Meta Tech Podcast artwork

54: Building Key Transparency at WhatsApp

Meta Tech Podcast

English - July 26, 2023 16:13 - 43 minutes - 20.3 MB - ★★★★ - 34 ratings
Technology androiddevelopment Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: 53: Offensive security at Meta’s Red Team X
Next Episode: 55: What it's like to ship code at Meta

In April, WhatsApp announced the launch of a new cryptographic security feature to automatically verify a secured connection based on key transparency. Key transparency helps strengthen the guarantee that end-to-end encryption provides to private, personal messaging applications in a transparent manner available to all.

Rolling out a feature like this to WhatsApp's user base is not a small feat and requires some clever engineering to scale to the billions of users relying on WhatsApp to stay in touch with friends, family and business.

Pascal is joined by Sean and Kevin to discuss what Key Transparency means in practice and the various challenges they encountered as they scaled it up to billions of users.

Got feedback? Send it to us on Threads (https://threads.net/@metatechpod), Twitter (https://twitter.com/metatechpod), Instagram (https://instagram.com/metatechpod) and don’t forget to follow our host @passy (https://twitter.com/passy, https://mastodon.social/@passy, and https://threads.net/@passy_). Fancy working with us? Check out https://www.metacareers.com/.

Links

Infer: https://fbinfer.com/

Infer on GitHub: https://github.com/facebook/infer

MTP Episode 18 about Infer: https://pca.st/5U9V

Deploying key transparency at WhatsApp - Engineering at Meta: https://engineering.fb.com/2023/04/13/security/whatsapp-key-transparency/

GitHub - facebook/akd: An implementation of an auditable key directory: https://github.com/facebook/akd/ 

Parakeet: Practical Key Transparency for End-to-End Encrypted Messaging: https://www.ndss-symposium.org/ndss-paper/parakeet-practical-key-transparency-for-end-to-end-encrypted-messaging/ 

SEEMless: Secure End-to-End Encrypted Messaging with less trust: https://eprint.iacr.org/2018/607

Coniks: Bringing Key Transparency to End Users: https://www.usenix.org/conference/usenixsecurity15/technical-sessions/presentation/melara 

IETF Working Group on Key Transparency: https://datatracker.ietf.org/wg/keytrans/about

 

Timestamps

Intro 0:06

News Update: Infer turns 10 1:34

Interview Intro 4:27

Intro Kevin 4:45

Intro Sean 6:07

WhatsApp's mission 6:47

PETs 7:58

E2E basics 8:59

Key transparency 10:32

Crypto community response 18:20

End-user changes 19:57

Technical challenges and zero-knowledge proofs 23:18

AKD 28:27

Internal deployment 32:02

Outro 42:16

Bloopers 43:05

Twitter Mentions