What Is End-to-End Encryption?

End-to-end encryption (E2EE) is a secure communication method that prevents third parties from accessing data while it is transferred from one endpoint or device to another. With E2EE, data is encrypted on the sender’s system or device, and only the intended recipient can decrypt it. Along the way, the message cannot be read or tampered with by internet providers, apps, hackers, or any other third party.

Many popular messaging apps, including Facebook Messenger and WhatsApp, use end-to-end encryption. These companies have faced controversy over implementing E2EE because the technology prevents organizations from sharing user information with authorities and can potentially enable communication between individuals involved in illegal activities.

How Does End-to-End Encryption Work?

The cryptographic keys used to encrypt and decrypt messages are stored on the endpoints. This approach uses public key encryption (asymmetric encryption).

Asymmetric encryption uses a public key (which can be shared with anyone) and a private key (which must be kept secret). Data encrypted with the public key can only be decrypted with the corresponding private key.

In online communications, there is almost always an intermediary that relays messages between two parties—usually a server owned by an internet provider, telecom company, or other organization. The public key infrastructure used by E2EE ensures that intermediaries cannot read the messages being sent.

To ensure that a public key is legitimate and created by the intended recipient, it is embedded in a certificate signed with the digital signature of a recognized certificate authority (CA). Since the CA’s public key is widely distributed and trusted, certificates signed with it can be considered authentic. The certificate links a specific recipient’s name and public key, and the CA will not sign a certificate that links a different public key to the same name.

The following diagram shows what happens when Peter sends Alice a message using end-to-end encryption.

How Is E2EE Different from Other Types of Encryption?

End-to-end encryption is unique compared to other encryption systems because only the endpoints—the sender and the recipient—can decrypt and read the message.

Symmetric key encryption also provides continuous encryption from sender to recipient, but it uses a single secret key to encrypt messages. The key, which may be a password, code, or randomly generated string, is sent to the recipient so they can decrypt the message. The code can be complex, and the message will appear as a random string of characters to intermediaries relaying it. However, no matter how strong the key is, if an intermediary obtains it, the message can be intercepted, decrypted, and read. End-to-end encryption with two keys prevents third parties from accessing the key and decrypting the message.

End-to-end encryption uses an asymmetric approach. Here’s how it compares to symmetric encryption methods.

Another common encryption strategy is encryption in transit. In this approach, messages are encrypted by the sender, intentionally decrypted at an intermediate point (such as a messaging app’s server), then re-encrypted and sent to the recipient. The message is unreadable during transmission and may be encrypted with two keys. However, this is not end-to-end encryption, since the message is decrypted before reaching the final recipient.

Encryption in transit prevents messages from being intercepted while traveling, but it creates potential vulnerabilities at the intermediate point where they are decrypted. The TLS (Transport Layer Security) protocol is an example of encryption in transit.

How Is End-to-End Encryption Used?

End-to-end encryption is used whenever data security is essential, including in finance, healthcare, and communications. It is often used to help companies comply with privacy and data security regulations and laws.

For example, E2EE is used in point-of-sale (POS) systems to protect sensitive customer payment card data. Enabling E2EE also helps retailers comply with the Payment Card Industry Data Security Standard (PCI DSS), which requires that card numbers, magnetic stripe data, and security codes are not stored on client devices.

What Does End-to-End Encryption Protect Against?

E2EE protects against two main threats:

• Eavesdropping: E2EE prevents anyone except the sender and recipient from reading message information during transmission, since only they have the keys to decrypt the message. While the message may be visible to an intermediate server that helps deliver it, it will be indecipherable and unreadable.
• Interception: E2EE also protects against interception of encrypted messages. It is impossible to predictably alter a message encrypted with E2EE, so any tampering attempts will be detected.

What Does End-to-End Encryption Not Protect Against?

While E2EE key exchange is considered secure when using well-known algorithms and current computing power, there are several potential weaknesses, including:

• Metadata: E2EE protects the information inside the message, but not information about the message, such as the date and time sent or the participants. This metadata can give attackers clues about where to intercept information when it is decrypted.
• Compromised Endpoints: If any endpoint is compromised, a cybercriminal can see the message before it is encrypted or after it is decrypted. Attackers can also obtain keys from compromised endpoints and perform a man-in-the-middle (MiTM) attack using a stolen public key.
• Vulnerable Intermediaries: Sometimes providers claim to offer end-to-end encryption, but in reality, their systems are closer to encryption in transit. Data may be stored on an intermediate server, where it can be accessed.

Advantages of End-to-End Encryption

The main advantage of end-to-end encryption is a high level of data privacy, provided by the following features:

• Security in Transit: E2EE uses public key (asymmetric) encryption, with private keys stored on endpoint devices. Messages can only be decrypted with these keys, so only people with access to the endpoints can read them.
• Protection from Unauthorized Access: With E2EE, the decryption key does not need to be transmitted—the recipient already has it. If a message encrypted with a public key is altered or tampered with during transmission, the recipient will not be able to decrypt it, so the altered content will not be visible.
• Regulatory Compliance: Many industries are subject to regulations requiring data security at the encryption level. E2EE can help organizations protect data by making it unreadable.

Disadvantages of End-to-End Encryption

While E2EE is effective for securing digital communications, encryption does not guarantee data privacy. Disadvantages include:

• Difficulty Defining Endpoints: Some E2EE implementations allow encrypted data to be decrypted and re-encrypted at certain points during transmission. It is important to clearly define and separate endpoints in communication.
• Too Much Privacy: Governments and law enforcement agencies have expressed concern that end-to-end encryption can shield criminals and allow them to evade police surveillance, since service providers cannot give authorities access to content.
• Visible Metadata: While messages are encrypted and unreadable, information about the message—such as the date sent and recipient—is visible and can provide useful information to attackers.
• Endpoint Security: If endpoints are compromised, encrypted data can be exposed.
• Not Future-Proof: While end-to-end encryption is currently a powerful technology, there are concerns that quantum computing may eventually make traditional cryptography obsolete.

Applications That Use E2EE

The first widely used E2EE messaging software was Pretty Good Privacy (PGP), which protected email, stored files, and digital signatures. Messaging apps often use end-to-end encryption, including Apple iMessage, Jabber, and Signal Protocol (formerly TextSecure Protocol). POS terminal providers also use E2EE protocols to comply with PCI DSS.

After significant protests from users and major tech companies, UK lawmakers recently decided to remove Clause 122 from the Online Safety Bill. This clause would have given regulators access to personal messages protected by end-to-end encryption. In June, Apple stated that removing end-to-end encryption would empower hackers and scammers. Encrypted messengers like WhatsApp and Signal also threatened to leave the UK if the new rules were adopted.