What is end-to-end encryption?

Who I am
Pau Monfort
@paumonfort

End-to-end encryption is an important security feature, but how exactly does it work? As we use digital correspondence a lot in our daily lives, the hot topic of “end-to-end encryption” appears in the news every now and then. But what is end-to-end encryption and how does it differ from other types of encryption?


Let's break down this encryption method and see why it's so important.

What is “end-to-end encryption”?

End-to-end encryption is a way to protect communications from prying eyes. If you are sending a message over the Internet to someone else without proper encryption, people watching your connection can see what you are sending. This is known as a man-in-the-middle attack.



Therefore, messaging services sometimes use end-to-end encryption (E2EE) to protect their users. Some of the best instant messaging services use E2EE to stop people from snooping on their users.


To achieve this, the service implements a method that allows users to automatically encrypt their messages. Before someone sends a message, they encrypt it using the so-called "key". This key makes the message unreadable, so nosy people can't see what it says.

When the message arrives on the recipient's device, the app uses a key to untangle the message into what it was originally said. Now the recipient can read what the message said and hackers are kept out of the equation.

How to enable and disable end-to-end encryption in Zoom

How does E2EE differ from other types of encryption?

You may be confused as to how this encryption method differs from other methods. Indeed, the actual mechanisms behind E2EE are similar to other types of encryption. The main difference, however, is the answer to this question: Who holds the encryption keys?




When using a service with encryption other than E2EE, you can send messages to your friend using a key provided by the service. This is great for preventing hackers from peeking into your communications, but it does mean that the people running the service you're using can technically read what you send.

It's like using a messaging app to talk to your friend and the developers who designed the app tell you to use the “APPLE” key to encrypt your data. Sure, random hackers can't read what you say, but the developers know you're using APPLE as a key. This means that they can decrypt your messages as you send them and read everything you say.

When a company uses this type of encryption, it becomes a matter of trust. Do you think the company that runs the messaging app turns a blind eye and lets you talk privately? Or will they use the APPLE key to open your security and read all the juicy details?


This is not a problem for E2EE. As you might expect from the “end-to-end” in its name, E2EE works by allowing each user to generate their own encryption keys on their device. This way, no one, not even messaging app developers, can decrypt messages without physically taking your device.

This is why E2EE is so popular and why some secure email apps use it. Users don't need to trust a faceless company. They have everything they need to encrypt on their own.


There are a few ways to accomplish this, but “public key cryptography” and “Diffie-Hellman key exchange” are some of the more well-known methods.


What is encryption? Cryptanalysis, RC4, CrypTool

Achieving E2EE with Public Key Cryptography

When a program uses public key cryptography, each service user receives two keys. The first is their public key, which can be freely viewed and distributed to anyone. However, it is worth noting that the public key can only encrypt data; it cannot be used to decrypt it.

Each user also receives a private key, which is never shared and resides permanently on their device. The private key is designed so that the private key can decrypt any encrypted data using the public key. However, you should also note that the private key can only decrypt the data; it is never used to encrypt it.

When two people want to talk to each other, they exchange public keys. Then they use the other person's public key to encrypt their messages. Once a public key encrypts it, it can only be successfully decrypted by the recipient's private key, which never leaves his device.

A non-technical example of public key cryptography

To better imagine how this system works, imagine that Bob and Alice want to talk to each other. To achieve this, they purchase a safe deposit box from a somewhat quirky security company.

Here's how it works.

A safe can be swiped with a “lock” or “unlock” card to lock or unlock it. Each user has a unique "lock" and "unlock" card to use on the safe. Also, you can order a copy of a specific person's “unlock” card from the company, but you can never order someone's “unlock” card.


Bob has two cards: BOB LOCK and BOB UNLOCK. Alice also has her own set of cards, ALICE LOCK and ALICE UNLOCK.


