Meta-owned messaging platform WhatsApp has partnered with Cloudflare to bolster the security of end-to-end encrypted messages. This collaboration introduces an auditing tool called Plexi, aimed at strengthening the integrity of the public key infrastructure that underpins encryption. By ensuring the accuracy and reliability of public keys, this initiative is set to establish new benchmarks in digital communication security.
Key Transparency Framework
At the heart of this development is the Key Transparency framework, a secure system that allows users to trust that their messages are reaching the intended recipients without interception. Key Transparency works by verifying public keys used in end-to-end encryption, ensuring they have not been altered or compromised by malicious actors. The process is facilitated by WhatsApp’s Auditable Key Directory (AKD), which securely stores public keys in a tree-like data structure. Cloudflare, serving as an independent auditor, verifies the global uniqueness of the keys and ensures that they remain untampered throughout their lifecycle.
Read More: WhatsApp tests new feature: Mentioning contacts in status updates
Role of the Auditing Tool Plexi
Plexi plays a pivotal role in auditing the integrity of public keys within the Key Transparency infrastructure. It works by independently monitoring the logs where public keys are stored, ensuring that no unauthorized changes have occurred. The tool also generates and validates epochs, or snapshots of the key directory, creating a transparent trail of key updates that can be reviewed in the future.
Notably, Plexi’s auditing function does not suggest any deficiencies in WhatsApp’s existing security but rather builds on the robust end-to-end encryption already in place. This additional layer of security offers users greater confidence in the integrity of their encrypted conversations.
Read More: New WhatsApp update will change how people express emotions
Cloudflare’s involvement goes beyond auditing public keys. In 2022, the company introduced the Code Verify tool, which allows users to verify the integrity of the WhatsApp web client. Now, with Plexi, Cloudflare ensures the consistency and security of WhatsApp’s public key infrastructure. The auditing process includes checking that each epoch is unique and validating the tree structure used to store public keys.