{{Short description|Cryptographic protocol for instant messaging}}
In cryptography, '''Sender Keys''' is a variant of the Signal Protocol{{sfn|Oppliger|2025|pp=239}} used in end-to-end encryption used in instant messaging. Sender Keys is used for group chats.{{sfn|Oppliger|2025|pp=239}} Applications using it have included Signal, Matrix, WhatsApp, Session, and Facebook Messenger.<ref name="WhatsAppWhitepaper" /><ref name="MessengerEncrypt2023"/><ref name="SessionEncrypt"/><ref name="Balbas2023"/><ref name="Albrecht2024"/><ref name="SignalSession"/>
In order to scale to large groups, the protocol takes advantage of server-side fan-out and avoids computing a shared group key.<ref name="WhatsAppWhitepaper"/><ref name="MessengerEncrypt2023"/><ref name="SignalSession"/> The algorithm relies upon secure pairwise communication channels between peers that provide confidentiality and authentication. For example, an Authenticated Key Exchange algorithm such as Extended Triple Diffie-Hellman (X3DH) may be combined with the Double Ratchet Algorithm to construct such a channel in practice, as is the case with WhatsApp.<ref name="Albrecht2025"/><ref name="WhatsAppWhitepaper" />
The protocol was described in a whitepaper from WhatsApp,<ref name="WhatsAppWhitepaper" /> and it is also related to the Messaging Layer Security standard.<ref>{{Cite web |date=2024-07-27 |title=Google Messaging Layer Security: What it is and how it will improve security |url=https://www.androidpolice.com/google-messaging-layer-security-guide/ |access-date=2025-09-04 |website=Yahoo Tech |language=en-US}} ([https://tech.yahoo.com/general/articles/google-messaging-layer-security-improve-072512776.html alternate URL])</ref>
== Functioning ==
{{external media|video1={{YouTube|id=Q0_lcKrUdWg|title=What's Up With Group Messaging? - Computerphile}}, January 29, 2019 (video length: 10:49)}}
In Sender Keys, users within a group are assumed to maintain secure pairwise communication channels with each other user. Each user constructs a session that consists of a symmetric key and an asymmetric signing key pair; each user sends their session's symmetric key and the signing key pair's public key to each other user through the respective pairwise secure channels.<ref name="WhatsAppWhitepaper"/>
To send a message, a user "ratchets" their symmetric key forward by applying a cryptographic hash function, encrypts their message with the newly hashed symmetric key, and constructs a digital signature protecting the encrypted message with the private signing key. The sender forwards the encrypted message to the server, who then fans it out to all receivers. Each receiver checks the signature with public signing key, hashes their symmetric key to match the sender, and decrypts the message.{{citation needed|date=August 2025}}
Users regenerate and re-transmit sessions periodically, or whenever a user leaves or joins the group.<ref name="WhatsAppWhitepaper"/><ref name="MessengerEncrypt2023"/><ref name="SignalSession"/>
==Security properties==
Security properties of Sender Keys include message confidentiality, message integrity, message authentication, forward secrecy, post-compromise security, scalability, and asynchronicity.<ref name="Balbas2023"/><ref name="Albrecht2024"/>
==See also== * Comparison of instant messaging protocols * Messaging Layer Security * Signal Protocol
== References ==
<references> <ref name="WhatsAppWhitepaper">{{cite report | title = WhatsApp Encryption Overview – Technical white paper | version = 8 | url = https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf | publisher = WhatsApp LLC | date = 19 August 2024 | pages = 40 | access-date = 5 August 2025 }}</ref> <ref name="MessengerEncrypt2023">{{cite report | title = Messenger End-to-End Encryption Overview | version = 1 | url = https://engineering.fb.com/wp-content/uploads/2023/12/MessengerEnd-to-EndEncryptionOverview_12-6-2023.pdf | publisher = Meta LLC | date = 6 December 2023 | pages = 25 | access-date = 5 August 2025 }}</ref> <ref name="SessionEncrypt">{{cite web |last=Jefferys |first=Kee |date=15 December 2020 |title=Session Protocol: Technical implementation details |url=https://getsession.org/blog/session-protocol-technical-information |website=Session Private Messenger Blog |publisher=Oxen Privacy Tech Foundation |access-date=5 August 2025 |archive-url=https://web.archive.org/web/20250619115810/https://getsession.org/blog/session-protocol-technical-information |archive-date=19 June 2025 |url-status=live }}</ref> <ref name="SignalSession">{{cite web |last=Marlinspike |first=Moxie |date=5 May 2014 |title=Private Group Messaging |url=https://signal.org/blog/private-groups/ |access-date=11 August 2025 }}</ref> <ref name="Balbas2023">{{Cite book |last1=Balbás |first1=David |last2=Collins |first2=Daniel |last3=Gajland |first3=Phillip |chapter=WhatsUpp with Sender Keys? Analysis, Improvements and Security Proofs |series=Lecture Notes in Computer Science |date=2023-12-18 |volume=14442 |title=Advances in Cryptology – ASIACRYPT 2023 |chapter-url=https://doi.org/10.1007/978-981-99-8733-7_10 |location=Berlin, Heidelberg |publisher=Springer-Verlag |pages=307–341 |doi=10.1007/978-981-99-8733-7_10 |isbn=978-981-99-8732-0 |chapter-url-access=subscription }} ([https://eprint.iacr.org/2023/1385.pdf PDF])</ref> <ref name="Albrecht2024">{{Cite book |last1=Albrecht |first1=Martin R. |last2=Dowling |first2=Benjamin |last3=Jones |first3=Daniel |chapter=Device-Oriented Group Messaging: A Formal Cryptographic Analysis of Matrix' Core |date=2024-05-19 |title=2024 IEEE Symposium on Security and Privacy (SP) |pages=2666–1685 |doi=10.1109/SP54263.2024.00075|isbn=979-8-3503-3130-1 }} ([https://eprint.iacr.org/2023/1300 preprint])</ref> <ref name="Albrecht2025">{{Cite book |last1=Albrecht |first1=Martin R. |last2=Dowling |first2=Benjamin |last3=Jones |first3=Daniel |chapter=Formal Analysis of Multi-device Group Messaging in WhatsApp |series=Lecture Notes in Computer Science |date=2025-05-04 |volume=15608 |title=Advances in Cryptology – EUROCRYPT 2025 |chapter-url=https://kclpure.kcl.ac.uk/portal/en/publications/ca118f95-eced-41b5-b31f-6eeb022e2151 |location=Berlin, Heidelberg |publisher=Springer-Verlag |pages=242–271 |doi=10.1007/978-3-031-91101-9_9 |isbn=978-3-031-91100-2}} ([https://eprint.iacr.org/2025/794.pdf preprint])</ref> </references>
=== Textbook ===
{{refbegin}} * {{Cite book |last=Oppliger |first=Rolf |title=Signal and Messaging Layer Security |url=https://us.artechhouse.com/Signal-and-Messaging-Layer-Security-P2439.aspx |date=2025 |access-date=2025-08-17 |publisher=Artech House USA |isbn=9781685690618 }} {{refend}}
Category:Cryptography Category:Internet privacy Category:Secure communication