End-to-End Encrypted Messaging

A book written by Rolf Oppliger and published in 2020 by Artech House in the Information Security and Privacy Series (visit the Insider Blog)

ISBN: 978-1-63081-732-9

Order from US office of Artech House
Order from UK office of Artech House


Aims and Scope

This book provides a comprehensive treatment of end-to-end encrypted (E2EE) messaging as it is currently used on the Internet. It starts with OpenPGP and S/MIME, elaborates on OTR, and then mainly addresses Signal, the use of Signal in WhatsApp and a few other E2EE messengers (e.g., Viber, Wire, and Riot), as well as E2EE messengers that are widely deployed but don’t use the Signal protocol, such as iMessage, Wickr, Threema, and Telegram. The book also outlines privacy issues and standardization.

Target Audience

The book is intended for anyone who wants to understand what end-to-end encrypted (E2EE) messaging is and how it is implemented on the Internet. It speaks to theorists and practitioners.

Table of Contents

Preface
Acknowledgments
1. Introduction
2. Internet Messaging
3. Cryptographic Techniques
4. Secure and E2EE Messaging
5. OpenPGP
6. S/MIME
7. Evolutionary Improvements
8. OTR
9. Signal
10. WhatsApp
11. Other E2EE Messengers
12. Privacy Issues
13. Conclusions and Outlook
Abbreviations and Acronyms
About the Author
Index

Reviews

Errata List

  • Page 274, line 13 (2nd paragraph, 1st sentence): AES-CTR decryption of the message must occur before M_i can be verified according to equation (11.1). Consequently, the order of the clauses must be changed.
  • Page 292/293: There is a discrepancy between Figure 11.2 (page 292) and the text (page 293). While the text describes the old format to visualize a shared key, the figure actually illustrates the new format. In the new format, the 128 bits from the SHA-1 hash value are concatenated with 160 bits from the SHA-256 of the same key, yielding a total of 288 bits. This can be encoded in 12×12=144 cells (instead of 8×8=64 cells) encoding two bits each (see explanation).

News

  • Mike Kuketz has created a matrix that compares the most widely deployed messengers (most of them provide support for E2EE messaging).
  • In January 2023, a group of researchers published a security analysis of Threema (see the German response of Threema).
  • In May 2022, a group of researchers published a security analysis of Telegram (including four attacks against Telegram and MTProto 2.0). The official presentation is available here, and a complementary presentation of Kenny Paterson is available here.
  • In September 2021, WhatsApp added support for multiple companion devices per primary device (the updated whitepaper is available here) and E2EE backups (whitepaper is available here).
  • In July 2020, Riot (addressed in Section 9.4.3) was renamed to Element (and the domain name riot.im is now rerouted to element.io). In addition to the Franch Tchap, a fork of it is also used for the German BwMessenger. A 2022 paper that outlines several practically-exploitable vulnerabilities in Matrix and Element is available here.
  • Google has implemented the Signal protocol in the beta version of its RCS client, i.e., the Android Messages app (version 1.2 of the technical paper is available here).

Additional Material

  • On March 9, 2021, I gave an online course about the topic on behalf of the Information Security Society Switzerland (slide deck).