Skip to content

docs: ephemeral key exchange and forward secrecy #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
neuromechanist merged 1 commit into from
Jun 23, 2026
+11 −10
Merged

docs: ephemeral key exchange and forward secrecy #4

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions docs/security/how-it-works.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,12 +112,12 @@ Your device's key is long-lived (you generate it once). But what if it's ever co

Secure LSL protects against this with **session keys**:

1. When two devices connect, they perform a **key exchange** to create a shared secret
2. This secret is used to derive a **session key** that encrypts all data
3. Session keys are **rotated periodically**
4. Session keys are never stored; they exist only in memory
1. When two devices connect, each generates a **fresh ephemeral key pair** for that connection only, signs its ephemeral public key with the shared device key, and exchanges them
2. The ephemeral key exchange produces a shared secret used to derive a **session key** that encrypts all data
3. Session keys are **rotated periodically** (a new ephemeral exchange each epoch)
4. The ephemeral secret keys are discarded as soon as the session key is derived; session keys are never stored and exist only in memory

This provides **forward secrecy**: even if an attacker eventually obtains your device's private key, they cannot decrypt recordings from past sessions that used different session keys.
This provides **forward secrecy**: even if an attacker eventually obtains your device's long-term private key, they cannot decrypt recordings from past sessions, because each session's key depended on ephemeral secrets that no longer exist.

---

Expand Down
11 changes: 6 additions & 5 deletions docs/security/security-model.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,13 +78,14 @@ Secure LSL does NOT protect against:
- Sliding window tolerates minor reordering
- In testing, all replay attempts were rejected

### Session Key Isolation
### Session Key Isolation and Forward Secrecy

**Guarantee**: Each connection uses a unique session key.
**Guarantee**: Each connection uses a unique session key, and past sessions stay protected even if the long-term key is later compromised.

- Session keys derived per connection with connection-specific context
- Automatic periodic key rotation
- Session keys exist only in memory during connection lifetime
- Each connection performs a fresh ephemeral X25519 exchange (signed with the shared device key) to derive its session key
- The ephemeral secret keys are destroyed once the session key is derived, providing forward secrecy
- Automatic periodic key rotation, with a fresh ephemeral exchange each epoch
- Session keys exist only in memory during the connection lifetime

---

Expand Down
Loading