CONCEPT Cited by 1 source

End-to-end encryption (E2EE)

Definition

End-to-end encryption (E2EE) is the property that a message is encrypted on the sender's device, decrypted only on the recipient's device, and no intermediary — including the service operator — can read the plaintext. Keys are held by the endpoints; the server routes ciphertext.

E2EE messaging (WhatsApp, Signal, iMessage Contact Key Verification, etc.) typically composes:

• Asymmetric key agreement between sender and recipient devices.
• Per-message ephemeral keys for forward secrecy.
• Authentication (signatures, out-of-band key verification) so the recipient knows who sent it.
• No server-side decryption key — the operator's view is ciphertext + metadata.

The AI-features challenge E2EE creates

Modern AI features (summarisation, smart replies, translation, writing suggestions) have historically required sending plaintext to a server-side model. This is incompatible with E2EE: the server would see the plaintext and E2EE would be nominally broken.

Two architectural responses:

1. On-device inference — run the model on the user's device. Preserves E2EE trivially; constrained by device compute for large models.
2. Server-side inference inside a TEE with attestation + transparency + unlinkability — extend the E2EE boundary to include a specific, attested server-side compute step. The TEE-for-private-AI-inference pattern.

WhatsApp Private Processing is the canonical wiki instance of response (2): the device establishes an ephemeral E2EE session with a CVM whose binary digest has been verified against a transparency log; the CVM can decrypt inside the TEE, run inference, return the result, and forget — without Meta, WhatsApp, or any intermediary ever seeing the plaintext. The post states verbatim:

"no one except you and the people you're talking to can access or share your personal messages, not even Meta or WhatsApp."

and

"no one except the user's device or the selected TEEs can decrypt the request."

What E2EE does NOT protect

• Metadata — who talked to whom, when, how often, from which IP — is typically not covered. OHTTP + anonymous credentials can harden metadata in systems like Private Processing but classic E2EE does not cover it.
• Endpoint compromise — a malware-compromised device can read plaintext before encryption / after decryption. E2EE protects transit + server-side rest, not endpoint state.
• Opt-in/opt-out of AI features by itself — in architectures like Private Processing, the user retains control via Advanced Chat Privacy to refuse AI features for specific chats.

Seen in

• sources/2025-04-30-meta-building-private-processing-for-ai-tools-on-whatsapp — canonical wiki statement that E2EE must be preserved when adding AI features, and first wiki instance of a TEE-based architecture extending the E2EE boundary to include a server-side compute step.

Related

• concepts/forward-security — per-session-key property inside E2EE.
• concepts/confidential-computing — the server-side mechanism that lets E2EE coexist with server-side compute.
• concepts/trusted-execution-environment — the endpoint that receives the extended E2EE session.
• concepts/hpke — cryptographic primitive under OHTTP; one layer in the E2EE stack of Private Processing.
• concepts/data-minimization — complementary discipline that reduces the content E2EE must protect.
• systems/whatsapp-private-processing — canonical wiki deployment.
• systems/whatsapp-advanced-chat-privacy — user-control companion feature.