104

WhatsApp says even the photos shared on its platform are end-to-end encrypted. When WhatsApp says encrypted I assume the data is encrypted in my device and then sent across to the recipient.

When we are sending a photo for the first time we can see the actual upload happening (if you are in a slow network), but when we forward the same picture to someone else, the upload is not happening. It happens in an instant.

AFAIK the photo would have been again encrypted with the key pair for the second recipient and then again sent to the second recipient. Since the second upload is not happening is it that the encryption happens in the WhatsApp server? Is WhatsApp decrypting the media file and encrypting it with the new recipient's key when we forward it? Can it be called end-to-end encryption in that case?

0xAB1E
  • 973
  • 2
  • 6
  • 7

3 Answers3

130

Leaving aside the WhatsApp aspect fo the question: the effect described can be achieved with hybrid encryption, where the bulk of the data is encrypted under a random secret symmetric key, and the result uploaded once; revealing that data to a recipient is performed by encrypting that symmetric key towards the recipient (e.g. using his/her public key), and thus requires very little data transfer from the sender for each additional recipient.

fgrieu
  • 149,326
  • 13
  • 324
  • 622
53

That's also a problem with encrypted emails. If you have an email with a 5MB attachment, and the public keys of 1,000 recipients, how do you send it to all of them?

You create a key pair for encryption / decryption. You encrypt the email with this key. The message consists of the encrypted email (5 MB), plus the decryption key encrypted with each of your 1000 public keys (1000 times not very much). That's sent to every recipient. Anyone in possession of a matching private key can now decrypt the decryption key, then the original message.

So you create an encrypted message and transmit the encrypted message in the open. It doesn't matter if everyone can see the encrypted message. The decryption key, which is a lot smaller, must go through whatever secure channels you have.

gnasher729
  • 1,350
  • 7
  • 9
28

Attachments have their own AES-CBC ephemeral keys.

See page 6 in the paper: https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf

The paper seems to forget to mention that the key is retained and reused, but this would explain why you see only one upload.

eckes
  • 666
  • 5
  • 11