The W Ratchet encryption protocol is a new, alternative approach to the highest tier of secure messaging. While developing CommunisP, Signal’s Double Ratchet protocol was often suggested (and I could have easily implemented it) when deciding how to handle end-to-end encryption for a peer-to-peer–based real-time and asynchronous messaging platform. However, I felt that using the traditional Double Ratchet was corny and lacking in innovation or creativity, and would only contribute to the stagnation and lack of development we see in secure messaging. We need diversity, especially if there are undisclosed cracks in the Signal protocol.
I wondered, “How can I write an encryption protocol that achieves a similar outcome—the highest level of encryption publicly available—yet uses an alternate means?” That’s when I developed the W Ratchet protocol, merging the high-level security properties of advanced E2EE ratchets with a simplified, time-based approach. Below is a technical breakdown of how the protocol works.
Technical Overview
This article provides a technical look at the W Ratchet protocol, used by CommunisP.com. Inspired by Double Ratchet–style cryptographic principles (like Signal’s), it has a unique spin: session keys rotate every 60 seconds, and each message uses ephemeral derivations (via HKDF and ephemeral ECDH). The result is end-to-end encryption (E2EE) with strong forward secrecy and post-compromise security—yet simpler in some ways than a full message-by-message ratchet.
1. Overview
W Ratchet is a key management protocol designed for secure, forward-secret, end-to-end encrypted messaging. Rather than a purely message-based chain, it relies on time-based ephemeral key rotation while still achieving the key properties we value in advanced protocols like Signal’s Double Ratchet.
Key Points:
- Session Key Rotation (every 60 seconds): Both parties perform a fresh ECDH handshake, creating a new “base” shared secret.
- Per-Message Ephemeral Keys: For each message, a unique ephemeral key is derived (using HKDF or ephemeral ECDH expansions). Every message gets its own encryption key.
- Forward Secrecy & Post-Compromise Security: When a new ephemeral handshake happens—or when a new ephemeral key is used—old keys can’t decrypt future messages.
Goal: Provide a strong ephemeral system that “resets” cryptographic states on a regular schedule. By combining a time-based re-key interval (“the W Ratchet main clock”) with per-message ephemeral expansions, each message remains protected by freshly derived secrets.
2. Core Concepts & Components
2.1 Long-Term Identity Keys
- Identity Keypair: Each user has a stable public/private key pair (e.g., ECDSA for signing, or a static ECDH key to authenticate ephemeral public keys).
- Purpose: These keys don’t directly encrypt messages. Instead, they confirm the authenticity of ephemeral key exchanges and ensure you’re communicating with the correct person over time.
2.2 Base Session Key (60-Second Rotation)
- Periodic ECDH Exchange: Every 60 seconds, both peers generate new ephemeral ECDH key pairs.
- Shared Secret Derivation: They do an ECDH handshake on these new pairs to produce a “base” shared secret, then run SHA-256 or HKDF to create a session key.
- Schedule: This re-key event triggers by time. If the last exchange was at 12:00:00, the next triggers at 12:01:00. If a user is offline, they simply catch up upon reconnecting.
2.3 Per-Message Ephemeral Key Derivation
- Message-Level Key: For each message, possibly generate a new ephemeral ECDH pair or rely on local ephemeral parameters. Combine the latest session key, a unique message ID (or ephemeral public key), and HKDF to create the final encryption key. Then encrypt with AES-GCM or ChaCha20-Poly1305.
- Result: Each message is encrypted with a distinct key. If one ephemeral key is compromised, it doesn’t unlock other messages—especially once the session key rotates.
2.4 HKDF (HMAC-based Key Derivation Function)
- Usage: W Ratchet heavily relies on HKDF to transform ephemeral secrets (ECDH outputs, random seeds, message IDs) into final encryption keys.
- Why HKDF:
- Uniform Output: Minimizes partial compromise.
- Multiple Subkeys: One seed can generate separate keys for encryption, authentication, etc.
2.5 Synchronization & Offline Messages
- Time-Based: If a user is offline when the 60-second interval elapses, the old session key is stale. The ephemeral handshake re-occurs upon reconnection, updating them.
- Per-Message: Each message references ephemeral data so the receiver can re-derive the correct key, maintaining forward secrecy even if some messages were missed.
