End-to-End Encryption: How It Works

Omkar HiremathThu, 08/13/2020 - 09:25

End-to-end encryption (E2EE) is one of the safest ways to communicate online today. It’s almost impossible to hack, and common attacks like man in the middle, POODLE, and BEAST fail to break its security. Because of this, a lot of companies have been wanting to implement end-to-end encryption.

For some of the companies, implementing end-to-end encryption is not worth it because they don’t have sensitive data in transit. But if you are one of those people who’s planning to implement it, this post will give you a brief idea of how it works.

How End-to-End Encryption Works

The basic purpose of end-to-end encryption  is to make sure that the data is available in its original form only to the sender and the receiver. Now let’s see how end-to-end encryption achieves this. End-to-end encryption can be implemented in two ways: asymmetric encryption and symmetric encryption. I’ll explain each of these techniques, starting with asymmetric encryption, which is most commonly known as public key cryptography.

E2EE Using Public Key Cryptography/Asymmetric Encryption

The asymmetric encryption technique uses two keys for the process of encryption and decryption: a public key and a private key.

A public key is used by the person sending the message to encrypt the data. You can share the same public key to every user sending data to the same recipient.

The private key is used by the recipient to decrypt the data. Only the recipient should have this key because it’s the only key that can decrypt the data.

Let’s look at an example of how these keys are used. Imagine a scenario where Tony has to send sensitive data to Steve. First, Steve will generate a public and a private key. Then, he will share his public key with Tony. Tony will then use Steve’s public key to encrypt data and send the encrypted data to Steve. When Steve receives the data, Steve uses his private key to decrypt the data.

Only Steve’s private key can decrypt the encrypted data. So, even if somebody gets access to the data during transmission, they won’t be able to convert it to its original form. And that’s how the data is secure.

Now let’s see how symmetric end-to-end encryption works.

E2EE Using Symmetric Encryption

This technique uses the same keys for encryption and decryption. But there’s one problem here. Consider that Tony and Steve have to communicate again by using symmetric encryption this time.

To start the conversation, Tony and Steve have to agree on the same key. If Steve sends this key over an insecure medium, hackers can attain the key and use it to decrypt the data that Tony sends. To avoid this, it’s important to share keys in a secure fashion. So, now, let me explain how you can securely share the keys.

Diffie-Hellman Key Exchange

The Diffie-Hellman key exchange is one of the most popular ways to exchange keys securely. This algorithm uses mathematical operations but to keep it simple, I’ll just explain its process. So instead of using keys, I’ll use colors to represent the keys.

E2EE Diagram

Both Tony and Steve agree on a common key (represented in yellow on our infographic). Then, each of them adds their secret key to the common key to obtain an intermediate key. Suppose Tony’s secret key is color red, he mixes red with yellow to obtain the intermediate key (the color orange, as shown above). Likewise, when Steve mixes yellow with blue (his secret key), the intermediate key/color he gets is color green. These intermediate keys are exchanged with each other. Then both Tony and Steve add their secret key to the intermediate keys to obtain a final key. Using this technique, both parties obtain the final key without actually sharing it with each other. You can learn more about Diffie-Hellman algorithm here.

E2EE Is Only the Beginning

So, these are the two ways you can use to implement end-to-end encryption for your application. Although it seems simple and easy, implementing end-to-end encryption can be hard. If you’re looking to learn about end-to-end encryption in detail or want to implement it for your application, you can register to this end-to-end encryption course .