Interesting, and thanks! Normally DHKE is authenticated though with public key cryptography? The way I understand is DHKE establishes a secret... with someone but in order to ensure it was your intended party, not a hostile government, usually a public key signature exchange takes place.
That's correct, it's an authenticated Diffie-Hellman key exchange. I'm not sure why they don't show the actual public keys anywhere but I suppose it doesn't make a lot of sense for the general public and it'd only be confusing.
In fact, the cryptography is even more complicated: The Signal protocol uses a so-called double ratchet algorithm[0] which derives from the session/conversation keys a new ephemeral message key whenever possible (again using a DHKE). This has the added advantage of providing forward secrecy.
