system design · system-design
Design Messenger / WhatsApp (E2E + Group Chat)
End-to-end encryption (Signal protocol), message delivery guarantees, group chat, read receipts, multi-device. Meta signature SDI.
Theory
Explanation
Intuition first, formal definition second. Skim the bullets if you already know this; read the prose if you don't.
Server forwards encrypted blobs it cannot read. Forward secrecy via per-message ephemeral keys. Group chats use sender keys for efficiency (don't encrypt N times per message). Multi-device requires a separate ratchet per device pair.
Identity: each user has a long-term identity key + signed pre-keys + one-time pre-keys. Pairwise Session: Diffie-Hellman handshake establishes shared root key; Double Ratchet derives per-message keys (forward secrecy). Group: sender key per (sender_device, group_id) shared once via pairwise; each message encrypted once with sender key + delivered to all members. Server stores only ciphertext + minimal metadata; long-poll / push relays messages. Read receipts encrypted same way.
When to use
Any messaging product where privacy is the bet.
When not to
Group threads needing server-side search/moderation, incompatible without client-side scanning.
sequenceDiagram participant A as Alice participant S as Server participant B as Bob A->>S: GET prekey_bundle(Bob) S-->>A: identity_pk + signed_prekey + one-time_prekey A->>A: derive root_key via X3DH A->>S: ciphertext_for_Bob (Double Ratchet msg) S-->>B: push notification + ciphertext B->>B: derive msg_key, decrypt B-->>S: delivery receipt (encrypted) S-->>A: relay receipt
Key insights
- Double Ratchet gives forward secrecy: even if current key leaks, past messages safe.
- Group sender key (Signal Group v2) avoids N-way encryption per message.
- Multi-device = separate session per (sender_device, recipient_device) pair.
- Read receipts are themselves messages, same crypto envelope.
- Backup is the weak point, if backed up to cloud, must be separately encrypted.