Perfect Forward Secrecy (PFS)

Perfect forward secrecy means each session uses a fresh, ephemeral encryption key derived from a key-exchange protocol like Diffie-Hellman. Even if the long-term identity key is later compromised, past session keys are gone — they were ephemeral by design and cannot be reconstructed. The Signal Protocol's Double Ratchet provides PFS at every message: each message uses a freshly derived key, deleted immediately after use. TLS 1.3 enforces PFS by default. WireGuard provides PFS via its handshake. Why this matters: an adversary who records all encrypted traffic today and obtains your private key in five years cannot retroactively decrypt today's messages. Without PFS — for example, in old PGP without ephemeral keys — that retroactive attack succeeds.