Formal Analysis of Multi-Device Group Messaging in WhatsApp

Research output: Chapter in Book/Report/Conference proceedingConference paperpeer-review

28 Downloads (Pure)

Abstract

WhatsApp provides end-to-end encrypted messaging to over two billion users. However, due to a lack of public documentation and source code, the specific security guarantees it provides are unclear. Seeking to rectify this situation, we combine the limited public documentation with information we gather through reverse-engineering its implementation to provide a formal description of the subset of WhatsApp that provides multi-device group messaging. We utilise this description to state and prove the security guarantees that this subset of WhatsApp provides. Our analysis is performed within a variant of the Device-Oriented Group Messaging model, which we extend to support device revocation. We discuss how to interpret these results, including the security WhatsApp provides as well as its limitations.
Original languageEnglish
Title of host publicationEUROCRYPT 2025
Pages242-271
DOIs
Publication statusE-pub ahead of print - 28 Apr 2025

Fingerprint

Dive into the research topics of 'Formal Analysis of Multi-Device Group Messaging in WhatsApp'. Together they form a unique fingerprint.

Cite this