End-To-End encryption(E2EE) - The first glance

ABSTRACT


Nowadays, we have many chats and video call applications. This application is a part of your life and you can not live without it. A billion messages, pictures, and video calls are made daily. The data was transferred around the world. This application was provided by 3rd party to help you and your friend, client, or co-worker… communicate. And, have you ever asked that somebody can read your messages without permission? Yes, they can. This is the main reason a new security method was released. That is End-To-End encryption aka E2EE. In this article, we will have a first glance at E2EE.

Source: [1]

WHAT IS E2EE


End-to-end encryption (E2EE) is a secure communication method that prevents third parties from accessing data while it's transferred from one end system or device to another. That means, only you and your partner can read messages to each other. As such, no one, including the communication system provider, telecom providers, Internet providers, or malicious actors, can access the cryptographic keys needed to converse. The messages are encrypted by the sender but the third party does not have a means to decrypt them and stores them encrypted. The recipients retrieve the encrypted data and decrypt it themselves. Many popular messaging service providers use end-to-end encryption, including Facebook, WhatsApp, Zoom, Telegram, and Signal….

Source: [1]

HOW DOES E2EE WORK?


To have an overall E2EE mechanism, you can see the image above. The conversation participant will create a pair of keys (public and private keys) with support from the server. The participant will save our private key and other’s public key. The server’s responsibility is to save the participant's public key and forward it to others who join the conversation. When the conversation is created, the participants will share the public key through the server. The mechanism to create or save the key is very complex, so I will not mention it in this article. We will have more articles to discuss about the algorithm. Because the server only saves the public key, it can not decrypt the message, only participants can. The image below describes the mechanism of creating and sharing keys with each other with the Diffie-Hellman Key Exchange Algorithm.


Source: [5]


E2EE is not simple like that. It is very complex. It has many concepts and algorithms such as One-Time Prekeys, X3DH, Double Ratchet Mechanism…In this introduction article, I do not mention.


ADVANTAGES OF END-TO-END ENCRYPTION


DISADVANTAGES OF END-TO-END ENCRYPTION


E2EE APPLICATIONS


E2EE is new but it is used in many applications and many domains. 



REFERENCE

[1] https://blog.etesync.com/end-to-end-encryption-what-it-is-and-why-it-is-needed/

[2] https://en.wikipedia.org/wiki/End-to-end_encryption

[3] https://www.techtarget.com/searchsecurity/definition/end-to-end-encryption-E2EE

[4] https://www.ibm.com/topics/end-to-end-encryption

[5] https://simple.wikipedia.org/wiki/Diffie-Hellman_key_exchange

We are a software development company based in Vietnam.

We offer DevOps development remotely to support the growth of your business.

If there is anything we can help with, please feel free to consult us.