3. Security Properties & Why It’s “So Good”
3.1 Forward Secrecy
- Short Window: A fresh session key rotates every 60 seconds, discarding old ephemeral keys. If an attacker steals your key at minute 2, they can’t read messages from minute 3 onward.
- Per-Message Isolation: Each new message uses a unique ephemeral derivation. Compromising one message key won’t decrypt the rest.
3.2 Post-Compromise Security
If the current session key is compromised, the next ephemeral handshake (or the next minute) locks out the attacker automatically—no user intervention required. This mimics advanced designs like Signal’s Double Ratchet but is triggered by time.
3.3 Resistance to Replay or Out-of-Order Issues
- Each message includes ephemeral context (like a message ID), making replays easy to detect (“I’ve already processed that ID”).
- Old ephemeral keys become invalid after the next update, preventing attackers from replaying messages after a rotation.
3.4 Simplicity in Implementation
- Time-Based Model: Instead of separate sending/receiving chains, W Ratchet re-keys every 60 seconds.
- HKDF: Straightforward expansions keep the code simpler to maintain.
- Auto-Recovery: Missed a rotation? Upon reconnect, you just do the handshake anew—no complicated chain skipping.
3.5 Adaptable & Extensible
- Adjust the Interval: 30 seconds, 5 minutes—tune it to your security/performance needs.
- Extra Ephemeral Layers: ECDSA signatures per message, ephemeral file encryption, ephemeral group chat, etc.
- Scalable to Groups: Multi-party ephemeral ECDH or broadcast keys can be implemented.
4. Example Protocol Flow
Time = 12:00
- Alice and Bob perform a fresh ephemeral ECDH handshake. They each compute a session key valid until 12:01.
Alice Sends “Hello!”
- Assign
msg_id = 1
. - Derive a per-message key using HKDF, the session key, and
msg_id
. - Encrypt “Hello!” with that ephemeral key.
- Bob receives and reconstructs the same ephemeral key, decrypting successfully.
Time = 12:01
- Another ephemeral handshake occurs. If an attacker compromised the 12:00 key at 12:00:30, they can’t decrypt anything from 12:01 onward.
Alice Sends Another Message
- Uses the new 12:01 ephemeral handshake’s session key.
- Messages from 12:01 to 12:02 are derived from that ephemeral base, plus a per-message HKDF expansion.
5. Differences vs. Double Ratchet
Although both provide forward secrecy, post-compromise security, and ephemeral usage, W Ratchet differs by:
- Time-Driven vs. Message-Driven: Double Ratchet increments per message; W Ratchet re-keys every X seconds plus ephemeral expansions.
- Less Complexity for Out-of-Order Handling: No need to store “skipped message” ephemeral keys; W Ratchet simply treats older keys as stale.
- Similar Security Goals: Forward secrecy and post-compromise security are still achieved, but W Ratchet is simpler to implement.
6. Why the W Ratchet Is “So Good”
- Frequent, Automated Security Refresh: 60-second rotations drastically reduce the attack window.
- Built-In Recovery from Compromise: The next handshake effectively locks out attackers, no user action required.
- Simplified Implementation: Time-driven intervals are easier to manage than chain-based processes.
- Flexible Ephemeral Depth: Adjust intervals or add ephemeral enhancements without reworking the entire chain logic.
- Strong Forward & Future Secrecy: Each new ephemeral key nullifies old ones, ensuring continuous protection.
7. Conclusion
The W Ratchet protocol adopts the core ideals of double-ratchet–style forward secrecy—frequent ephemeral key updates, robust post-compromise security—and implements them via a simpler, time-scheduled ECDH handshake plus per-message HKDF expansions. It is:
- Robust: Inherits the forward secrecy benefits of modern secure messengers.
- Simple: Less complicated than fully chain-based ratchets, easier to maintain.
- Effective: Minimizes risk windows for compromised keys and supports ephemeral messaging.
- Extensible: Straightforward to integrate group chat, voice/video, or advanced ephemeral features.
W Ratchet merges the high-level security of advanced E2EE ratchets with a simpler, time-based approach—easier to implement, debug, and scale—while preserving critical ephemeral security for each message.
CommunisP.com | This isn’t just encryption—it’s a quiet revolution in secure communication.