What is end-to-end encryption, and is it secure?

End-to-end encryption has become an absolute necessity for messaging and communication today. How does it work?

Image of text with real time collaboration on a document with half blurred.

You’ve almost certainly used at least one of Apple iMessage, Android Messenger, Signal, WhatsApp, Telegram, Facebook Messenger, or Session - and likely many of them, even in the last day. These messaging apps are now used by billions of people worldwide to keep in touch, communicate, collaborate, and run businesses.End-to-end encryption is a communication method where only the communicating users can read messages or content. All data is encrypted on the sending device before it is sent, and can only be decrypted on the receiving device with the correct cryptographic key. This type of encryption keeps communications private, even if the network between the sender and receiver is compromised by malicious actors, hackers, or by malware.

How does it work?

End-to-end encryption keeps data private to senders and intended recipients. In a basic end-to-end encrypted communication product, all messages sent are encrypted using asymmetric encryption with a recipient’s public key, and decrypted by that recipient with their private key.In this formulation, a number of steps introduce additional complexity: Every participant must have access to asymmetric keypairs and store them either locally on their devices, or in the cloud encrypted with another key (such as using symmetric encryption with a user’s password). To send larger messages or more complex data, end-to-end encryption protocols, including PGP and WhatsApp, introduce symmetric keys to encrypt additional data, such as larger messages or files; these symmetric keys are subsequently encrypted end-to-end as well.More sophisticated encryption systems and protocols have yielded additional layers of data protection, such as forward secrecy (where compromising future messages would not compromise old messages) and deniability of message content).

Comparing protocols: Signal, WhatsApp, Matrix, and more

The Signal Protocol is the cryptography protocol that provides end-to-end encryption for the Signal family of messaging apps, which are free and open-source on Android, iOS, and desktop. The protocol is also used in other messaging applications, such as WhatsApp, Facebook Messenger, and Google Allo. Thus, the Signal protocol has become the basis of communication for quite literally billions of people and devices worldwide.The Signal Protocol is based on the Diffie-Hellman key exchange algorithm, which allows two parties to generate a shared secret key that can be used to encrypt and decrypt messages. The secret key is exchanged over an insecure channel, such as the Internet, and is never stored on any server. The Signal Protocol uses a combination of public-key and symmetric-key cryptography. Each user has a public key and a private key. The public key is used to encrypt plaintext messages, and the private key is used to decrypt encrypted data back into the original plaintext. The private key is never shared with any other user. The Signal Protocol is designed to be highly secure and protective of user metadata as well. It uses a variety of security features, such as perfect forward secrecy, to protect against eavesdropping and message tampering. Furthermore, Signal even protects group membership information, so no metadata could be collected on the groups of people who message each other.The Signal Protocol is constantly being improved by a team of security experts. The protocol has undergone a number of security audits, and is widely considered to be one of the most trustworthy, respected, and standard protocols for building messaging applications.WhatsApp adopted the Signal protocol in 2016, bringing end-to-end encryption to billions of users’ chat messages with a simple app update. Today, WhatsApp has maintained this level of privacy, encrypting user data, metadata, and more with many of the same benefits found in Signal, including perfect forward secrecy. WhatsApp’s encryption protocols differ slightly from Signal’s, wherein WhatsApp groups protect group membership to a lesser degree than Signal does. However, given WhatsApp’s reliability, popularity, and integrations, it remains an incredibly popular product and significant use of end-to-end encryption.Matrix offers a more decentralized, peer-to-peer alternative to Signal and WhatsApp. The Matrix Protocol is an open standard for secure, decentralized communication. It allows anyone to run their own Matrix server and participate in the Matrix network. Matrix provides a simple, standard API for communication, which makes it easy for new developers to create new applications that work with Matrix and use end-to-end encryption. Matrix provides guidelines for end-to-end encryption, as well as links to audits from reputable security companies. The Session messenger has become a popular consumer messaging app that implements the Matrix protocol for E2EE.

