Table of Contents

Lab 09 - Whatsapp End-to-end Encryption (part 2)

In this lab you will continue the implementation of the Signal protocol, which is the basis for WhatsApp's end-to-end encryption.

The protocol is described here. For more details you can also check this paper.

For the Elliptic Curves, you can use this library.

For installation, follow these steps:

Task 1 (Vertical & Horizontal ratcheting)

See the previous lab for how to create a common master_secret for two clients which communicate through a server.

Then, send messages with different keys each time, by recalculating the Chain Key according to the Signal Protocol.

Recalculate the Root Key for each round trip with the new DH public keys sent in messages.

For this task you need to embed a new ephemeral public key in each message, in order to create a new RootKey.

You can find a good description of the ratcheting protocol here.

For the sake of simplicity, we will consider that all messages are in-order and none of them is lost.

You may start this lab from this code.

To generate the root keys and chain keys (e.g. in the method update_keys) you need to basically apply the HKDF method provided (hkdf) with a 64 byte output (512 bits), which is then split into the root key (first 32 bytes) and chain key (last 32 bytes)

You should do the same also in the method record_new_client_session, for the case when the client is the initiator. When the client is not the initiator both chain keys (chain_key_s and chain_key_r) will be initialized after receiving a message, so you can keep them as 'None'. As initiator you should only initialize root_key and chain_key_s as explained above, while chain_key_r can be left as 'None' for now.