End-to-end encryption

From Wikipedia, the free encyclopedia
Jump to: navigation, search

End-to-end encryption (E2EE) is a system of communication where only the people communicating can read the messages. No eavesdropper can access the cryptographic keys needed to decrypt the conversation, including telecom providers, Internet providers and the company that runs the messaging service.[1] Surveillance and tampering are impossible because no third-parties can decipher the data being communicated or stored. For example, companies that use end-to-end encryption can’t hand over texts of their customers’ messages to the authorities.[2]

Key Exchange[edit]

In an E2EE system, encryption keys must only be known to the communicating parties. To achieve this goal, E2EE systems can encrypt data using a pre-arranged string of symbols, called a pre-shared secret (PGP), or a one-time secret derived from such a pre-shared secret (DUKPT). They can also negotiate a secret key on the spot using Diffie-Hellman key exchange (OTR).[3]

Modern usage[edit]

Examples of end-to-end encryption include PGP and S/MIME for email; OTR, iMessage or Signal for instant messaging; Tresorit, MEGA or SpiderOak for cloud storage; ZRTP or FaceTime for telephony; and TETRA for radio.

As of 2016, typical server-based communications systems do not include end-to-end encryption. These systems can only guarantee the protection of communications between clients and servers, meaning that users have to trust the third-parties who are running the servers with the original texts. End-to-end encryption is regarded as safer because it reduces the number of parties who might be able to interfere or break the encryption.[4] In the case of instant messaging, users may use a third party client (e.g. Pidgin) to implement an end-to-end encryption scheme (e.g. OTR) over an otherwise non-E2EE protocol.[5]

Some non-E2EE systems, for example Lavabit and Hushmail, have described themselves as offering "end-to-end" encryption when they did not.[6]


Man-in-the-Middle attacks[edit]

End-to-end encryption ensures that data is transferred securely between endpoints. But, rather than try to break the encryption, an eavesdropper may impersonate a message recipient (during key exchange or by substituting her public key for the recipient's), so that messages are encrypted with a key known to the attacker. After decrypting the message, the snoop can then encrypt it with a key that she shares with the actual recipient, or his public key in case of asymmetric systems, and send the message on again to avoid detection. This is known as a man-in-the-middle attack.[1][7]

Most cryptographic protocols include some form of endpoint authentication specifically to prevent MITM attacks. For example, one could rely on certification authorities or webs of trust.[8] An alternative technique is to generate unique one-time strings of characters based on the communicating users’ public keys or shared key. The parties compare their phrases using a trusted communication channel before starting their conversation. If the characters match, there’s no man in the middle.[1]

Endpoint security[edit]

The end-to-end encryption paradigm does not directly address risks at the communications endpoints themselves. Each users’ computer can still be hacked to steal his or her cryptographic key or simply read the recipients’ decrypted messages. Even the most perfectly encrypted communication pipe is only as secure as the mailbox on the other end.[1]

Companies may also willingly or unwillingly introduce back doors to their software that help subvert key negotiation or bypass encryption altogether. In 2013, information leaked by Edward Snowden showed that Skype had a back door which allowed Microsoft to hand over their users' messages to the NSA despite the fact that those messages were officially end-to-end encrypted.[9][10]

See also[edit]


  1. ^ a b c d "Hacker Lexicon: What Is End-to-End Encryption?". WIRED. Retrieved 22 December 2015. 
  2. ^ McLaughlin, Jenna (21 December 2015). "Democratic Debate Spawns Fantasy Talk on Encryption". The Intercept. 
  3. ^ Chris Alexander, Ian Avrum Goldberg (February 2007). "Improved User Authentication in Off-The-Record Messaging" (PDF). Proceedings of the 2007 ACM workshop on Privacy in electronic society (New York: Association for Computing Machinery): 41–47. doi:10.1145/1314333.1314340. 
  4. ^ "End-to-End Encryption". EFF Surveillance Self-Defence Guide. Electronic Frontier Foundation. Retrieved 2 February 2016. 
  5. ^ "How to: Use OTR for Windows". EEF Surveillance Self-Defence Guide. Electronic Frontier Foundation. Retrieved 2 February 2016. 
  6. ^ Grauer, Yael. "Mr. Robot Uses ProtonMail, But It Still Isn’t Fully Secure". WIRED. 
  7. ^ Schneier, Bruce; Ferguson, Niels; Kohno, Tadayoshi (2010). Cryptography engineering : design principles and practical applications. Indianapolis, IN: Wiley Pub., inc. p. 183. ISBN 978-0470474242. 
  8. ^ "What is man-in-the-middle attack (MitM)? - Definition from WhatIs.com". IoT Agenda. Retrieved 7 January 2016. 
  9. ^ Goodin, Dan (20 May 2013). "Think your Skype messages get end-to-end encryption? Think again". Ars Technica. 
  10. ^ Greenwald, Glenn; MacAskill, Ewen; Poitras, Laura; Ackerman, Spencer; Rushe, Dominic (12 July 2013). "Microsoft handed the NSA access to encrypted messages". the Guardian.