class="mw-page-title-main">Open Whisper Systems</span> Open source software organization

Open Whisper Systems was a software development group that was founded by Moxie Marlinspike in 2013. The group picked up the open source development of TextSecure and RedPhone, and was later responsible for starting the development of the Signal Protocol and the Signal messaging app. In 2018, Signal Messenger was incorporated as an LLC by Moxie Marlinspike and Brian Acton and then rolled under the independent 501c3 non-profit Signal Technology Foundation. Today, the Signal app is developed by Signal Messenger LLC, which is funded by the Signal Technology Foundation.

Threema is a paid cross-platform encrypted instant messaging app developed by Threema GmbH in Switzerland and launched in 2012. The service operates on a decentralized architecture and offers end-to-end encryption. Users can make voice and video calls, send photos, files, and voice notes, share locations, and make groups. Unlike many other popular secure messaging apps, Threema does not require phone numbers or email address for registration, only a one-time purchase that can be paid via an app store or anonymously with Bitcoin or cash.

<span class="mw-page-title-main">Signal (messaging app)</span> Privacy-focused encrypted messaging app

Signal is an encrypted messaging service for instant messaging, voice, and video calls. The instant messaging function includes sending text, voice notes, images, videos, and other files. Communication may be one-to-one between users or may involve group messaging.

<span class="mw-page-title-main">Matrix (protocol)</span> Networking protocol for real-time communication and data synchronization

Matrix is an open standard and communication protocol for real-time communication. It aims to make real-time communication work seamlessly between different service providers, in the way that standard Simple Mail Transfer Protocol email currently does for store-and-forward email service, by allowing users with accounts at one communications service provider to communicate with users of a different service provider via online chat, voice over IP, and videotelephony. It therefore serves a similar purpose to protocols like XMPP, but is not based on any existing communication protocol.

Peerio was a cross-platform end-to-end encrypted application that provided secure messaging, file sharing, and cloud file storage. Peerio was available as an application for iOS, Android, macOS, Windows, and Linux. Peerio (Legacy) was originally released on 14 January 2015, and was replaced by Peerio 2 on 15 June 2017. The app is discontinued.

<span class="mw-page-title-main">OMEMO</span> Extension to XMPP for multi-client end-to-end encryption

OMEMO is an extension to the Extensible Messaging and Presence Protocol (XMPP) for multi-client end-to-end encryption developed by Andreas Straub. According to Straub, OMEMO uses the Double Ratchet Algorithm "to provide multi-end to multi-end encryption, allowing messages to be synchronized securely across multiple clients, even if some of them are offline". The name "OMEMO" is a recursive acronym for "OMEMO Multi-End Message and Object Encryption". It is an open standard based on the Double Ratchet Algorithm and the Personal Eventing Protocol . OMEMO offers future and forward secrecy and deniability with message synchronization and offline delivery.

In cryptography, the Double Ratchet Algorithm is a key management algorithm that was developed by Trevor Perrin and Moxie Marlinspike in 2013. It can be used as part of a cryptographic protocol to provide end-to-end encryption for instant messaging. After an initial key exchange it manages the ongoing renewal and maintenance of short-lived session keys. It combines a cryptographic so-called "ratchet" based on the Diffie–Hellman key exchange (DH) and a ratchet based on a key derivation function (KDF), such as a hash function, and is therefore called a double ratchet.

<span class="mw-page-title-main">Element (software)</span> Decentralized encrypted chat and collaboration software powered by the Matrix protocol

Element is a free and open-source software instant messaging client implementing the Matrix protocol.

<span class="mw-page-title-main">Conversations (software)</span> Free software instant messaging client for the XMPP protocol

Conversations is a free software, instant messaging client application software for Android. It is largely based on recognized open standards such as the Extensible Messaging and Presence Protocol (XMPP) and Transport Layer Security (TLS).