If Bob closes the safe and swipes the BOB LOCK card, the safe will lock itself. It will remain locked, even if Bob passes the BOB LOCK card a second time. The only way to unlock it is to swipe BOB UNLOCK. No other person's unlocking cards will work.

Now, let's say Bob wants to send a message to Alice. He needs to order a copy of one of Alice's lock cards from the lockbox company to do so. The company allows this because it is not possible to use a security card to enter a safe deposit box. You can only use it to block one.

Bob orders an ALICE LOCK card. He then he writes a letter to Alice, puts it in the safety deposit box and then swipes the ALICE LOCK card. The safe is well closed and can only be unlocked if an ALICE UNLOCK card is swiped. Bob's unlock card is useless.

Now Bob can send the safe to Alice. Even if someone interested in the letter ordered their ALICE LOCK card and hijacked the box, he couldn't open it. Only an ALICE UNLOCK card can unlock it and Alice is the sole owner of that card.

Alice receives the safe from Bob, uses her ALICE UNLOCK card to open it and reads the letter. If Alice wishes to return a message, she can order and use a BOB LOCK card to return the safe. Now, only the BOB UNLOCK card can open it, which only Bob has.

How to encrypt Android, the complete guide

Achieve E2EE with Diffie-Hellman key exchange

If two people want to get E2EE over an unsecured network, there is a way to share the encryption keys in plain sight and not get hacked.

To do this, both parties first agree on a shared key. This key is openly shared, and the Diffie-Hellman key exchange system assumes that hackers will find out what this key is.

However, both parties then generate a private key on their devices. Then they add this private key to the shared one, then send their combined key to the recipient. When they receive the recipient's combined key, they add it to the private key to obtain a shared secret key to use for encryption.

A non-technical example of Diffie-Hellman key exchange

If we go back to Bob and Alice, let's say they use this technique to share information. First, they both agree on a shared number, let's say the number three. This is done publicly, so a nosy can theoretically eavesdrop on this number.

So Bob and Alice pick a number privately. Let's say that Bob chooses the number eight and Alice chooses the five. Then, they add the chosen number to the agreed shared number and give the other person the result.

  • Bob takes the shared key (3) and his private key (8) and gets 11 (8 + 3). He gives Alice the number 11.
  • Alice takes the shared key (3) and her private key (5) and gets 8 (5 + 3). She gives Bob the number 8.

This sharing is also done in public, so once again a nosy can potentially see that Bob shared 11 and Alice shared 8.

Once the sharing is done, each party adds what they received with their private number. This results in both parties getting the same number due to how one addition-only sum doesn't care about the order.

  • Bob gets Alice's combined number (8), adds her private number (8) to it, and gets 16. (8 + 8)
  • Alice gets Bob's combined number (11), adds her own private number (5) and gets 16. (11 + 5)
  • Either party can encrypt messages using key "16", which no one but Bob and Alice is aware of.

Of course, in this example, a hacker could crack this code very easily. All they need is the shared key, the key sent by Bob and the key sent by Alice, which are sent in broad daylight.

However, programmers implementing Diffie-Hellman key exchange will implement complex equations that are difficult for hackers to crack and still give the same result regardless of the order in which the numbers are entered.

This way, hackers are left baffled as to what generated the numbers while Bob and Alice chat securely using the shared key.

How to encrypt a USB key and protect your data

Send data securely using E2EE

If you don't want to trust companies that don't peek at your data, you don't have to. Using E2EE methods, no one can peek at your messages until they arrive safely at their destination.

If all this cryptography talk has made you want to harden your computer's security, did you know that there are several ways to encrypt your daily life?

Further Reading:

  • How to enable and disable end-to-end encryption in Zoom
  • How to change the PIN in Bitlocker
  • What is encryption? Cryptanalysis, RC4, CrypTool
  • How to password protect a zip file and folder
  • How to password protect a folder in Windows 10
add a comment of What is end-to-end encryption?
Comment sent successfully! We will review it in the next few hours.