What does Perfect Forward Secrecy (PFS) ensure in cryptography?

Perfect Forward Secrecy ensures that the compromise of a cryptographic key will not compromise past session keys. It does this by using ephemeral key exchanges—new, temporary keys are created for each session (such as ephemeral Diffie-Hellman or ephemeral ECC). The session key that protects a conversation is derived from these ephemeral values and does not depend on any long‑term private key. Therefore, even if a server’s private key is later compromised, past communications remain confidential because their session keys cannot be derived from that private key. The other options don’t fit because using the same session key for all communications would weaken security and isn’t what PFS means; a hashing algorithm for data integrity is unrelated to securing past sessions; and using static keys means a past breach could decrypt earlier traffic, which PFS specifically avoids.