Katana VentraIP

End-to-end encryption

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one else, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.[1]

End-to-end encryption is intended to prevent data being read or secretly modified, other than by the true sender and recipient(s). The messages are encrypted by the sender but the third party does not have a means to decrypt them, and stores them encrypted. The recipients retrieve the encrypted data and decrypt it themselves.


Because no third parties can decipher the data being communicated or stored, for example, companies that provide end-to-end encryption are unable to hand over texts of their customers' messages to the authorities.[2]


In 2022, the UK's Information Commissioner's Office, the government body responsible for enforcing online data standards, stated that opposition to E2EE was misinformed and the debate too unbalanced, with too little focus on benefits, since E2EE helped keep children safe online and law enforcement access to stored data on servers was "not the only way" to find abusers.[3]

E2EE and privacy[edit]

In many messaging systems, including email and many chat networks, messages pass through intermediaries and are stored by a third party,[4] from which they are retrieved by the recipient. Even if the messages are encrypted, they are only encrypted 'in transit', and are thus accessible by the service provider,[5] regardless of whether server-side disk encryption is used. Server-side disk encryption simply prevents unauthorized users from viewing this information. It does not prevent the company itself from viewing the information, as they have the key and can simply decrypt this data.


This allows the third party to provide search and other features, or to scan for illegal and unacceptable content, but also means they can be read and misused by anyone who has access to the stored messages on the third-party system, whether this is by design or via a backdoor. This can be seen as a concern in many cases where privacy is very important, such as businesses whose reputation depends on their ability to protect third party data, negotiations and communications that are important enough to have a risk of targeted 'hacking' or surveillance, and where sensitive subjects such as health, and information about minors are involved.


It is important to note that E2EE alone does not guarantee privacy or security.[6] For example, data may be held unencrypted on the user's own device, or be accessible via their own app, if their login is compromised.

Etymology of the term[edit]

The term "end-to-end encryption" originally only meant that the communication is never decrypted during its transport from the sender to the receiver.[7] For example, around 2003, E2EE has been proposed as an additional layer of encryption for GSM[8] or TETRA,[9] in addition to the existing radio encryption protecting the communication between the mobile device and the network infrastructure. This has been standardized by SFPG for TETRA.[10] Note that in TETRA E2EE, the keys are generated by a Key Management Centre (KMC) or a Key Management Facility (KMF), not by the communicating users.[11]


Later, around 2014, the meaning of "end-to-end encryption" started to evolve when WhatsApp encrypted a portion of its network,[12] requiring that not only the communication stays encrypted during transport,[13] but also that the provider of the communication service is not able to decrypt the communications either by having access to the private key, or by having the capability to undetectably inject an adversarial public key as part of a man-in-the-middle attack. This new meaning is now the widely accepted one.[14]

Modern usage[edit]

As of 2016,[15] typical server-based communications systems do not include end-to-end encryption.[16] These systems can only guarantee the protection of communications between clients and servers,[17] meaning that users have to trust the third parties who are running the servers with the sensitive content. End-to-end encryption is regarded as safer[18] because it reduces the number of parties who might be able to interfere or break the encryption.[19] In the case of instant messaging, users may use a third-party client or plugin to implement an end-to-end encryption scheme over an otherwise non-E2EE protocol.[20]


Some non-E2EE systems, such as Lavabit and Hushmail, have described themselves as offering "end-to-end" encryption when they did not.[21] Other systems, such as Telegram and Google Allo, have been criticized for not enabling end-to-end encryption by default. Telegram did not enable end-to-end encryption by default on VoIP calls while users were using desktop software version, but that problem was fixed quickly.[22][23] However, as of 2020, Telegram still features no end-to-end encryption by default, no end-to-end encryption for group chats, and no end-to-end encryption for its desktop clients.


Some encrypted backup and file sharing services provide client-side encryption. The encryption they offer is here not referred to as end-to-end encryption, because the services are not meant for sharing messages between users. However, the term "end-to-end encryption" is sometimes incorrectly used to describe client-side encryption.[24]

Challenges[edit]

Man-in-the-middle attacks[edit]

End-to-end encryption ensures that data is transferred securely between endpoints. But, rather than try to break the encryption, an eavesdropper may impersonate a message recipient (during key exchange or by substituting their public key for the recipient's), so that messages are encrypted with a key known to the attacker. After decrypting the message, the snoop can then encrypt it with a key that they share with the actual recipient, or their public key in case of asymmetric systems, and send the message on again to avoid detection. This is known as a man-in-the-middle attack (MITM).[1][25]

Comparison of instant messaging protocols

– a table overview of VoIP clients that offer end-to-end encryption

Comparison of VoIP software § Secure VoIP software

Diffie–Hellman key exchange

End-to-end auditable voting systems

Point-to-point encryption

Ermoshina, Ksenia; Musiani, Francesca; Halpin, Harry (September 2016). (PDF). In Bagnoli, Franco; et al. (eds.). Internet Science. INSCI 2016. Florence, Italy: Springer. pp. 244–254. doi:10.1007/978-3-319-45982-0_22. ISBN 978-3-319-45982-0.

"End-to-End Encrypted Messaging Protocols: An Overview"