References

  1. 1 2 3 Marlinspike, Moxie (26 November 2013). "Advanced cryptographic ratcheting". Signal Blog. Open Whisper Systems. Archived from the original on 24 March 2017. Retrieved 23 September 2016.
  2. 1 2 3 4 5 Ermoshina, Ksenia; Musiani, Francesca; Halpin, Harry (September 2016). "Internet Science". In Bagnoli, Franco; et al. (eds.). Internet Science. INSCI 2016. Lecture Notes in Computer Science. Vol. 9934. Florence, Italy: Springer. pp. 244–254. doi:10.1007/978-3-319-45982-0_22. ISBN   978-3-319-45982-0.
  3. "WhatsApp's Signal Protocol integration is now complete". Signal. Signal Blog. 2016. Archived from the original on 29 January 2021. Retrieved 5 April 2016.
  4. 1 2 Bohn, Dieter (19 November 2020). "Google is rolling out end-to-end encryption for RCS in Android Messages beta". The Verge. Vox Media, Inc. Retrieved 28 November 2020.
  5. Unger et al. 2015 , p. 241
  6. 1 2 Frosch et al. 2016
  7. 1 2 3 4 5 Cohn-Gordon et al. 2016 , p. 2
  8. "Protocol". Open Whisper Systems. 2 March 2014. Archived from the original on 7 January 2015. Retrieved 28 October 2016 via GitHub.
  9. Donohue, Brian (24 February 2014). "TextSecure Sheds SMS in Latest Version". Threatpost. Archived from the original on 15 February 2017. Retrieved 14 July 2016.
  10. "ProtocolV2". Open Whisper Systems. 2 March 2014. Archived from the original on 15 October 2014. Retrieved 28 October 2016 via GitHub.
  11. Unger et al. 2015
  12. Pauli, Darren (3 November 2014). "Auditors find encrypted chat client TextSecure is secure". The Register . Archived from the original on 4 November 2014. Retrieved 4 November 2014.
  13. 1 2 Marlinspike, Moxie (30 March 2016). "Signal on the outside, Signal on the inside". Signal Blog. Open Whisper Systems. Archived from the original on 28 December 2016. Retrieved 9 April 2016.
  14. Cohn-Gordon et al. 2016 , p. 1
  15. Brook, Chris (10 November 2016). "Signal Audit Reveals Protocol Cryptographically Sound". Threatpost. Kaspersky Lab. Archived from the original on 14 February 2017. Retrieved 11 November 2016.
  16. Cohn-Gordon et al. 2016
  17. N. Kobeissi; K. Bhargavan; B. Blanchet (2017). "Automated verification for secure messaging protocols and their implementations: A symbolic and computational approach". 2017 IEEE European Symposium on Security and Privacy (EuroS&P) (PDF). pp. 435–450. doi:10.1109/EuroSP.2017.38. ISBN   978-1-5090-5762-7. S2CID   6717546. Archived (PDF) from the original on 24 July 2018. Retrieved 29 August 2020.
  18. 1 2 3 4 Unger et al. 2015 , p. 239
  19. 1 2 3 Rottermanner et al. 2015 , p. 5
  20. Rottermanner et al. 2015 , p. 4
  21. 1 2 Lee, Micah (22 June 2016). "Battle of the Secure Messaging Apps: How Signal Beats WhatsApp". The Intercept . Archived from the original on 19 February 2017. Retrieved 8 October 2016.
  22. "Privacy Policy". Open Whisper Systems. n.d. Archived from the original on 29 April 2017. Retrieved 8 October 2016.
  23. 1 2 Dan Goodin (30 October 2018). "New Signal privacy feature removes sender ID from metadata". Ars Technica. Archived from the original on 28 March 2019. Retrieved 28 March 2019.
  24. 1 2 3 4 Lund, Joshua (29 October 2018). "Technology preview: Sealed sender for Signal". signal.org. Signal Messenger. Archived from the original on 24 November 2018. Retrieved 16 April 2019.
  25. Evans, Jon (18 November 2014). "WhatsApp Partners With Open Whisper Systems To End-To-End Encrypt Billions Of Messages A Day". TechCrunch . Archived from the original on 18 November 2014. Retrieved 14 March 2016.
  26. Marlinspike, Moxie (18 November 2014). "Open Whisper Systems partners with WhatsApp to provide end-to-end encryption". Open Whisper Systems. Archived from the original on 18 November 2014. Retrieved 14 March 2016.
  27. Metz, Cade (5 April 2016). "Forget Apple vs. the FBI: WhatsApp Just Switched on Encryption for a Billion People". Wired . Archived from the original on 5 April 2016. Retrieved 5 April 2016.
  28. Lomas, Natasha (5 April 2016). "WhatsApp completes end-to-end encryption rollout". TechCrunch . Archived from the original on 6 April 2016. Retrieved 5 April 2016.
  29. "WhatsApp Status". WhatsApp. Facebook. 20 February 2017. Archived from the original on 23 February 2017. Retrieved 23 February 2017.
