End-to-end encryption protects your messages

Matthew Hodgson, Matrix.org’s Technical Co-founder, said: “With Matrix.org and Olm, we have created a universal end-to-end encrypted communication fabric – we really consider this a key step in the evolution of the Internet. Now that Olm is complete and audited, we want it to be available to everyone out there without restriction – we have released it as permissively licensed open source for the benefit of the whole community. The internet now has all the tools it needs to securely defragment communication silos.”

End-to-end encryption gives users true privacy, preventing anyone else from eavesdropping on conversations – even the very communications services they’re using. This is incredibly important for a decentralised ecosystem like Matrix where data can span across many different servers, and users should not have to trust any of those servers. End-to-end encryption is also a real differentiator from most other popular collaboration systems whose business models fundamentally rely on being able to read, analyse and profile your conversations.

Matrix’s implementation of end to end encryption through the Olm and Megolm cryptographic ratchets was built for interoperability and is not limited for use only with Matrix but also other communication protocols (such as XMPP). The implementation and formal specification is entirely open source, released under the permissive Apache License. Matrix encrypts per-device rather than per-user – letting users select precisely which devices they trust to decrypt a message. This means users can stop a tablet left on someone’s sofa decrypting messages intended for their phone. Finally, with Megolm, users can adjust how much history can be decrypted by new devices, allowing different privacy guarantees per-room.

The NCC Group security assessment, conducted between September 19^th and 30^th 2016, marks a significant milestone for Matrix’s encryption solution. The assessment found one high, one medium, and various low and informational issues during the time that the review was conducted. These issues have either been solved in libolm v2.0.0 or addressed in the associated Matrix client SDKs.

Alex Balducci, Principal Security Consultant, NCC Group, said: “It was great to work with a team like Matrix, who take security seriously and have a passion for this line of work. While challenging, the engagement was a great experience and I’m glad to have had the opportunity to play a role in it. The goal of open interoperable cryptography on the Internet is a worthy one, and we wish the project the best success. I also want to call out the Open Technology Fund for helping support this engagement and making the Internet a more secure place!”

End-to-end encryption is available today in clients built on Matrix’s matrix-js-sdk, matrix-ios-sdk or matrix-android-sdk, such as Riot.

How does it work?

• A 'cryptographic ratchet' generates a sequence of keys that can be used to encrypt a series of messages. It’s easy to step forwards in the sequence, but unfeasibly hard to step backwards – just like a mechanical ratchet, meaning that a stolen ratchet can’t decrypt older history.
• Olm implements the ‘double ratchet’ algorithm popularised by Open Whisper Systems’ Signal, where sequences of messages from a sender are encrypted with keys from the same ratchet sequence. A new ratchet is created (by advancing another ratchet) every time the conversation changes direction.
• Megolm is an entirely new algorithm, which implements a separate ratchet per sending device participating in a group conversation – each device sends a series of messages encrypted with keys from that ratchet. The room specifies how frequently senders should replace their ratchet (e.g. whenever a new user joins, leaves, every N messages, every N days etc).