WhatsApp's End-to-End Encryption
End-to-End Encryption (E2EE) is a way to keep your messages private. With this feature, only you and the person you're talking to can see your messages. WhatsApp uses E2EE by default to ensure your messages are protected.
What is End-to-End Encryption?
End-to-end encryption means that your messages, calls, and shared files are encrypted on your phone and can only be decrypted on the other person’s phone. No one else, not even WhatsApp, can read or listen to them.
E2EE involves three key components: identity verification, session key generation, and message encryption. Here’s how each part works:
- Identity Verification ensures that the communication partners are legitimate and that they are who they claim to be. This prevents impersonation and ensures the authenticity of both parties.
- Session Key Generation establishes a secure connection between the two users. It allows both parties to independently derive the same shared secret (session key) that will be used to encrypt and decrypt the messages.
- Message Encryption ensures that the content of the communication remains private. The session key is used to encrypt the messages, so only the intended recipient, who has the corresponding key, can decrypt and read the messages.
Step-by-Step Explanation of Identity Verification
1. User Setup: Generating Keys
Each WhatsApp user generates a public-private key pair when they first set up their account:
- Private Identity Key: This is kept secure on the user’s device and is never shared with anyone.
- Public Identity Key: This is shared with other users so they can authenticate the user’s identity.
Example:
-
Ahalya generates her Identity Key Pair:
- Private Identity Key: Stored securely on Ahalya’s phone.
- Public Identity Key: Shared with WhatsApp’s servers.
-
Bharath generates his Identity Key Pair:
- Private Identity Key: Stored securely on Bharath’s phone.
- Public Identity Key: Shared with WhatsApp’s servers.
2. Key Exchange: Sharing Public Keys
When Ahalya wants to start a conversation with Bharath, both exchange their public identity keys. These keys are used to authenticate each other and ensure they are communicating with the correct person.
Example:
- Ahalya sends Bharath a message. Along with the message, Ahalya’s Public Identity Key is also sent to Bharath.
- Bharath’s WhatsApp app receives Ahalya’s Public Identity Key, and Bharath’s Public Identity Key is also shared with Ahalya’s device.
3. Security Code Verification: Confirming Key Authenticity
WhatsApp provides a Security Code to help users verify the authenticity of the public keys they receive. This code acts as a fingerprint of the user’s Public Identity Key.
- WhatsApp automatically displays security codes for each user’s Public Identity Key in the contact info section.
- If a user’s Public Identity Key changes (e.g., due to a device reinstall), WhatsApp notifies both users.
Example:
- Ahalya’s app displays Bharath’s Security Code, and Bharath’s app displays Ahalya’s Security Code.
- If the security codes match, both users can trust that their communication is secure. If not, WhatsApp alerts them to potential issues.
Step-by-Step Explanation of Session Key Generation
1. Key Exchange Setup
Before generating the session key, both users exchange the following public keys:
- Identity Key Pair: A long-term key pair for verifying identity.
- Signed Pre-Key Pair: A pre-generated key pair signed using the user’s private identity key.
- One-Time Pre-Key: A disposable public key ensuring session uniqueness.
When User A wants to communicate with User B, they exchange:
- User A’s public identity key
- User A’s public signed pre-key
- User A’s one-time pre-key
- User B’s corresponding public keys
2. Key Authentication
After receiving each other’s public keys, both users verify the keys:
- User A verifies User B’s signed pre-key using User B’s public identity key.
- Similarly, User B verifies User A’s signed pre-key using User A’s public identity key.
This prevents impersonation and ensures both users are legitimate.
3. Deriving the Shared Session Key
Each user independently computes the same shared session key using their private keys and the other user’s public keys. The session key is unique and never transmitted over the network. Here’s how this happens in detail:
-
Private and Public Key Combination:
-
User A combines:
- Their private identity key with User B’s public signed pre-key to derive a partial key.
- Their private identity key with User B’s public one-time pre-key to ensure uniqueness for the session.
-
User B performs a similar process:
- Their private identity key is combined with User A’s public signed pre-key.
- Their private identity key is combined with User A’s public one-time pre-key.
-
User A combines:
-
Mathematical Agreement:
- Both users perform calculations to derive the same shared session key using the exchanged public keys and their private keys. The use of the one-time pre-key ensures that the session key is unique for this specific conversation.
For example:
-
User A calculates:
• Session Key = f(Private Key of A, Public Key of B)
-
User B calculates:
• Session Key = f(Private Key of B, Public Key of A)
The function ( f ) ensures that both calculations produce the same session key.
