Ratchet Wire - Double Ratchet Algorithm Demo

Send a message to begin the conversation.

Key State

Alice

Root Key: —
Chain (Send): —
Message #: 0
DH Ratchets: 0

Bob

Root Key: —
Chain (Send): —
Message #: 0
DH Ratchets: 0

The Double Ratchet Algorithm

Overview

The Double Ratchet (also called the "X3DH + Double Ratchet" protocol) is used by Signal, WhatsApp, and Google Messages to provide:

Forward Secrecy: Old messages stay secure even if keys leak
Break-in Recovery: New messages become secure after key changes

Two Ratchets

Comparison of Symmetric Ratchet and DH Ratchet
Ratchet	Purpose	Trigger	Output
Symmetric Ratchet	Forward Secrecy	Every message sent	Unique message key
DH Ratchet	Break-in Recovery	Direction change	New root + chain keys

Symmetric Ratchet:

Uses HKDF to derive a unique message key from a chain key:


MK[n] = HKDF(CK[n], salt=0x01, "ratchet-wire-message")
CK[n+1] = HKDF(CK[n], salt=0x02, "ratchet-wire-chain")

DH Ratchet:

Uses X25519 ephemeral key pairs to derive a new root key:


root_new = HKDF(root_old, DH(my_private, their_public), "root")

Key Properties

One-way: Chain keys advance forward; you can't derive the previous chain key
Deletable: Message keys are ephemeral; no stored history
Testable: Both parties use the same HKDF labels, ensuring consistency

This Demo vs. Production

Simplified (for demo):

No signature verification (X3DH is simplified)
No one-time prekeys (OPK) in X3DH
In-memory state only (no persistence)

Production (Signal, WhatsApp):

Full X3DH with server assistance
Periodic prekey rotation
Double Ratchet with out-of-order handling
Persistent state and key management

References

Credits

The Double Ratchet Algorithm was developed by Trevor Perrin and Moxie Marlinspike (2016), building on prior work in the Off-the-Record Messaging (opens in new tab) protocol.

Symmetric Ratchet:

Uses HKDF to derive a unique message key from a chain key:


MK[n] = HKDF(CK[n], salt=0x01, "ratchet-wire-message")
CK[n+1] = HKDF(CK[n], salt=0x02, "ratchet-wire-chain")

DH Ratchet:

Uses X25519 ephemeral key pairs to derive a new root key:


root_new = HKDF(root_old, DH(my_private, their_public), "root")

Key Properties

One-way: Chain keys advance forward; you can't derive the previous chain key
Deletable: Message keys are ephemeral; no stored history
Testable: Both parties use the same HKDF labels, ensuring consistency

This Demo vs. Production

Simplified (for demo):

No signature verification (X3DH is simplified)
No one-time prekeys (OPK) in X3DH
In-memory state only (no persistence)

Production (Signal, WhatsApp):

Full X3DH with server assistance
Periodic prekey rotation
Double Ratchet with out-of-order handling
Persistent state and key management

References

Credits

The Double Ratchet Algorithm was developed by Trevor Perrin and Moxie Marlinspike (2016), building on prior work in the Off-the-Record Messaging (opens in new tab) protocol.