How E2E Encryption works its magic? + Signal Protocol
How Whatsapp uses E2EE system for messaging and we will also see how to implement Double Ratchet Algorithm (python)
👋 Hi, this is Venkat and here with a full issue of the The ZenMode Engineer Newsletter. In every issue, I cover one topic explained in a simpler terms in areas related to computer systems and tech and beyond.
Picture this:
you're writing a love letter📧 to your crush, pouring your heart out on paper📜.
But before you send it, you don't want just anyone peeking🕊 at your mushy words.
That's where encryption comes in, like a secret code for your love letter!💌
Imagine you have a special decoder ring 💍with two parts.
You keep one part (the private key), and your crush gets the other (the public key).
Now, when you write the letter, you use the decoder ring to scramble the words into a jumbled mess, like "Uvqfb mgl vwd lqvwuxfwlrq!"
It looks like nonsense to anyone else 😁, but your crush can use their decoder ring to unscramble it back to your sweet message.
That's the magic of encryption!
It transforms your information (like your love letter) into a secret code that only someone with the right key can understand.
This keeps your data safe, whether it's love letters, bank details, or funny cat videos.
Think of it like sending secret messages with your friends back in the day, only way more secure thanks to fancy math algorithms.
So, next time you send a message or shop online, remember, encryption is like your invisible bodyguard, keeping your digital life private and protected!
Encryption isn't just a fancy word for secret codes; it's the cornerstone of digital security, safeguarding information from prying eyes in our increasingly connected world.
So, how does this encryption magic work?
It all boils down to algorithms and keys.
These algorithms are like complex mathematical formulas that scramble the information (plaintext) into an unreadable mess (ciphertext).
The key acts as the secret sauce, unlocking the ciphertext and transforming it back to its original form.
Think of the algorithm as a sophisticated blender and the key as the specific recipe that determines how the ingredients are mixed and matched.
Lets understand how WhatsApp like messaging app (Whatsup) does their encryption.
→ Imagine you're sending a secret message, "Operation Pizza Party!", to your best friend on Whatsup.
Step 1: The Key Ceremony:
The story begins on your device, where Whatsup conjures two unique keys:
Public Key: Picture it as a fancy padlock with a keyhole visible to everyone, including your friend. This key is freely shared with them.
Private Key: This is the real MVP, the key that unlocks the padlock and resides solely on your device, hidden from prying eyes.
The same key generation happens on your friend's device, creating their own public and private key pair. Think of it as each of you receiving a unique lock and key set for your secret communication channel.
Step 2: The Message Transformation:
Now, the real fun begins! Your phone takes your message, "Operation Pizza Party!", and throws it into a high-tech blender.
But instead of delicious pizza ingredients, it whirls the message with a complex mathematical recipe called AES-256.
This recipe, combined with your friend's golden key (public key), scrambles the message into unrecognizable gibberish.
Think of it as transforming your secret message into a bowl of unidentifiable code, like "7$jfh#hgui34nk%$#."
Step 3: Metadata and Delivery:
Metadata: Some information about the message, like sender, recipient, and timestamp, is added unencrypted. This metadata helps WhatsUp functions like message delivery and notifications work efficiently.
Delivery: The encrypted message and metadata are sent to WhatUp’s servers. However, the servers cannot decrypt the message content due to the end-to-end encryption. They act as intermediaries, securely routing the message to your friend's device.
Step 4: The Encrypted Voyage:
This ciphertext, resembling gibberish to anyone eavesdropping, sets sail across the internet, heading towards your friend's device.
It's like sending a locked box with an unfamiliar keyhole, secure from anyone who might intercept it.
Step 5: The Decryption:
When the encrypted message reaches its destination, your friend's device steps into action.
Their private key, the perfect match for the public key you shared, acts like the key that unlocks the padlock.
Using the same powerful algorithm, they reverse the scrambling process, transforming the ciphertext back to its original form: The scrambled code magically transforms back into the original message: "Operation Pizza Party!"
5. The Verification (Optional):
For an extra layer of assurance, WhatsUp offers an optional "end-to-end verification" feature.
This allows you and your friend to compare unique security codes, ensuring you're using the correct public keys and no one tampered with the communication channel. It's like double-checking the locks and keys before opening the secret message box.
Remember:
→Only the recipient with the matching private key can unlock the message, keeping your conversations confidential.
→Even WhatsUp itself can't decipher your messages, thanks to the end-to-end encryption.
→This simplified explanation doesn't capture the full complexity of real-world encryption, which involves robust key management and advanced algorithms.
We have been speaking lots about key . lets breakdown to understand … What is basically a key in cryptography?
A cryptographic key is a string of characters used within an encryption algorithm (some maths!) for altering data so that it appears random.
Like a physical key, it locks (encrypts) data so that only someone with the right key can unlock (decrypt) it.
