Dr. Mike Pound is my favorite person that you have ever had on. His explanations are always very clear

Please do a video on how group conversations are encrypted :)

Dr. Pound, thanks to you and your crew for all you do. You bring a lot of clarity to a subject that can be convoluted.

I'm just writing a comment knowing that YT rates the videos with comments higher than those without, and Mr. Pence deserves every bit of attention he can get. Much love

Mike should get his own BBC series.

At some point, there needs to be an Alice and Bob wedding video. Unless it is done in complete secrecy of course.

Doctor Mike is my favorite doctor. My father will have to be content with only being the best father in the world. Sorry dad.

I am a simple man. I see Dr Mike Pound in the thumbnail, I click.

I liked your video a lot. It has helped me study for a far too soon exam. Nevertheless, I find it worth mentioning, how the DH key pairs are changed in a ping-pong effect in the Signal Protocol. When A receives a message from B with a new public key e_B, A changes it's root key once, with the new K_DH=DH(d_A, e_B) key, the it re-initializes the read chain. After that, A creates a new DH key pair and then re-initializes the send chain. So when A sends a message again, it will come with A's new publih DH key and start the same procedure for B.

The world needed that animation. Wish I'd have had stuff like that in my university courses.

Thank you 😊🙏 This by far is the best channel. Alongside Numberphile of course 😜

Computerphile, we've entrusted you with the Earth's remaining supply of tractor fed paper for impact printers. Please consider using it more sparingly.

Please keep up the messaging protocol content. Great stuff as usual!

Always a pleasure to watch Dr. Mike Pound :)

Please do a video on why his hands look so strange when the view of the paper is rotated

Please send my regards to Dr Mike, my dream is to study under this guy

Excellent information from Mike as always and great visuals to help show the ratchet in action. The visuals really helped me out

Really reminds me of the wheels turning in an Enigma machine.

If the keys are deleted as soon as the message is decrypted, how do you read messages from a long time ago? Are they encrypted on disk using a different mechanism?

Really good graphics along with well explained content. Thanks for this. I've been reading up on Signal and this video helps a great deal.

You said that video packets are encrypted the same way. Since they can arrive out of order (hence the sequence numbers), how are they gonna sync the keys appropriately in order for the message to be decrypted?

"in practice they [the DH ratchets] are sent every message" but why would one need the other ratchets then, if they get reset on each message? just so Alice goes through more than one key even though Bob never sent her a new DH one because his phone was off/he wasn't replying/etc?

Yes!!! Dr Pound!!!

The starting at the same position and the synchronized ratcheting part strongly resemble (electro)mechanical cryptographic machines IMO. The Enigma for example would use a single set of ratchets for the send and recieve parts, because it was self-reciprocal, i.e. inputting the encoded message would output the cleartext message.

9:05 I can just imagine the debug log: user:alice: "well that's, not right".

Bloody genius! Can we get one on group messages in Signal?

Great video, well explained and answered all my questions! Thanks Mike. Now it's time to watch the video

6:30 - If Bob sends a new Diffie Hellman PK to make Alice's DH ratchet turn, can this PK not be copied by someone who is snooping, to turn their own DH ratchet, thus keeping in sync with Alice?

I honestly can't wait for the video that talks about how this applies to more than 2 people.

Who else is watching this in 2021? suddenly super relevant!

KDF is gonna rock you

Danke

Just curious. If people tend to tick Diffie Hellman Ratchet every message, and everything gets reset every message, why don't they just use the Diffie Hellman Ratchet?

Question: if someone finds out a key at some point, if they don't miss out on any messages, why can they still figure out the next messages? i.e. why doesn't the DH ratchet exclude the intruders from future communication if they have the current keys?

Alice and Bob in chains

I'm sorry, they *do* carry out a DH exchange on every message? So, by the time I went online and sent receipt acknowledgements, our ratchets have been updated? When are they incremented normally then, only while one of the parties is offline, for that chunk of messages? And in that case, only one attempt at DH is "in-flight", since the further "offline" messages don't yet have a completed DH result to use? Or in reality, both parties store a queue of incomplete DH exchanges, so each message sent can complete one exchange and begin another?

9:15 so when a message gets sent by bob that says "ok this is message number 9 in the chain" and alice's chain is only 2 ticks long, she goes forward 7 ticks without DH exchanges? what if i send 100 messages while alice is offline and someone captures the first packet?

If you do DH on every message do you need the other key derivation ratchets anymore?

I think I'm a Mike Pound phile.

I watch almost all of the videos on this channel and I have no idea what 99% of them are about. Still love it though. Everytime I get something out of that 1%.

what about telegram and it's mtproto protocol?

Been curious about this for a while but too lazy to look into it myself, thanks!

Maybe I'm misunderstanding this, but if the diffie-helman exchange is done for every message, doesn't that sort of make everything else redundant? The original goal of the ratchet algorithm was to make sure breaking a key didn't give access to all the past keys but that's not possible anyway if we keep resetting the ratchets everytime with a DH exchange right? Could someone please clarify this for me?

honestly cant believe this is free. AWESOMEEEEEEEEEEEEEEE

*_...is he sending color-coded messages [_**_00:11_**_] red vs green [_**_00:31_**_]..._*

Hang on. If DH is getting done with each message, how can one end 'catch up' if it recognises that some messages from the other party have been lost? The end that hasn't received messages can't do the DH exchanges for those lost messages can it? And how can the sender create new KDF keys using DH each time if the remote isn't about to dl the DH exchange with? DH is an exchange isn't it? I must be missing something.

