IPLS: Privacy-preserving storage for your WhatsApp contacts
By Slavik Krassovsky, Kevin Lewi, Dillon George, Cheng Tian, Ercan Ozturk
Your contact list is fundamental to the experiences you love and enjoy on WhatsApp. With contacts, you know which of your friends and family are on WhatsApp, you can easily message or call them, and it helps give you context on who is in your groups. But losing your phone could mean losing your contact list as well. Traditionally, WhatsApp has lacked the ability to store your contact list in a way that can be easily and automatically restored in the event you lose it. What’s more, the only place you were able to add contacts was from your mobile device, by either typing in a phone number or scanning a QR code.
As part of WhatsApp’s new feature to privately add and manage your contacts on WhatsApp across linked devices, we’re announcing a novel encrypted storage system we’ve designed called Identity Proof Linked Storage (IPLS). IPLS allows you to save your contacts and automatically restore them directly through WhatsApp. With IPLS in place, you can now create contacts directly within WhatsApp and choose to sync them to your phone or securely save them only to WhatsApp – giving you the ability to create contacts that are specific to your account. If you use linked devices, this also allows you to add and manage contacts seamlessly regardless of which device you’re on.
Additionally, if you have multiple accounts on the same phone, such as a work and personal account, you can now customize your contact list for each account. If you lose your phone, your contact list can be restored on a newly registered device.
Contact names are stored encrypted within WhatsApp, and we’ve built this with additional, robust protections by using IPLS to deter access to contacts to anyone except the user.
IPLS incorporates new privacy technology that protects your contact lists in a privacy-preserving fashion. To further ensure the safety and security of this system, we’ve partnered with Cloudflare to provide independent third-party auditing of its cryptographic properties. The new technology stack was reviewed by external researchers and NCC Group Cryptography Services, an independent cybersecurity consultancy.
What is Identity Proof Linked Storage?
IPLS is a novel system at WhatsApp that allows users to store their contact names in an encrypted way. IPLS allows the client device to save the contact information using a strong encryption key generated on the client device. Its retrieval is based on the client authenticating its primary device identity.
IPLS is based on two existing pieces of technology that are already used at scale by WhatsApp: key transparency and our hardware security module (HSM).
Certain events associated with your phone’s WhatsApp application (such as installing or reinstalling) trigger the creation of a new cryptographic keypair that is associated with your phone number. WhatsApp’s key transparency system publishes records of these primary device identity key changes to an append-only, cryptographic Auditable Key Directory (AKD) that allows WhatsApp clients to automatically verify a user’s encryption key.
Key transparency allows WhatsApp, and the public at large, to cryptographically verify if a given phone number used for a WhatsApp account is tied to a given identity key.
The HSMs are employed by WhatsApp end-to-end encrypted backups and allow for private, tamper-resistant execution of application logic within WhatsApp data centers in a privacy-preserving way. Data processing within HSM’s security boundary remains opaque even to WhatsApp insiders with the highest privilege and physical access to the hardware.
The components of IPLS
The AKD and Cloudflare integration
As mentioned, the first building block of IPLS is WhatsApp’s AKD, which maps a client phone number to a client identity key. Primary device identity is used to authenticate the client to ensure that only the owner of the contact encryption key is allowed to restore the contacts.
To strengthen the single instance nature of AKD, WhatsApp has engaged Cloudflare to act as an additional witness of the additions to AKD. Cloudflare digitally signs each epoch, and associated root hash, and returns a digital signature validation confirming that the directory was not tampered with. The HSM-based Key Vault validates Cloudflare signature using Cloudflare’s public key.
WhatsApp relies on the availability of the Cloudflare signing service and cannot proceed with the updates to AKD in the absence of the digital signature of each update.
In addition, WhatsApp provides auditable proofs of consistency for the transitions between epochs. The auditable proofs are published to a write-once, read-many enabled Amazon S3 instance, which has a public interface for any entity to retrieve the proofs.
Using AKD and partnering with Cloudflare ensures that there is only a single instance of the directory that is validated by a 3rd party.
HSM-based key storage
To ensure privacy for user contacts registered on WhatsApp, contact names are first encrypted using a symmetric encryption key generated by the user’s device, and then stored in the HSM-based Key Vault. Storage and retrieval of the contact encryption key occurs via an end-to-end encrypted channel between the client and the HSM-based Key Vault, ensuring that the data in transit remains opaque to WhatsApp.
Storing the contact key in the HSM-based Key Vault ensures its availability even when the user loses their phone. If a user loses their client device and wants to restore their contacts, the new client device can retrieve the contact key by establishing a secure session with the HSM-based Key Vault. The Key Vault verifies the client identity key by accessing AKD via a secure cryptographic protocol and verifying that the client has the corresponding private key.
Once the client is verified, the new client is allowed to access the contact key in the HSM-based Key Vault using the secure channel established with the client identity key and the HSM key.
Privacy-preserving contacts storage at WhatsApp scale
IPLS is a new system that deters unauthorized access to sensitive data by effectively coupling any data access to publicly auditable identity key changes published to WhatsApp’s key transparency infrastructure. This approach is similar to how a QR code scanning technology can be used to detect a public key compromise in an end-to-end encrypted messaging system.
WhatsApp’s new approach on contacts will give users more ways to easily manage contacts across devices and accounts and store them securely without losing them if they change phones or reinstall WhatsApp. We’re excited about how IPLS has helped enable this new feature and will help ensure WhatsApp contacts are encrypted and can easily move with users when they get a new phone.