How WhatsApp end-to-end encryption has been implemented

WhatsApp is the most popular messenger app, has rolled out the end-to-end encryption secured chat for its users. The users using WhatsApp for sending text messages, files, audio, video, documents, pictures are now encrypted and protected from intruders or third party to access your chats.

Jon koum, the co-founder of WhatsApp, has declared it on Facebook page that it will be end-to-end encrypted messaging app protected from intruders. It is automatically activated on users device from 31.03.2016 on the updated version. Users no need to change any settings to make it enable. It gets enable by default and user no need to worry about any privacy. There is no switch off option for end-to-end encryption.

It is also available for users documents transfer, WhatsApp call, and group chats. There is another option to check whether your messages or chats are secured or not. When you start chat with your friend on updated version of WhatsApp, a message citing “Messages you send to this chat and calls are now secured with end-to-end encryption. Tap for more info" will appear. Click on the message, a pop-up message will appear on the screen with verify option on the right-hand side corner.

On clicking, you will have unique QR code with string of 60 numbers. It is need to be scanned by your friends phone and you will scan his QR code to enable end-to-end encryption or check whether you are using end-to-end encryption chat or not. A green tick will emerge to  verify keys in order to ensure the integrity of their communication. And, when a exclamation mark with red alert on your device appears, it means you are not using encrypted chat. 

How encryption works:

WhatsApp is using 'The Signal Protocol' designed by Open Whisper Systems, for its encryption. They have released a White paper specifying all details and its implementation. Once a session has been established, clients exchange messages that are protected with a Message Key using AES256 in CBC mode for encryption and HMAC-SHA256 for authentication.
The Message Key changes for each message transmitted, and is ephemeral, such that the Message Key used to encrypt a message cannot be reconstructed from the session state after a message has been transmitted or received.
The Message Key is derived from a sender’s Chain Key that “ratchets” forward with every message sent. It  means that a stored Message Key can’t be used to derive current or past values of the Chain Key. Additionally, a new ECDH agreement is performed with each message round trip to create a new Chain Key. This provides forward secrecy through the combination of both an immediate “hash ratchet” and a round trip “DH ratchet.”

For Large attachments of any type (video, audio, images, or files) are also end-to-end encrypted. The WhatsApp user sending a message (“sender”) generates an ephemeral 32 byte AES256 key, and an ephemeral 32 byte HMACSHA256 key. The sender encrypts the attachment with the AES256 key in CBC mode with a random IV, then appends a MAC of the ciphertext using HMAC-SHA256. The sender uploads the encrypted attachment to a blob store. The sender transmits a normal encrypted message to the recipient that contains the encryption key, the HMAC key, a SHA256 hash of the encrypted blob, and a pointer to the blob in the blob store. The recipient decrypts the message, retrieves the encrypted blob from the blob store, verifies the SHA256 hash of it, verifies the MAC, and decrypts the plaintext.

For Group chats, traditional unencrypted messenger apps typically employ “server-side fan-out” for group messages. A client wishing to send a message to a group of users transmits a single message, which is then distributed N times to the N different group members by the server. This is in contrast to “client-side fan-out” where a client would transmit a single message N times to the N different group members itself.

Follow @Oblityblog

Print PDF

If you liked our blog, do Share and Subscribe by Email