Scanning your connection...
Default PrivacyDefault Privacy
Back to Glossary
Email

What is Forward Secrecy in Messaging?

A property of messaging protocols where each message uses a unique encryption key, so compromising one key doesn't expose past or future messages.

Forward secrecy in modern messaging goes beyond traditional perfect forward secrecy by using ratcheting key mechanisms.

The Double Ratchet

The Signal Protocol (used by Signal, WhatsApp, and others) uses a "double ratchet" that combines:

  1. Diffie-Hellman ratchet: New DH key exchange with every message round
  2. Symmetric ratchet: Chain keys that derive new message keys

What This Means

  • Every message has a unique encryption key
  • Keys are deleted after use
  • Compromising your device reveals only current messages, not past ones
  • A compromised key can't decrypt future messages (self-healing)

Which Apps Have It

  • Signal: Full double ratchet
  • WhatsApp: Signal Protocol implementation
  • Wire: Proteus protocol (similar to Signal)
  • iMessage: Partial forward secrecy
  • Telegram: Only in "Secret Chats" (not default)

What Doesn't Have It

  • Regular email (PGP/S/MIME use static keys)
  • Telegram default chats
  • Most IRC and XMPP without OMEMO

Related Terms

End-to-End Encryption

A method of secure communication where only the communicating users can read the messages. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, and even the provider of the communication service – from being able to access the cryptographic keys needed to decrypt the conversation.

Perfect Forward Secrecy

A feature of key-agreement protocols that ensures session keys cannot be compromised even if the server's long-term private key is compromised. Each session uses unique keys, so past communications remain secure even if future keys are exposed.

Signal Protocol

A cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations. Developed by Open Whisper Systems, it combines the Double Ratchet Algorithm, prekeys, and a triple Diffie-Hellman handshake to provide forward secrecy and future secrecy.

Have more questions?

Use our guided flow to get the right next privacy step for Forward Secrecy in Messaging.

Open Guided Flow