Chat App 2 - End-to-End Encryption & Federation

Interview-Ready Approach

1) Clarify Scope and SLOs

• •Problem statement: Add E2E encryption, cross-org messaging, and scale to 50 M users across regions.
• •Design for a peak load target around 80,000 RPS (including burst headroom).
• •Total users: 50,000,000
• •Concurrent connections: ~15,000,000
• •Messages per day: ~2,000,000,000
• •Regions: 5
• •Max devices per user: 5

2) Capacity Planning Method

• •Convert traffic and growth constraints into request rate, storage growth, and concurrency budgets.
• •Keep at least 2-3x safety margin per tier (ingress, compute, storage, async workers).
• •Reserve explicit latency budgets per hop so p95 can be defended in review.

3) Architecture Decisions

• •WebSockets: Use persistent connection gateways and decouple fanout via pub/sub or queues.
• •Databases: Define a clear system-of-record and design read/write paths separately before adding optimizations.
• •Auth: Centralize identity verification and keep authorization checks close to domain resources.
• •Geo Distribution: Route users to nearest region/edge while keeping write-consistency boundaries explicit.
• •Replication: Separate primary write path from replicated read path and define lag tolerance per feature.
• •Consistency: Classify operations by consistency requirement: strong for money/inventory, eventual for feeds/analytics.

4) Reliability and Failure Strategy

• •Track connection churn, backpressure, and session resumption behavior.
• •Use strong write constraints (transactions or conditional writes) and explicit backup/restore strategy.
• •Use short-lived tokens and secure key rotation workflows.
• •Design region failover and data residency controls as first-class requirements.
• •Monitor replication lag and have failover runbooks with recovery point objectives.

5) Validation Plan

• •Run one peak-load test, one dependency-degradation test, and one failover test.
• •Verify idempotency for all retried writes and async consumers.
• •Track user-facing SLOs first: p95 latency, error rate, and successful throughput.

6) Trade-offs to Call Out in Interviews

• •WebSockets: WebSockets reduce interaction latency but complicate scaling and state management.
• •Databases: SQL gives stronger transactional guarantees; NoSQL often gives better write scaling and flexibility.
• •Auth: Central auth simplifies policy, but makes auth service availability/security critical.
• •Geo Distribution: Global latency improves, but cross-region consistency and operations become harder.
• •Replication: Replication improves read scale and DR posture but complicates consistency semantics.

Practical Notes

• •The Signal Protocol (Double Ratchet) is the gold standard for E2EE - study its key management model.
• •Per-device keys mean sending a message to a user with 5 devices requires 5 encrypted copies.
• •Federation introduces the challenge of cross-org key exchange - consider a key transparency log.