Scribd
Upload
60 views4 pages

WhatsApp End-to-End Encryption Overview

The document outlines WhatsApp's end-to-end encryption (E2EE) features, primarily based on the Signal Protocol, which ensures that only the sender and recipient can access messages. Key components include the Double Ratchet Algorithm for forward secrecy, AES-256 for message encryption, and various authentication methods. Additionally, it highlights security features such as two-step verification, biometric authentication, disappearing messages, and encrypted backups to enhance user privacy.

Uploaded by

dubeyutkarsh094
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
60 views4 pages

WhatsApp End-to-End Encryption Overview

The document outlines WhatsApp's end-to-end encryption (E2EE) features, primarily based on the Signal Protocol, which ensures that only the sender and recipient can access messages. Key components include the Double Ratchet Algorithm for forward secrecy, AES-256 for message encryption, and various authentication methods. Additionally, it highlights security features such as two-step verification, biometric authentication, disappearing messages, and encrypted backups to enhance user privacy.

Uploaded by

dubeyutkarsh094
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Assignment 1

NAME:UTKARSH DUBEY
REG NO: 2023CA109

1) WhatsApp End to End Encryption Algorithm

WhatsApp is a widely used messaging platform with over 2 billion active


users. Its most notable feature is end-to-end encryption (E2EE), which
ensures that messages, calls, and media are accessible only to the sender
and recipient. WhatsApp employs the Signal Protocol to implement its
E2EE, providing robust security and privacy.

Key Components of WhatsApp End-to-End Encryption

1. Signal Protocol
WhatsApp uses the Signal Protocol, developed by Open Whisper
Systems, as the foundation for its encryption. This protocol combines
several advanced cryptographic techniques to ensure security and
privacy.

2. Encryption Process
 Double Ratchet Algorithm: Ensures forward secrecy by generating new
encryption keys for every message.
 Key Exchange (X3DH - Extended Triple Diffie-Hellman): Establishes a
secure communication channel during the initial connection.
 AES-256 (Advanced Encryption Standard): Used for encrypting
messages.
 HMAC-SHA256 (Hash-Based Message Authentication Code): Ensures
message integrity.
 ECDH (Elliptic-Curve Diffie-Hellman): Facilitates secure key exchanges.

3. Forward Secrecy
Each message has a unique encryption key. Even if one message key is
compromised, it does not affect past or future messages.

4. Asynchronous Messaging
WhatsApp stores undelivered messages temporarily on its servers in an
encrypted form. These messages are deleted once delivered.

5. Authentication
The protocol uses identity keys, ephemeral keys, and session keys for
secure authentication between users.

Advantages of WhatsApp E2EE


1. Confidentiality: Only the sender and recipient can read the messages.
2. Data Integrity: Messages cannot be altered during transmission.
3. Privacy: Even WhatsApp cannot decrypt the messages, making them
unreadable to third parties.
4. Resistance to Attacks: Advanced algorithms prevent man-in-the-middle
and replay attacks.

2) Security and Privacy Features in WhatsApp

1. End-to-End Encryption
WhatsApp uses end-to-end encryption by default for all messages, calls,
and shared media. This ensures that only the sender and receiver can
access the communication, preventing third parties (including WhatsApp
itself) from reading or intercepting messages.

2. Two-Step Verification
WhatsApp provides a two-step verification feature for added security.
Users can enable a 6-digit PIN that must be entered when registering the
app on a new device, reducing the risk of unauthorized account access.

3. Biometric Authentication
WhatsApp allows users to secure the app with fingerprint or face
authentication (if supported by the device). This ensures that only the
authorized user can access the app.
4. Disappearing Messages
The disappearing messages feature lets users send messages that self-
destruct after a set period (24 hours, 7 days, or 90 days). This is helpful
for maintaining privacy in sensitive conversations.

5. View Once Media


Users can send photos and videos as "view once" media, which
disappear after being opened. This is useful for sharing temporary or
confidential visual content.

6. Privacy Settings for Profile, Status, and Last Seen


WhatsApp provides customizable privacy settings to control:
 Who can see your profile picture, status updates, last seen, and about
information.
 Options include Everyone, My Contacts, My Contacts Except..., or
Nobody.

7. Encrypted Backups
WhatsApp now offers end-to-end encrypted backups for messages
stored on Google Drive or iCloud. Users can set a password or use a 64-
digit encryption key to protect their backup data.

8. Group Privacy Controls


Users can manage group privacy settings, deciding who can add them to
groups. Options include Everyone, My Contacts, or My Contacts
Except....

9. Message Forwarding Limitation


To reduce the spread of misinformation, WhatsApp has implemented a
message forwarding limit, allowing users to forward messages to a
limited number of chats at a time (5 chats maximum).

10. Encryption for Calls


All WhatsApp voice and video calls are end-to-end encrypted, ensuring
that only the participants in the call can hear or see the communication.

11. Reporting and Blocking


Users can report and block individuals or groups if they encounter
harassment or spam. WhatsApp collects reported content for review
while respecting user privacy.

You might also like