Riot uses the end-to-end encryption baked in Matrix in order to protect conversations.
What it means for the user
Encrypting end-to-end means that a conversation can be read only by the devices involved in it, the servers won’t have any visibility on the content of the discussion. Users are notified when new devices for a user join the discussion, allowing them to verify that they are sending messages to devices they trust.
HOW SECURE IS IT?
When end-to-end encryption is enabled in a room, all messages and file attachments are fully encrypted so that only the participants in the conversation can decrypt them. For maximum security you should verify the identity of the devices you are sending to, to ensure they are controlled by the right person; Riot helps you with this process. Two-participant VoIP and Video calls are also fully encrypted end-to-end (multi-way calls however are not available in encrypted rooms, as the server has to mix the calls together). Information about a room such as its name, topic, avatar and membership is currently unencrypted. The encryption used is built on an independent implementation of the Double Ratchet algorithm popularised by Signal.
As of May 2017 Riot’s end-to-end encryption is technically in beta, but this is due to some residual stability bugs and missing usability features. Once these are resolved we plan to get the full implementation security assessed and out of beta. End-to-end encryption will then be turned on by default for private conversations.
What are the technical details?
Matrix provides state-of-the-art end-to-end encryption as a first-class citizen using the Olm and Megolm cryptographic ratchets, ensuring that only explicitly authorized devices can participate in a conversation. Our design and reference implementation has undergone a security assessment by NCC Group in September 2016.
Olm is an implementation of the Double Ratchet developed by Matrix.org, and is used to secure one-to-one communication without sharing history. Megolm is a separate ratchet developed specifically for encrypting Matrix rooms, which optionally supports replaying conversation history. Megolm uses Olm for sharing its encryption state between devices.