Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News WhatsApp Adopts the Signal Protocol for Secure Multi-Device Communication

WhatsApp Adopts the Signal Protocol for Secure Multi-Device Communication

This item in japanese

WhatsApp is testing its new architecture aimed to enable true multi-device message synchronization while preserving end-to-end cryptographic security. To this aim, WhatsApp is adopting the Signal protocol.

This end-to-end encryption protocol is designed to prevent third parties and WhatsApp from having plain-text access to messages or calls. Due to the ephemeral nature of the cryptographic keys, even in a situation where the current encryption keys from a user’s device are physically compromised, they cannot be used to decrypt previously transmitted messages.

WhatsApp's current architecture is based on the use of a smartphone app as the primary source of truth. This is associated to a unique identity key which is used to initiate all conversations and to establish secure end-to-end connections for each user. Additional companion devices may connect to the smartphone app and mirror its contents.

This approach, while easy to implement, has a number of drawbacks in terms of user experience, says Facebook, including slow operation, dependency on the smartphone battery state, limitation to one single companion device at at time, and so on.

WhatsApp's new multi-device architecture attempts to circumvent all those issues without compromising security. The most obvious change is that each device has its own identity key, while users have a list of authorized devices. To authorize a new device, a user will need to scan a QR code from their phone, which can include the use of biometric data where enabled.

To link a companion device to a WhatsApp account, the user’s primary device must first create an Account Signature by signing the new device’s public Identity Key and the companion device must create a Device Signature by signing the primary’s public Identity Key. Once both signatures are produced, end-to-end encrypted sessions can be established with the companion device.

Authorizing devices in this way is not enough, though, to ensure no one can eavesdrop on a user's communications. Indeed, a malicious server could add a new device to a user's list of authorized devices. To prevent that, users can verify the devices they are sending messages to. Only, the codes that are used for verification will not represent just a single device. Instead, they will represent the whole list of devices belonging to a user. To reduce the frequency with which users will be required to perform identity verification, WhatsApp will use Automatic Device Verification, which aims to automatically establish trust between devices only requiring user intervention when an entire account is re-registered, as opposed to when a new device is added to an account.

The fundamental approach that the Signal protocol adopts to ensure all messages are sent to all devices in encrypted form is called client-fanout. It consists in sending a message to each of the devices in both the sender's and receiver's device lists. Each message sent to a given device is encrypted with the key established between the sender and the receiver devices.

Thanks to this, a user's devices do not need to exchange any information with each other or with WhatsApp servers to get in sync and present the same user experience. The only exception to this is when a new device is first authorized. In such cases, the smartphone that is used to authorize the new device will transfer its whole communications history to it.

Video and audio calls are managed according to a similar approach. When someone wants to initiate a call, the device they are using generates an SRTP master secret and sends it to all devices on the receiver's device list. The other user may respond to the call from one of their devices, which then uses the shared SRTP master secret to establish secure communication. For group calls, one device is chosen at random among all participants to generate the master secret, which is then sent to all of the participants' devices.

Facebook does not provide any detail about the impact of the client-fanout approach, although it may imply a significant increase in communication and messages WhatsApp server shall handle.

The Signal protocol used by WhatsApp is based on the open source library developed by Open Whisper Systems. If you are interested in the cryptographic details, do not miss the Signal protocol whitepaper.

Rate this Article