Blockchain-enabled End-to-End Encryption for Instant Messaging Applications

Abstract

In this era of ubiquitous social media and messaging applications, users are becoming increasingly aware of the data privacy issues associated with such apps. Major messaging applications are moving towards end-to-end encryption (E2EE) to give their users the privacy they are demanding. However the current security mechanisms employed by different service providers are not unfeigned E2EE implementations, and are blended with many vulnerabilities. At present, the major part of the E2EE mechanism is controlled by the service provider’s servers, and the decryption keys are also stored by them in case of backup restoration. These shortcomings diminish user confidence in the privacy of their data when using these apps. A public key infrastructure (PKI) can be used to circumvent some of these issues, but it comes with high monetary costs, which makes it impossible to roll out on a global scale. This paper proposes a blockchain-based E2EE framework that can mitigate many of the contemporary vulnerabilities in today’s messaging applications. A user’s device generates the public/private key pair during application installation, and asks its mobile network operator (MNO) to issue a digital certificate and store it on a public blockchain. Any user can fetch a certificate for another user from the application server, and communicate securely with them using a ratchet forward encryption mechanism.