Sources were mainly WhatsApp’s whitepaper, as well as papers written by others, and internet articles.
This project focused on one-to-one messaging between two communicating parties on one primary device.
WhatsApp’s E2EE ensures that only communicating parties will be able to read/listen to what is sent, and no one else, including WhatsApp, can do so.
“WhatsApp's rollout of end-to-end encryption prevents cyber-criminals, hackers, telecoms, and even governments from accessing the messages you've sent to other WhatsApp users. “ - WhatsApp
In WhatsApp’s E2EE, each message encrypted uses a unique key. No keys are transmitted between the two parties but both parties are able to generate the same keys in order to encrypt and decrypt messages sent. This is made possible because of ECDH and the Double Ratchet Algorithm.
A quick overview of how WhatsApp’s E2EE works:
With the use of ECDH, $ECDH(A_{private}, B_{public})$ is equivalent to $ECDH(A_{public}, B_{private})$. This allows both sides to generate shared secrets without having to exchange any secret keys. By using their own private key and the public key of the recipient, the sender can generate the same secret and vice-versa. WhatsApp uses the ECDH algorithm on multiple occasions and it is a critical part of WhatsApp’s E2EE.
The Double Ratchet Algorithm consists of two main “ratchets”, the Symmetric Key Ratchet and the Diffie Hellman Ratchet. The Symmetric Key Ratchet consists of two steps, one is to generate a unique one-time “Message Key” that is used for the encryption and decryption of a message sent with AES-CBC 256. The second step ratchets a “Chain Key” forward. This “Chain Key” is used to generate the “Message Key”. With each message sent, a public key part of a temporary Curve25519 Key Pair is also sent with the message. This temporary public key part allows the recipient to generate the exact same “Message Key” used for the encryption of the message sent so they can decrypt it.
The Diffie Hellman Ratchet makes this possible with ECDH. The recipient uses the Diffie Hellman Ratchet - using the private key part of the public temporary key the receiver sent to the sender in a previous message, and the public key of the temporary key sent by the sender in the message received, the Diffie Hellman Ratchet uses ECDH to generate the same “Chain Key” that the sender used to produce the “Message Key”.
This cycle continues and each time, the message is encrypted with a different “Message Key”, and it is secure because there are no shared secrets exchanged over communication channels between the two communicating parties.