Encryption Types
There are two main types of encryption, each with its own strengths and use cases:
Symmetric Encryption:
This is like a combination lock with a single key shared by both sender and recipient. It's fast and efficient, making it ideal for securing communication channels like WhatsApp or Signal.
But if the key falls into the wrong hands, all messages are exposed. Think of it as a convenient padlock, great for everyday use but not for Fort Knox-level security.
Asymmetric Encryption:
This is like a high-security vault with two keys: a public key (think of it as a keyhole on the outside door) and a private key (the master key hidden inside).
Anyone can send messages using the public key, but only the holder of the private key can decrypt them.
This is perfect for situations like online transactions, where you want anyone to send you information but only you can access it.
Imagine it as a two-step verification system – convenient yet highly secure.
Asymmetric encryption is a foundational technology for TLS (often called SSL).
But then what is meant by E2EE (end-to-end encryption)?
End-to-end encryption (E2EE) is a security concept that ensures only the sender and intended recipient can access the contents of a communication. This means that the data, whether it's a message, file, or call, is scrambled during transmission and can only be unscrambled by the authorized parties using specific keys.
With E2EE, the message is encrypted before it leaves your device using a unique key known only to you and the recipient.
This encrypted message travels through the servers but remains unreadable to them as they lack the decryption key.
Only the recipient's device possesses the matching decryption key, allowing them to unlock and read the original message.
Lets understand with an example of the most popular messaging app.
WhatsApp uses end-to-end encryption to ensure the privacy and security of user communications.
This means that only the sender and recipient can read the messages, and no third parties, including WhatsApp itself, can access the content.
When you send a message on WhatsApp, it gets encrypted on your device before being sent.
The encryption process uses the Signal Protocol, which is renowned for its strong security and privacy features.
This protocol employs a combination of symmetric encryption and public-key cryptography.
Here’s how they do it:
To establish a secure connection between two users, WhatsApp uses the Signal Protocol's double ratchet algorithm.
This algorithm generates a unique set of encryption keys for each message, providing forward secrecy, which means that even if a previous key is compromised, the attacker cannot decrypt future messages.
Here's a simplified overview of how the encryption process works:
1. Key Exchange: When two users begin a conversation, their devices exchange public keys securely.
2. Session Keys: Once the keys are exchanged, the session begins, and the devices generate temporary sets of encryption keys known as "session keys."
Session Key Types
● Root Key – A 32-byte value that is used to create Chain Keys.
● Chain Key – A 32-byte value that is used to create Message Keys.
● Message Key – An 80-byte value that is used to encrypt message contents. 32 bytes are used for an AES-256 key, 32 bytes for a HMAC-SHA256 key, and 16 bytes for an IV.
3. Message Encryption: Each message sent is encrypted using the previously agreed-upon session keys, ensuring that only the recipient's device can decrypt and read it.
4. Message Authentication: The sender's device attaches a message authentication code (MAC) to each encrypted message to verify its integrity and ensure it hasn't been tampered with during transit.
5. Asynchronous Encryption: Even if a message is sent while one or both devices are offline, it gets encrypted and stored until the recipient's device is online and ready to receive it.
6. Client-side Decryption: Messages are decrypted only on the recipient's device using their private key, which remains inaccessible to WhatsApp or any other party.
By employing end-to-end encryption, WhatsApp aims to guarantee user privacy and data security, ensuring that only the participants in a conversation can access and read the messages sent between them.
Signal Protocol: The Bastion of Secure Messaging
Among the plethora of messaging platforms, Signal stands out for its unwavering commitment to user privacy, primarily due to its implementation of the Signal Protocol.
This robust cryptographic protocol, meticulously crafted by Open Whisper Systems (OWS), offers unparalleled protection for your communication, ensuring your messages remain confidential and shielded from prying eyes.
Do you know which application uses it ?
Signal Protocol is not limited to the Signal messaging app. Several other real-world applications leverage its secure communication capabilities, including:
WhatsApp: One of the most popular messaging platforms globally, WhatsApp adopted Signal Protocol for end-to-end encryption in 2016.
Facebook Messenger: Facebook Messenger offers optional end-to-end encryption using Signal Protocol for users who opt-in to "Secret Conversations."
Skype: Microsoft's Skype messaging platform also offers optional end-to-end encryption using Signal Protocol for private conversations.
Google Allo: Though discontinued, Google's Allo messaging app previously used Signal Protocol for secure communication.
Wire: A secure communication platform specifically designed for businesses and organizations, Wire utilizes Signal Protocol for its end-to-end encryption.
But .. lets see how does it works and if they have any drawbacks?
→ Understand the Signal Protocol workings
→ We will also see how to implement the simple version of Double Ratchet Algorithm (python code)
Keep reading with a 7-day free trial
Subscribe to The ZenMode to keep reading this post and get 7 days of free access to the full post archives.