Perfect Forward Secrecy (PFS), also known simply as forward secrecy, is a cryptographic property of certain secure communication protocols that ensures the confidentiality of past sessions, even if the long-term private keys used in those sessions are later compromised.
For each communication session (such as a web connection or a message), a unique, temporary session key is generated using key exchange protocols like Ephemeral Diffie-Hellman (DHE) or Ephemeral Elliptic Curve Diffie-Hellman (ECDHE). Ephemeral Keys session keys are ephemeral—they are used only for the duration of a single session and are discarded immediately after the session ends. The session keys are generated independently of the server’s or client’s long-term private keys. As a result, even if an attacker later obtains the server’s private key, they cannot retroactively decrypt past sessions because the session keys are not recoverable from the long-term key.