Imagine, you are messaging your business partner about a super secret idea, it is worth $ 1m, will you trust the messaging application not to read your super secret conversation? No, right. No one will, still people across the world use whatsapp for such sensitive messaging (although I prefer telegram for my secret conversations). Well, turns out, it is because most messaging apps(including whatsapp) use a technique called End to End Encryption, which doesn’t allow these messaging services or their employees to read your conversations with your contacts. But how does this works, well, that is what we will try to understand here.

End to End Encryption (E2EE) is defined as communication flow where apart from the two parties interacting, no one else can read the messages exchanged and data shared between them. Not even the third party providing the said service or platform.

Here is an overview of how the whole process happens:

We have two people Alice and Bob.

Bob generates a key pair, lets call his private key priv_key_bob & his public key pub_key_bob.

Similarly Alice generates a key pair, we will call her private key priv_key_alice & her public key pub_key_alice.

Key generation happens whenever a new session is setup between Bob and Alice for transfer of messages.

These keys will be used in encryption and decryption of data.

Now when Bob and Alice sends each other the encrypted message they also share their respective public keys.

Now we will go deeper into 3 major parts:

Key Generation & Sharing:

Bob and Alice generate their key pairs and exchange their respective public keys with each other, so Alice gets pub_key_bob and Bob gets pub_key_alice. For key generation we will be using Elliptic Curve Cryptography(ECC). Elliptic curves are curves which obey this equation: y² = x³ + ax² + b.

Curve25519 is a specific implementation with a = 486662 & b = 1 over prime field defined by number 2⁵⁵ — 19. It is one of the fastest and most secure way of using ECC. Each one then shares their public keys with each other. Along with public keys, they also share random nonce with each other, which will be further used in key derivation function.

Secret Key Generation:

Now comes one of the important point of whole process, both Alice and Bob generate a secret key using their private key and other person’s public key. So Alice will calculate secret using priv_key_alice, pub_key_bob, and bob will use priv_key_bob, pub_key_alice.

ECC, has a property such that

secret = pub_key_alice*priv_key_bob = pub_key_bob*priv_key_alice

In ECC, there is a base point for each curve configuration, like for Curve25519, base point is 9, and private key is a very large number, we get public key when base point is added to itself private key times.

pub_key = priv_key*G

where G is base point, hence we get same secret by using this property

secret=priv_key_alice*priv_key_bob*G = priv_key_bob*priv_key_alice*G

One thing to note here is that to calculate a private key from a public key given base point G is very hard, and is called the trap door function in Cryptography, this property makes it impossible for any third party listening to their message exchange to calculate private key and hence decrypt and read messages.

Now, using random nonce generated by Alice and Bob, and secret key generated using above case, we can derive session key using Hmac Key Derivation Function. That is the session key which we will use to encrypt and decrypt messages.

To understand more about ECC, you can read in detail here

Encryption & Decryption:

Every message then sent between these two parties is encrypted with session secret key calculated above, and is decrypted also using the same secret.

For encryption data we use AES-GCM technique to encrypt messages. It provides a strong and secure encryption with integrity. For this, we first generate a random iv salt which we embed in the cipher text, so it can be used while decrypting as well.