So, when you see f(Private Key of A,Public Key of B), it implicitly includes the process of combining A's private identity key with:
B's public identity key,
B's signed pre-key,
B's one-time pre-key.
Reference implementation in Swift
import Foundation
import CryptoKit
// Function to generate key pair (private and public keys)
func generateKeys() -> (privateKey: P256.KeyAgreement.PrivateKey,
publicKey: P256.KeyAgreement.PublicKey) {
let privateKey = P256.KeyAgreement.PrivateKey()
let publicKey = privateKey.publicKey
return (privateKey, publicKey)
}
// Function to compute a shared symmetric key using private and peer's public key
func computeSharedSecret(privateKey: P256.KeyAgreement.PrivateKey,
peerPublicKey: P256.KeyAgreement.PublicKey) throws -> SymmetricKey {
let sharedSecret = try privateKey.sharedSecretFromKeyAgreement(with: peerPublicKey)
let symmetricKey = sharedSecret.hkdfDerivedSymmetricKey(
using: SHA256.self,
salt: "Diffie-Hellman".data(using: .utf8)!,
sharedInfo: Data(),
outputByteCount: 32
)
return symmetricKey
}
// Function to validate that both users derive the same shared secret
func validateSharedSecrets() -> Bool {
let userAKeys = generateKeys()
let userBKeys = generateKeys()
do {
let sharedSecretA = try computeSharedSecret(privateKey: userAKeys.privateKey, peerPublicKey: userBKeys.publicKey)
let sharedSecretB = try computeSharedSecret(privateKey: userBKeys.privateKey, peerPublicKey: userAKeys.publicKey)
// Compare the symmetric keys
return sharedSecretA == sharedSecretB
} catch {
print("Error computing shared secret: \(error)")
return false
}
}
// Main execution
let isSharedSecretSame = validateSharedSecrets()
print("Shared secrets are the same: \(isSharedSecretSame)")
-
Ensuring Security:
- Since the session key is generated locally on each device and not transmitted over the network, it remains secure from potential eavesdroppers.
-
Session Key Properties:
- The session key is:
- Unique to each session.
- Disposable after use.
- Essential for encrypting and decrypting messages during the conversation.
- The session key is:
4. Ensuring Uniqueness with the One-Time Pre-Key
To make the session key unique for every session:
- User A and User B incorporate the one-time pre-key into the key generation process. This ensures that even if keys are reused, the resulting session key will be different.
- Once the one-time pre-key is used, it is discarded and cannot be reused, further enhancing security.
Message Encryption: Ensuring Privacy with the Session Key
1. Encrypting the Message (Sender Side)
When User A sends a message to User B:
- The message starts as plaintext on User A’s device.
- Example: “Hello, how are you?”
- The session key is used to encrypt the plaintext into ciphertext.
- A nonce (a unique random number) is added to ensure identical messages produce different ciphertexts.
- Example Ciphertext:
4A8f2H93l!#gkL2
- Example Ciphertext:
- The ciphertext and nonce are sent to User B.
2. Decrypting the Message (Recipient Side)
When User B receives the encrypted message:
- The ciphertext and nonce are received by User B’s device.
- The session key (already generated on User B’s device) decrypts the ciphertext back into plaintext.
- Example: “Hello, how are you?”
Key Features of Message Encryption
-
Role of the Session Key:
- The session key ensures that only the sender and receiver can encrypt and decrypt messages.
- It is never transmitted over the network.
-
Use of a Nonce:
- Prevents identical messages from producing identical ciphertexts.
- Adds randomness, making it harder for attackers to identify patterns.
-
Message-Specific Encryption:
- Each message is encrypted individually, ensuring that compromising one message doesn’t affect others.
-
Forward Secrecy:
- Unique session keys for each conversation prevent past or future messages from being compromised.
Conclusion
WhatsApp’s End-to-End Encryption ensures that every message, call, and file shared is private, secure, and accessible only to the intended recipient. By combining robust identity verification, session key generation, and message encryption, WhatsApp protects users from eavesdropping, impersonation, and data breaches. Whether you’re sharing personal messages or sensitive information, WhatsApp’s encryption system provides the highest level of security and privacy.
With features like nonce-based encryption and forward secrecy, WhatsApp sets a high standard for secure communication, ensuring users can communicate confidently and privately.
Top comments (0)