These encryption videos are wonderful! Can we have a video on initialization vectors plz?

Hi I keep watching your (awesome) vedios again and again , but I still can't manage to answer about ssl attacks that I have to do ( as work sheet ) . How do I reach you in person. To get some help answering the questions?

How about images? How are those incorporated in the e2ee? Because you can download older images.

Can you maybe do video on quantum computers but more in a way to how it’s related to breaking asymmetric encryption? And how Shor’s algorithm would would do this?

Did they make that "other video" i rly want to know how this works in a group chat.

and how are the keys are communicated? how is the first key communicated?

How does this work for conversations with more than two people?

How can we know if what's app is actually doing all the encryption? I know we had the out of band number from the last episode, but how do we know they aren't just sending random numbers? Basically, can we prove they're doing encryption, or do we just have to take their word for it?

Why would you not use a different KDF on the output of the ratchet, so that you can never know the state of the ratchet even if you have the message key?

Is there the video for the group chat encryption?

@Michael Pound / @ Computerphile How does the KDF ratchet impact the entropy of the derived keys? Will it degrade over time if a new DH ratchet is not performed?

Why do u need a send and rec rachet, when u sent a DH with every Massage? Isnt it allrdy encrypted (enough) with a DH send?

HI All, somehow it's not clear to me ,when the Diffie hellman ratchet forwards !Any thoughts ?

What about using multiple devices then? E.g. with Whatsapp you can use desktop app but you have to scan the QR from your mobile device, does it mean that's the moment when keys synchronization happens?

Could you do a video on Telegram? Is it different? If I remember correctly, they got a lot of flak for implementing their own algorithm, but as far as I know, nobody could yet prove their implementation to be insecure.

attacking using ss7 will allow you to control the phone as if you was admin , you can then see all messages

"You must never break the chain." -Stevie Nicks

Ho does group chats work then? Do they use multiple keys for each pair or one single key for a group? @computerphile

Can anyone please explain. If the one message sent with the new public key then how the older messages are decrypted. so in this may be one or two message in the chain key then it will reset the root key and new one. So how the previous messages are decrypted ???? I'm fully confused !!

So forward secrecy is still broken if the DH gets revealed?

That was an awesome explanation... THANKS!!!! Does any one know how to create those wheels for a demo purposes...??

What if somebody cracks the private key of the DH ratchet? How is it future proof after that?

Can you guys do a video on how the TFA in USB security keys works? And is there an independent way to verify that all these apps and TFA's and ciphers etc are doing what they say they're doing? Or do we just "trust" them.

How the older messages are decrypted ?

I wonder if the ultimate potential for this is to integrate it with a blockchain like an Ethereum DAPP or put it on the IPFS, that way all the "server" computation is both decentralized and open to audit

Why not derive 2 keys with kdf first one use as input for the next round and second one as encryption key. So even encryption key is compromised the attatacker can not caculate the next key? Sure dh should be done in intervals too.

If I deleted the app in my device, does that mean I won't be able to read my previous messages even if I reinstall the app?

in your original DH vid, you mentioned in passing that if Eve can modify parts of the DH exchange then all bets were off. does this protocol do anything to ameliorate that problem? thanks for the vids, Mike.

transcriber is not enabled, what a pity!

Please do a video on threshold cryptography!!

I see I'm a bit late in this conversation, but I'd like a bit of clarification about the DH ratchet: I use Signal app, and want to know how this correlates; would this be the operation of manually resetting the session, or am I way off? Thanks for your time and consideration. Also gave this channel a thumb and a sub!

@Computerphile so if DH rtchet is being reset so often that means that endpoint device is either storing the history of the reset values or rather more worringsome unencrypted messages. Is it actually the case or am I missing something? PS Huge fan of all of the videos

Whatsapp's backup and sync "feature" removes all the encryption and backs up the messages on their servers in plain text. So what's the point of their encryption, since pretty much everyone will have backup on by default, so even the messages you sent in Whatsapp will be backed up by the person you sent it to?

key -> KDF -> key -> KDF -> key Please: key₁ -> KDF -> key₂ -> KDF -> key₃

how do im applications that allow you to use multiple devices keep data secure? or do they just use have the server able to decrpyt it? eg i can send someone an im with facebook messenger on my phone, and then see there reply on my laptop?

So, is messenger more secure than the NSA messaging app?

I mean Mike Pound is great at explaining stuff but he does look a bit like a super villain.

Love your video!

Does Viber also use a double ratchet?

How dose diffie hellman work in i grupp chat ?

Is this ratchet logic the reason why newly added participants to groups cannot usually see group message history?

drink every time Dr. Mike Pound says diffie helman

Funny how it’s similar to how the Enigma works on a physical level.

Can someone please, please tell me how homomorphic encryption works (databases)

Vs traditional PGP who wins?

I love this guy.

It's like an enigma machine.

If you have a decent production team and the subject is sitting. it may be a good idea to use mmanual focus and just sit the subject in the plane of focus. Your video has some f focus hunting in the beginning. Hope that helps...

Love this guy

Aren’t ratchet functions and trapdoor functions the same beast really? Cheers!

oh god he put Diffie-Hellman on the screen instead of just saying it, i've thought it was "Tiffy Hellman" this whole time

Expectation: Perfect e2e encrypted messaging Reality: “Error handling incoming message” for 15 messages in a row 😂

Signal is sure easier to use than was PGP.

Very cool