Paper 2023/843

Security Analysis of the WhatsApp End-to-End Encrypted Backup Protocol

Gareth T. Davies, Bergische Universität Wuppertal
Sebastian Faller, ETH Zurich, IBM Research Europe - Zurich
Kai Gellert, Bergische Universität Wuppertal
Tobias Handirk, Bergische Universität Wuppertal
Julia Hesse, IBM Research Europe - Zurich
Máté Horváth, Bergische Universität Wuppertal
Tibor Jager, Bergische Universität Wuppertal

WhatsApp is an end-to-end encrypted (E2EE) messaging service used by billions of people. In late 2021, WhatsApp rolled out a new protocol for backing up chat histories. The E2EE WhatsApp backup protocol (WBP) allows users to recover their chat history from passwords, leaving WhatsApp oblivious of the actual encryption keys. The WBP builds upon the OPAQUE framework for password-based key exchange, which is currently undergoing standardization. While considerable efforts have gone into the design and auditing of the WBP, the complexity of the protocol’s design and shortcomings in the existing security analyses of its building blocks make it hard to understand the actual security guarantees that the WBP provides. In this work, we provide the first formal security analysis of the WBP. Our analysis in the universal composability (UC) framework confirms that the WBP provides strong protection of users’ chat history and passwords. It also shows that a corrupted server can under certain conditions make more password guesses than what previous analysis suggests.

Available format(s)
Cryptographic protocols
Publication info
A major revision of an IACR publication in CRYPTO 2023
Password-Authenticated Key ExchangeE2EEOPAQUEsecure messaging
Contact author(s)
davies @ uni-wuppertal de
sebastian faller @ ibm com
kai gellert @ uni-wuppertal de
tobias handirk @ uni-wuppertal de
juliahesse2 @ gmail com
horvath @ uni-wuppertal de
tibor jager @ uni-wuppertal de
2023-06-07: revised
2023-06-06: received
See all versions
Short URL
Creative Commons Attribution


      author = {Gareth T. Davies and Sebastian Faller and Kai Gellert and Tobias Handirk and Julia Hesse and Máté Horváth and Tibor Jager},
      title = {Security Analysis of the WhatsApp End-to-End Encrypted Backup Protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2023/843},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.