ChatSecure 4.0 Launches With Support For Signal-Derivative ‘OMEMO’ Protocol (Update)

ChatSecure 4.0 adopted support for the OMEMO (OMEMO Multi-End Message and Object Encryption) protocol, which was created as a derivative of the Signal protocol and adapted to the Extensible Messaging and Presence Protocol (XMPP) federated chat protocol.

OMEMO And Signal

The core of the Signal protocol is represented by a “double ratchet algorithm,” previously known as the Axolotl ratchet. It’s so named because it combines a cryptographic ratchet based on the Diffie-Hellman key exchange algorithm initially introduced by the OTR (Off The Record) end-to-end encryption protocol, and a ratchet similar to what the Silent Circle Instant Messaging Protocol (SCIMP) was using.

Thus, Signal’s double ratchet can encrypt messages end-to-end and rotate the keys often to make spying through key stealing much harder, all while also gaining the ability to send messages offline (asynchronously).

Although some chat applications such as Signal, Silent Circle’s Silent Phone, WhatsApp, Google’s Allo (Incognito Mode), and Facebook Messenger (Secret Conversations) use the official Signal protocol, there have been other derivatives of Signal as well, with more or less the same level of security. OMEMO for XMPP is one of them, but there are also Olm for the XMPP competitor “Matrix” (another federated chat protocol), Wired’s reverse engineered Signal protocol, and Viber--which may be using a more heavily modified version of the Signal protocol, as well.

OMEMO uses the same double ratchet protocol as Signal, but it's been adapted as an official extension to the XMPP protocol. XMPP is used by many chat applications, including ChatSecure, Conversations (whose engineer invented OMEMO), Google Talk, Facebook Messenger, and even WhatsApp. However, some of the those have forked the XMPP protocol to disable federation and add their own internal changes.

ChatSecure 4.0

The history of ChatSecure is a little complicated. ChatSecure for iOS was one of the very first and most popular OTR-based chat applications for iOS. The Android version of ChatSecure, previously known as Gibberbot, was maintained by the Guardian Project, a group that develops privacy-focused and open source applications. The two app projects (ChatSecure for iOS and Gibberbot) eventually united forces under the ChatSecure name, so that both iOS and Android users can use and recommend to each other the same application.

Because OTR is a synchronous protocol that can send messages between two users only while they're both online, ChatSecure eventually decided to support a protocol similar to Signal. However, due to some licensing issues, it decided to wait until there was a proper derivative that it can use. OMEMO, which was created by an engineer at Conversations.im, became an extension to the XMPP protocol that ChatSecure could use, as well.

Thanks to OMEMO, ChatSecure 4.0 (iOS version-only for now) is getting asynchronous end-to-end encryption, just like Signal and WhatsApp. Version 4.1 will also bring end-to-end encrypted group chats and multi-device syncing support, as well as other improvements.

Updated, 1/18/2017, 11:35am PT The article was updated to note that part of Signal's double ratchet is similar to, but not based on, SCIMP. Also, end-to-end encrypted group messaging capability should arrive in ChatSecure 4.1, rather than it being already available in 4.0.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.