About
Interactive walkthrough of the Signal Protocol's X3DH key agreement and Double Ratchet,
for those already familiar with primitives like Diffie-Hellman and authenticated encryption.
All cryptography is simulated locally with human-readable keys.
Built for educational purposes. Does not cover post-quantum variants (PQXDH, Triple Ratchet). More features will be added.
Please consult the official documentation for reference.
Thanks to Daniel Collins and Loïs Huguenin-Dumittan for their valuable feedback.
Color Coding
Identity Keys (IK)
Signed PreKeys (SPK)
One-Time PreKeys (OPK) / Chain Keys (CK)
Ephemeral Keys (EK) / DH Keys
Root Key (RK)
Message Keys (MK)
Abbreviations
| X3DH | Extended Triple Diffie-Hellman (key agreement) |
| DH | Diffie-Hellman key exchange |
| KDF | Key Derivation Function |
| HKDF | HMAC-based KDF |
| AEAD | Authenticated Encryption with Associated Data |
| IK | Identity Key (long-term) |
| SPK | Signed PreKey (medium-term, signed by IK) |
| OPK | One-Time PreKey (single use) |
| EK | Ephemeral Key (per-session) |
| SK | Shared Secret (from X3DH) |
| RK | Root Key (root chain state) |
| CK | Chain Key (send/recv chain state) |
| MK | Message Key (per-message encryption key) |
| DHs | DH ratchet sending key pair (own key) |
| DHr | DH ratchet received key (other party's key) |
| PN | Previous chain length (for skipped keys) |