Sender Keys
In cryptography, Sender Keys is a variant of the Signal Protocol[1] used in end-to-end encryption used in instant messaging. Sender Keys is used for group chats.[1] Applications using it have included Signal, Matrix, WhatsApp, Session, and Facebook Messenger.[2][3][4][5][6][7]
In order to scale to large groups, the protocol takes advantage of server-side fan-out and avoids computing a shared group key.[2][3][7] The algorithm relies upon secure pairwise communication channels between peers that provide confidentiality and authentication. For example, an Authenticated Key Exchange algorithm such as Extended Triple Diffie-Hellman (X3DH) may be combined with the Double Ratchet Algorithm to construct such a channel in practice, as is the case with WhatsApp.[8][2]
The protocol was described in a whitepaper from WhatsApp[2], and it is also related to the Messaging Layer Security standard.[9]
Functioning
 What's Up With Group Messaging? - Computerphile on YouTube, January 29, 2019 (video length: 10:49) |
Users regenerate and re-transmit sessions periodically, or whenever a user leaves or joins the group.[2][3][7]
Security properties
Security properties of Sender Keys include message confidentiality, message integrity, message authentication, forward secrecy, post-compromise security, scalability, and asynchronicity.[5][6]
See also
References
- ↑ 1.0 1.1 Oppliger 2025, pp. 239.
- ↑ 2.0 2.1 2.2 2.3 2.4 WhatsApp Encryption Overview – Technical white paper (Report). 8. WhatsApp LLC. 19 August 2024. pp. 40. https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf. Retrieved 5 August 2025.
- ↑ 3.0 3.1 3.2 Messenger End-to-End Encryption Overview (Report). 1. Meta LLC. 6 December 2023. pp. 25. https://engineering.fb.com/wp-content/uploads/2023/12/MessengerEnd-to-EndEncryptionOverview_12-6-2023.pdf. Retrieved 5 August 2025.
- ↑ Jefferys, Kee (15 December 2020). "Session Protocol: Technical implementation details". Oxen Privacy Tech Foundation. https://getsession.org/blog/session-protocol-technical-information.
- ↑ 5.0 5.1 Balbás, David; Collins, Daniel; Gajland, Phillip (2023-12-18). "WhatsUpp with Sender Keys? Analysis, Improvements and Security Proofs". Advances in Cryptology – ASIACRYPT 2023. Lecture Notes in Computer Science. 14442. Berlin, Heidelberg: Springer-Verlag. pp. 307–341. doi:10.1007/978-981-99-8733-7_10. ISBN 978-981-99-8732-0. https://doi.org/10.1007/978-981-99-8733-7_10. (PDF)
- ↑ 6.0 6.1 Albrecht, Martin R.; Dowling, Benjamin; Jones, Daniel (2024-05-19). "Device-Oriented Group Messaging: A Formal Cryptographic Analysis of Matrix' Core". 2024 IEEE Symposium on Security and Privacy (SP). pp. 2666–1685. doi:10.1109/SP54263.2024.00075. ISBN 979-8-3503-3130-1. (preprint)
- ↑ 7.0 7.1 7.2 Marlinspike, Moxie (5 May 2014). "Private Group Messaging". https://signal.org/blog/private-groups/.
- ↑ Albrecht, Martin R.; Dowling, Benjamin; Jones, Daniel (2025-05-04). "Formal Analysis of Multi-device Group Messaging in WhatsApp". Advances in Cryptology – EUROCRYPT 2025. Lecture Notes in Computer Science. 15608. Berlin, Heidelberg: Springer-Verlag. pp. 242–271. doi:10.1007/978-3-031-91101-9_9. ISBN 978-3-031-91100-2. https://kclpure.kcl.ac.uk/portal/en/publications/ca118f95-eced-41b5-b31f-6eeb022e2151. (preprint)
- ↑ "Google Messaging Layer Security: What it is and how it will improve security" (in en-US). 2024-07-27. https://www.androidpolice.com/google-messaging-layer-security-guide/. (alternate URL)
Textbook
- Oppliger, Rolf (2025). Signal and Messaging Layer Security. Artech House USA. ISBN 9781685690618. https://us.artechhouse.com/Signal-and-Messaging-Layer-Security-P2439.aspx. Retrieved 2025-08-17.
 |  |
