What is End-to-End Encryption?

How your data is kept private on the web

At its core, end-to-end encryption is an implementation of asymmetric encryption. It protects data so it can only be read on the two ends—by the sender and by the recipient.

What Is Encryption?

Whenever you send private data to another computer or server on the internet, which happens many times a day, there is some risk involved. It's a bit like Little Red Riding Hood's mother sending her to her grandmother's house at the other side of the woods. Those woods, which she has to cross alone without defense, have an assortment of dangers.

Once you send the data packets of your voice call, chat, email, or credit card number over the internet, that information is vulnerable to a variety of threats, including theft. Your data pass through many unknown servers, routers, and devices where any hacker, government agency, or rogue agent can intercept them. To protect your data, you need encryption.

How Encryption Protects You

Encryption is the process of scrambling data such that it is impossible for any party intercepting it to read, understand, or make sense of. Only the intended recipient of the content is able to "unscramble" the data. When it reaches them, the scrambled data is changed to its original form, making it readable and comprehensible. This latter process is called decryption.

Key Terms

Let's complete the glossary. Unencrypted data is called plain text. Encrypted data is called ciphertext. And, the computer mechanism or recipe that runs on the data to encrypt it is called an encryption algorithm—software that works on data to scramble it.

An encryption key is used with the algorithm to scramble the plain text, such that the right key is required along with the algorithm to decrypt the data. Thus, only the party who holds the key can access the original data. The key is a long string of numbers that you do not have to remember or care for, as the software takes care of that.

Secure Socket Layer (SSL), or its latest updated version Transport Layer Security (TLS), is the standard for web-based encryption. When you enter a site that offers encryption for your data—normally these sites handle your private information like personal details, passwords, and credit card numbers—there are signs that indicate security and safety.

A Brief History of Encryption

Encryption, or as known before the digital age, cryptography, has been used for millennia before our time. Ancient Egyptians used to complicate their hieroglyphs to prevent lower-level people from understanding privileged information. Modern, scientific encryption came in the middle ages with Arab mathematician Al-Kindi, who wrote the first book on the subject. The craft reached a new level during World War II with the Enigma machine and Allied efforts to "decrypt" Nazi communications.

The first instant messaging and calling apps that came with end-to-end encryption came from Germany. Examples are Telegram and Threema.

Symmetric vs. Asymmetric Encryption

Here's an example to illustrate how encryption works: Tom wants to send a private message to Harry. The message is passed through an encryption algorithm and, using a key, it is encrypted. While the algorithm is available to anyone, the key is a secret between Tom and Harry. If a hacker intercepts the message in cyphertext, they can't decrypt it back to the original message unless they have the key, which they do not.

This is called symmetric encryption, in which the same key is used to encrypt and decrypt on both sides. This poses a problem as both legitimate parties need to have the key, which may involve sending it from one side to the other, potentially compromising the key. It is, therefore, not effective in all cases. 

Asymmetric encryption is the solution. Two types of keys are used for each party, one public key and one private key—that is, each party has a public key and a private key. The public keys are available to both parties, and to anyone else, as the two parties mutually share their public keys prior to communication. Tom uses Harry's public key to encrypt the message, which can now only be decrypted using Harry's public key and Harry's private key.

This private key is only available to Harry and to no one else, not even to Tom, the sender. This key is the one element that makes it impossible for any other party to decrypt the message because there is no need to send the private key.

What Is End-to-End Encryption?

End-to-end encryption is an example of asymmetric encryption. End-to-end encryption protects data, such that it can only be read on the two ends—by the sender and by the recipient. No one else can read the encrypted data, including hackers, governments, and the server through which the data passes.

End-to-end encryption implies some other important details. Consider two WhatsApp users communicating through instant messaging. Their data passes through a WhatsApp server while transiting from one user to the other. For other services that offer encryption, the data is encrypted during transfer but is protected only from outside intruders like hackers. The service can intercept the data at their servers and use them. They can potentially hand the data to third parties or to law enforcement authorities.

End-to-end encryption keeps the data encrypted, without any possibility of decryption, even at the server. Thus, even if they want to, the service cannot intercept or do anything with the data. Law enforcement authorities and governments are also among those who cannot access the data, even with authorization. Theoretically, no one can, except the parties at the two ends.

How to Use End-to-End Encryption

End-to-end encryption is not manually implemented by the user. Encryption services and software take care of the web security mechanisms.

For instance, your browser is equipped with end-to-end encryption tools, and they get to work when you engage in online activity that requires securing your data during transmission. Consider what happens when you buy something online using your credit card. Your computer needs to send the credit card number to the merchant. End-to-end encryption makes sure that only you and the merchant's computer can access this confidential number.

How Encryptions Is Used on the Web

In your browser's address bar, the URL starts with https:// instead of http://, the additional s standing for secure. You also see an image somewhere on the page with the logo of Symantec (owner of TLS) and TLS. When clicked, this image opens a pop-up certifying the authenticity of the site. Companies like Symantec provide digital certificates to websites for encryption.

Voice calls and other media are also protected using end-to-end encryption. You benefit from the privacy of encryption by using these apps.

The above description of end-to-end encryption is simplified and illustrates the fundamental principle behind it. In practice, it is more complex, with competing standards and protocols. People spend their lives and careers studying and perfecting encryption.

Who Needs Encryption?

You may be wondering: "Do I need encryption?" Not always, but yes, you probably do. You may need encryption less often than it is actually used, but that's how security works. It also depends on the type of data you're transferring in your personal communications. If you have things to protect, then you will be thankful for end-to-end encryption.

Many people don't find encryption important for WhatsApp and other messaging apps. But we all need encryption when doing banking or e-commerce transactions online. In any case, encryption usually occurs without your knowledge, and most people don't know and don't care when and how their data is encrypted.

Was this page helpful?