TRICKYwalkthrough
End-to-End Encryption
End-to-end encryption (E2E) means the server never sees plaintext messages. WhatsApp uses the Signal Protocol (Double Ratchet algorithm) to achieve this.
When User A wants to message User B for the first time, A downloads B's pre-key bundle from the server and performs an X3DH key agreement (Extended Triple Diffie-Hellman) to establish a shared secret. From that shared secret, both sides derive a ratcheting chain of symmetric keys: each message uses a different key, and compromising one key does not reveal past or future messages (this property is called forward secrecy).
“Each user generates a long-term identity key pair and a set of ephemeral pre-keys.”
The server stores only encrypted ciphertext. It cannot read messages, moderate content, or comply with data subpoenas for message content.
Why not simpler encryption like TLS? TLS encrypts the channel between client and server, but the server decrypts and re-encrypts when forwarding.
The server sees plaintext. With E2E, the server is a blind relay: it stores and forwards encrypted blobs without decryption keys.
For group chats, the Signal Protocol uses Sender Keys: the sender generates a symmetric key, encrypts it individually for each group member using their public key, and sends the encrypted message once with the sender key. Each member decrypts the sender key with their private key, then decrypts the message.
Trade-off: E2E encryption prevents server-side features like search, spam filtering, link previews, and content moderation. The server cannot analyze what it cannot read.
WhatsApp solves this by running spam detection on metadata (message frequency, contact patterns) rather than content.
Related concepts