Engineering

Strengthening WhatsApp’s end-to-end encryption guarantees

WhatsApp's newest cryptographic security feature automatically verifies a secured connection based on key transparency.

April 13, 2023
Recommended reading

At WhatsApp, privacy and security is at the core of our mission. Private, personal conversations at WhatsApp have the guarantee of default end-to-end encryption into our app: This means that only you and the person you're communicating with can read what's sent, and nobody in between, not even WhatsApp.

WhatsApp currently offers the ability for two users to verify their connection, confirming that the conversation is secure and that the keys between users have not been altered. While this process is done manually and is optional, it can provide greater confidence to more security-conscious users. To help ensure a secure connection more quickly for users, WhatsApp is launching a protocol called key transparency, which offers a lighter-weight verification of the validity of an end-to-end encrypted session.

To do so, we’ve built a mechanism so that the public keys that are needed for establishing end-to-end encrypted sessions are published in a repository that’s based on an open-source library called an Auditable Key Directory (AKD). The AKD will enable WhatsApp clients to automatically validate that a user’s public keys are genuine and enables anyone to verify audit proofs of the directory’s correctness.

Why it matters:

With key transparency, WhatsApp provides a set of proofs that affirms the correctness of public encryption keys. Public encryption keys are the tool that locks messages and private keys are used to decrypt messages. Public keys can be server side but private keys exist only on the phone or client and nobody - not even WhatsApp - has access to these private keys. A list of public keys alone cannot provide access to anyone’s content.

With the introduction of AKD, the WhatsApp client will be able to automatically perform a check to verify the public keys against a key directory. The key directory itself is cryptographically hardened from tampering and constructed in such a way that each change to the directory is auditable by external parties.

Take a deeper dive:

Deploying key transparency at WhatsApp

We're hiring engineers!

Help us build infrastructure and solve big challenges at scale

Engineering

Meta’s engineering teams create the infrastructure and systems that underpin our apps and services, connecting more than 2 billion people.