End-to-end encryption use cases

Password managers store passwords across all of your devices, allowing you to use strong passwords on every service and protect your account from compromise. A password manager typically uses a master password to encrypt and store the user's passwords. When the user needs to log in to a website or other service, the password manager can automatically fill in the password using a locally decrypted copy of the user’s password.Password managers are a clear case where end-to-end encryption is quite helpful in protecting users’ sensitive data. When a password is stored, it is encrypted with a key derived directly from the password password. Then, this encrypted data - which cannot be deciphered by the password manager service provider - is transmitted to some form of cloud storage. When a user needs to access their password manager, or use another device, the device downloads encrypted data and performs decryption using the master password as a symmetric decryption key. In this scheme, users’ passwords are never accessible to the service provider, as they are stored E2EE when transmitted to a cloud provider.VPNs also employ end-to-end encryption for hundreds of millions of people worldwide. A VPN, or Virtual Private Network, is a way to securely connect to another network over the Internet. A VPN can be used to access a private network, or a public one, like the Internet. A VPN uses end-to-end encryption to protect the data being sent from one point to another. This means that the data is encrypted at the source, and decrypted at the destination. A VPN is a great way to keep your data safe from eavesdroppers.When you connect to a VPN, all of the data that you send and receive is encrypted with a public key belonging to your device or the proxy server you are using to connect. This includes your web traffic, email, and any other data that you might be sending. Even if someone was able to intercept your data, they would not be able to read it, as it would be encrypted end-to-end using public keys that belong to nodes in the server infrastructure powering VPNs. When connecting to a site with a VPN, the VPN will encrypt your traffic using keys that belong to the proxy server, thereby making it appear as if you are coming from a different location. A VPN is a great tool to use if you want to keep your data safe and secure. By encrypting your traffic, you can be sure that your data is safe from eavesdroppers. And, by bypassing restrictions, you can access websites and services that might otherwise be blocked.The TLS protocol - or Transport Layer Security, is a cryptographic protocol designed to provide communication security over the Internet. TLS uses a combination of public-key and symmetric-key cryptography to provide data confidentiality, data integrity, and data authentication. TLS is the successor to the SSL (Secure Sockets Layer) protocol, and is used by millions of websites to protect sensitive information, such as credit card numbers and login credentials. TLS has become increasingly mandated by browsers and internet providers as it provides confidence that data from your device to a network provider will be end-to-end encrypted and protected from hackers or anyone with access to network traffic. Prior to TLS, hacks using insecure websites and network traffic were frequent as malicious parties could inspect and misuse traffic. Vulnerabilities in network traffic are also generally regarded as extremely severe and may trigger TLS protocol changes.Crypto wallets are digital wallets that store cryptocurrencies and allow you to transact with blockchains. While some types of crypto wallets - custodial wallets - give your wallet private keys to centralized providers (like Coinbase), others - non-custodial wallets - require individuals to keep custody of their private keys. Similar to how end-to-end encryption secures a password manager across multiple devices, these private keys can be synchronized across devices but require a password to unlock. Non-custodial crypto wallets have become quite popular, including MetaMask and Phantom, with tens of millions of users adopting them in phones or browsers.

Where does big tech stand?

Generally, big tech has lagged in privacy protections, as search and social media business models frequently include monetizing or selling user data to third parties. However, as consumers think more about privacy for their communication and collaboration, big tech has begun to invest in end-to-end encryption in their consumer products, from Facebook Messenger to Google’s Android Messenger.Meta/Facebook: Facebook has suffered from numerous user data scandals, such as Cambridge Analytica, wherein user data was given to and monetized by a third party. Meta also currently owns WhatsApp, the most widely used end-to-end encrypted messaging product, and has been investing into making Facebook and Instagram messengers end-to-end encrypted as well. These efforts have been met with significant delays as they start to grapple with the scalability and product challenges of transforming a product that previously used more simple encryption techniques (likely just encryption in transit) to one that keeps user data fully private and only available to the intended recipient.Google: Google has also faced significant criticism for monetizing and selling user data, particularly given their major business model is selling highly targeted search ads. Furthermore, Google has been criticized as the root of today’s “surveillance capitalism,” wherein users are monitored, microtargeted, and monetized. However, Google has also stepped up investments in end-to-end encryption, notably in their Allo messenger product, and later in Android Messenger as a default encryption scheme to protect user communications. Gmail as a communication provider does not employ end-to-end encryption.Microsoft: Microsoft recently rolled out end-to-end encrypted for certain Teams video conferences. However, the remainder of their products, including Outlook, are not end-to-end encrypted. Given this, more privacy-oriented products have emerged in the professional communications and collaboration space.Apple: Apple has increasingly focused marketing materials on privacy, encryption, and protecting user data, such as the “Privacy - That’s iPhone” marketing campaigns. Technically, Apple employs end-to-end encryption to protect user data by encrypting it on users’ devices (Mac, iPhone, etc.) and decoding the encrypted messages only at the destination (another user’s device, or another device from the same user). This ensures that no one in between can intercept and read the data, including Apple. Apple has, in the past, come into conflict with law enforcement regarding installing backdoors but generally pushed back.

Conclusion - Where should you use E2EE?

End-to-end encryption is a vital privacy protection needed for your most sensitive personal and professional communications. Using an E2EE messenger is vital given the level of data breaches, surveillance, and monetization typically performed with user data. Skiff also employs end-to-end encryption for all collaborative documents, files, and emails (with a whitepaper on the scheme available here). To learn more, we recommend studying more specific encryption protocols, such as the Signal Protocol, via their documentation and open-source work.