/dev/posts/

Notes on X3DH

Published:

Updated:

Some notes on X3DH (Extended Triple Diffie-Hellman).

Table of content

Motivation

X3DH is a asynchronous variant of the triple Diffie-Hellman key exchange.

The goal is to have an asynchronous (aka non-interactive, aka zero round trip) authenticated Diffie-Hellman key exchange with interactive forward secrecy between Alice and Bob:

This is used to bootstrap some asynchronous communication channel (eg. Signal) between Alice and Bob.

Context

In the synchronous case (when Alice and Bob are both online), we can achieve this using some form of authenticated Diffie-Hellmman key exchange such as:

The latter combines three Diffie-Hellman key agreements:

Triple Diffie-Hellman (3DH)

X3DH

Overview

X3DH is an extensions of 3DH for asynchronous communications. As Bob is offline, we have to be more lenient about his ephemeral contributions: Bob cannot generate a new ephemeral (short-lived, used only once, whose private key is never persisted and erased immediately after use) contribution on the spot. Instead, Bob's ephemeral contribution is replaced with a more long-lived contribution, called a prekey (because it is contributed beforehand) keypair (pSPKB, SPKB):

Diffie-Hellman key agreements in 3DH and X3DH (Alice to Bob)
Key agreement Role 3DH (Alice/Bob) X3DH (Alice/Bob)
DH1 authenticates Alice static/ephemeral static/prekey
DH1 authenticated Bob ephemeral/static ephemeral/static
DH3 forward secrecy ephemeral/ephemeral ephemeral/pre-key
DH4 better forward secrecy N/A ephemeral/one-time prekey (optional)

This relaxes the forward secrecy guarantees provided by the key exchange. As Bob's private prekey pSPKB is persisted, it increases the risk that it may be compromised at a later time. If compromised, it may be used by an attacker to derive the agreed-upon key material for all communications established by other people to Bob with that keypair[1].

This is mitigated in three ways:

  1. Bob's prekey is changed periodically in order to reduce the window of exposure and the impact of a compromised pSPKB.
  2. Bob may additionally generate one-time prekeys (pOPKB, OPKB) and publish their public keys to the server. Each one-time prekey public key is sent only once by the server and used only once. If one is available, it is included in an additionnal (ephemeral/one-time prekey) key agreement.
  3. X3DH is usually followed by the Double Ratchet algorithm. As soon as Bob sends a message, he contributes a new Diffie-Hellman (ratchet) key pair and the resulting shared secret will be used for following messages.

Sequence Diagram

Sequence diagram for X3DH

Keys

Overview of the keypairs used in X3DH
Public key Private key Name Lifetime
IKA pIKA Alice's identity key static
EKA pEKA Alice's ephemeral key ephemeral
IKB pIKB Bob's identity key static
SKB pSKB Bob's signed prekey reused but changed periodically
OKB pOKB Bob's one-time prekey one-time use (but private key still persisted)

Alice and Bob identity key pairs:

Bob's signed (DH) prekey pairs:

Bob's one-time (DH) prekey pairs:

Alice's ephemeral (DH) key pair:

References

Appendix, notations


  1. See the relevant section of the specification for more details of the impact of a compromised key. ↩︎

  2. Elliptic-Curve key pairs may be used for either signature or Diffe-Hellman key agreement. In general, it is not safe to use the same key pair both for signature and for DH key agreement. However, X3DH uses XEdDSA and the XEdDSA spec hints that this might be safe to do this in this case:

    XEdDSA enables use of a single key pair format for both elliptic curve Diffie-Hellman and signatures. In some situations it enables using the same key pair for both algorithms.

    [...]

    In theory, under some circumstances it is safe to use a key pair to produce signatures and also use the same key pair within certain Diffie-Hellman based protocols. In practice this is a complicated topic requiring careful analysis, and is outside the scope of the current document.

    ↩︎