libsignal is a cryptographic library that implements the Signal Protocol, providing the core primitives for end-to-end encrypted messaging with forward secrecy and deniable authentication. It includes the Double Ratchet algorithm for iteratively deriving fresh encryption keys per message, and the X3DH key agreement protocol for establishing shared secrets between parties asynchronously. A session state machine maintains cryptographic state across message exchanges, supporting recovery and out-of-order delivery.
The library extends beyond basic messaging encryption with capabilities such as zero-knowledge proof group membership verification, which allows confirming a user's group membership without revealing the full group roster. It also supports hardware attestation verification to validate the identity and integrity of remote hardware security modules, and provides for secure device migration—transferring account data from one device to another while preserving encryption keys.
Additional scope includes a Rust C FFI bridge that exposes cryptographic functions as a cross-platform API, enabling integration from multiple programming languages without rewriting core logic. The library covers end-to-end encryption, group membership verification, and device migration security as distinct capability areas.
