Creating a Reliable WhatsApp 2023

WhatsApp’s private messaging relies on end-to-end encryption to keep your messages secret. Public key cryptography from the 1970s underpins this popular end-to-end encryption method. Technically, both “ends” of a discussion must trust each other’s encryption keys to use end-to-end encryption.

Our most security-conscious users have always had access to our security code verification option via contact information. A QR code or 60-digit code can validate keys.

It’s one of the best ways to check a connection’s security. In reality, double-checking a long code is time-consuming, and our team has been hunting for a solution.

We are glad to present a new cryptographic security feature that instantly validates a secure connection without this long code. We are creating a new Auditable Key Directory (AKD) using an open-source tool to do this. The AKD lets WhatsApp clients automatically verify a user’s encryption key and check the directory’s audit proofs.

Our two-pronged key transparency strategy adds two additional elements:

  • WhatsApp stores user public keys in an append-only AKD.
  • A third-party audit record of server directory changes that safeguards privacy.

WhatsApp users may automatically check chat secrecy with these two enhancements. Security-conscious visitors who visit the page to verify their security code will see that the verification procedure happens quickly and automatically.

This new WhatsApp service uses public auditing to verify private chat end-to-end encryption. This approach provides easy and convenient verification tools, however users who want to verify their end-to-end encrypted connections without WhatsApp servers should utilize the old security code verification method in addition to this new automated process.

Encrypting messages using public keys is all they do. Private keys decode messages on user devices. These credentials are confidential, even to WhatsApp. Public keys alone cannot access content.

“Verify Security Code” functionality

Encrypted communication requires public/private key pairs. The private key never leaves your device and decrypts third-party conversations. To encrypt messages, you share the public key. WhatsApp will store and distribute the key to users who want to message you.

End-to-end encryption was designed to protect against a person-in-the-middle attack, in which a middleman attacker provides an incorrect public key so they can read your messages using the private key. The attacker can then re-encrypt and send the communication to the user.

Now what? Each WhatsApp contact has a Security Page with a QR code and 60-digit number that can be confirmed outside of WhatsApp to ensure it matches their device. If any of you enters the wrong value, the hashes will not match. They confirm a safe, end-to-end encrypted interaction.

Key transparency solves what?

The QR code scanning/number matching tool provides excellent security, but you must speak with your contacts outside of WhatsApp—via video call, in person, etc. That is:

  • Difficult in 1:1 interactions, especially if users change devices and encryption keys.
  • Small groups are harder since each member dyad has a unique code (there are no “group” codes);
  • Large numbers make performing tough. This must be done again if a person enrolls a new companion device, switches phones, etc. 4,950 security checks would occur in 100 people.

This should be confirmed automatically.

Key transparency: a WhatsApp AKD that tracks public key changes. When the directory expands, we update a third-party public repository of auditable change logs. Transparency and end-to-end encryption depend on this. This confirms that everyone uses the same public keys to interact with a recipient.

Key transparency complements QR code scanning:

Out-of-band QR code verification requires two people. However, key transparency only requires a single client to start and perform a directory check, making it more accessible.
Key transparency provides public key consistency when manual QR code verification is impractical (such as in a large group communication scenario) and a lightweight first check of end-to-end encryption, which increases user adoption and messaging security.
We propose manual security verification if the automated check detects a potentially insecure connection.

Critical openness history

“Key transparency” is a technique where the server keeps an append-only record of a user’s account and public identification key. This lets inclusion proofs prove that a mapping was in the directory at the last update.

WhatsApp’s core transparency is based on scholarly papers CONIKS, SEEMless, and Parakeet. The Rust AKD crate supports key transparency and directory inclusion and key history proofs. WhatsApp hosts this AKD directory for public use.

Public keys cannot decode or identify a user’s contacts. They must encrypt communications that only the private key owner may decipher to assure delivery.

As their key changes, users may have many entries. WhatsApp’s billions of entries are expanding. When a user deletes their account, we erase all public keys, but the knowledge that a key existed at some point in time is immutable (we can’t specify what the key was).

Key transparency—how?

Principled assurance

A basic design decision led us to increase this project’s accessibility and safety. First, all AKD proof creation and verification logic is open-source. This Rust crate (library) allows any party to maintain an append-only directory with a publicly verifiable log, validate audit proofs, and audit WhatsApp’s key transparency solution. Public keys alone cannot access content.

This module guarantees directory entry validity without exposing the system to memory-based attacks. We also kept Rust in most core components.

WhatsApp AKD High-volume key changes

WhatsApp handles tens of thousands of key changes (registration, re-registration) each minute. Inserting this volume into an append-only log is difficult.

Thus, we implemented a distributed, high-throughput queue for “pending changes” to be bundled and merged into the following epoch. This allows bigger group insertion and greatly decreases database operations.

We must limit updates to one as AKD adjustments are cumulative depending on the previous era. A single processor processing each update sequentially could not keep up with WhatsApp’s rate of change, regardless of database technology. This delays “publishing” a key in the directory.

Due to many common routes in the database-stored Merkle Tree, we may optimize queries by grouping keys and defining an epoch as a set of atomically committed updates. New epochs are published and emitted at a variable rate.

Massive public auditing

All transparency solutions must be publicly auditable, so anybody may verify transactions on the directory.

No historical records have been changed.

Append only.

Audit evidence of AKD modifications is created and kept in a public repository. These audit records ensure the directory’s history’s immutability and verifiability while protecting users’ privacy.

No user data or activity patterns are disclosed. SEEMless and Parakeet, scholarly studies that underpin crucial openness, explain this privacy guarantee.

Key WhatsApp transparency launch

Key transparency solutions enhance end-to-end encryption’s transparency for private instant messaging services. This technique reinforces WhatsApp’s security leadership.

WhatsApp hosts an AKD for all users, independent of application version or platform. Android users who check security codes will see automated verification in the coming months. This vital method lets security-conscious users quickly authenticate an end-to-end encrypted private chat.

A technical whitepaper will cover potential threats, data flows and formats, and more.