  30. Isaac, Mike (8 July 2016). "Facebook to Add 'Secret Conversations' to Messenger App". The New York Times . Archived from the original on 12 July 2016. Retrieved 12 July 2016.
  31. "Messenger Starts Testing End-to-End Encryption with Secret Conversations". Facebook. 8 July 2016. Archived from the original on 12 January 2018. Retrieved 11 January 2018.
  32. Greenberg, Andy (8 July 2016). "'Secret Conversations:' End-to-End Encryption Comes to Facebook Messenger". Wired . Archived from the original on 11 July 2016. Retrieved 12 July 2016.
  33. Greenberg, Andy (4 October 2016). "You Can All Finally Encrypt Facebook Messenger, So Do It". Wired . Archived from the original on 15 April 2017. Retrieved 5 October 2016.
  34. Seals, Tara (17 September 2015). "G DATA Adds Encryption for Secure Mobile Chat". Infosecurity Magazine. Archived from the original on 22 July 2016. Retrieved 14 July 2016.
  35. "SecureChat". G Data. Archived from the original on 7 May 2017. Retrieved 14 July 2016 via GitHub.
  36. "G DATA Secure Chat wird eingestellt" (in German). G DATA Software AG. 18 May 2018. Archived from the original on 26 April 2019. Retrieved 26 April 2019.
  37. Greenberg, Andy (18 May 2016). "With Allo and Duo, Google Finally Encrypts Conversations End-to-End". Wired . Archived from the original on 2 February 2017. Retrieved 18 May 2016.
  38. Gibbs, Samuel (21 September 2016). "Google launches WhatsApp competitor Allo – with Google Assistant". The Guardian . Archived from the original on 7 January 2019. Retrieved 21 September 2016.
  39. Porter, Jon (12 March 2019). "Google is finally saying goodbye to Allo today". The Verge. Vox Media. Archived from the original on 12 March 2019. Retrieved 26 April 2019.
  40. Klainer, Matt (5 December 2018). "The latest on Messages, Allo, Duo and Hangouts". Archived from the original on 13 April 2019. Retrieved 26 April 2019.
  41. Omara, Emad (November 2020). "Messages End-to-End Encryption Overview" (PDF). gstatic.com. Google. Retrieved 28 November 2020.
  42. Newman, Lily Hay (11 January 2018). "Skype's Rolling Out End-to-End Encryption For Hundreds of Millions of People". Wired . Archived from the original on 12 January 2018. Retrieved 13 January 2018.
  43. Lund, Joshua (11 January 2018). "Signal partners with Microsoft to bring end-to-end encryption to Skype". Signal Blog. Open Whisper Systems. Archived from the original on 2 February 2020. Retrieved 13 January 2018.
  44. "Viber Encryption Overview". Viber. 3 May 2016. Archived from the original on 11 July 2016. Retrieved 8 July 2017.
  45. Eyal, Ofir (3 May 2016). "Canada, Germany and Australia are getting e2e encryption". Viber. Archived from the original on 5 October 2016. Retrieved 9 October 2016.
  46. u/tooker (9 April 2018). "r/crypto - Forsta - Signal based messaging platform for enterprises". reddit. Archived from the original on 2 May 2018. Retrieved 6 February 2019.
  47. "ForstaLabs/libsignal-node". GitHub. Forsta Inc. 3 February 2019. Archived from the original on 13 June 2018. Retrieved 6 February 2019.
  48. Andreas Straub (7 December 2016). "XEP-0384: OMEMO Encryption". XMPP Standards Foundation website. Archived from the original on 25 February 2017. Retrieved 28 April 2017.
  49. "Add attribution". GitHub. Wire Swiss GmbH. 9 May 2016. Archived from the original on 7 May 2017. Retrieved 9 October 2016.
  50. "Wire Security Whitepaper" (PDF). Wire Swiss GmbH. 3 March 2016. Archived (PDF) from the original on 10 September 2018. Retrieved 7 February 2019.
  51. Lomas, Natasha (16 December 2016). "Encrypted messaging app Wire adds usernames so you can limit what you share with contacts". TechCrunch. Verizon Media. Archived from the original on 9 February 2019. Retrieved 8 February 2019.
  52. Barnes, Richard; Beurdouche, Benjamin; Millican, Jon; Omara, Emad; Cohn-Gordon, Katriel; Robert, Raphael (22 December 2020). "The Messaging Layer Security (MLS) Protocol". IETF. Archived from the original on 5 June 2021.
  53. Privacy Research, LLC. "libsignal-protocol-typescript". github.com. Retrieved 28 November 2020.{{cite web}}: |author= has generic name (help)

Literature