Cryptonomics: End-to End Encryption Explained

In the ever-expanding world of cyber communications, cyber-attacks have grown more and more prevalent. Developers looking to keep their user base safe from attacks are turning to methods of encryption for safe-keeping, with one prominent example being end-to-end encryption.

Ifeanyi Egede
May 4, 2021


According to a Fundera survey, cyber-attacks against small businesses grew by more than 400% last year. The same survey also showed that just 22% of these small businesses encrypt their databases. There are several security measures that small businesses and crypto projects/protocols can take to prevent such attacks against their customer information and businesses. One such measure involves using products or partnering with firms that utilize end-to-end encryption (E2EE).

Why End-To-End Encryption (E2EE)?

End-to-end encryption (E2EE) allows a lot more privacy for users. For example, when a conversation between two people is encrypted, no one else can view the content of their conversation. By contrast, chats over some apps such as Facebook messenger are unencrypted. Thus, Facebook can view all the messages between the communicators using that app. Apart from chat apps, E2EE can also happen in other services like email communications. For instance, PGP encryption and Protonmail are used for email E2EE encryption. E2EE gives you the confidence to share and store sensitive information or intimate personal conversations that you want other persons to access. Data security prevents the risk of a breach of customers' private information like credit card details and passwords. 

A U.S. National cybersecurity alliance survey showed that 60% of small businesses that experience cyber-attacks close down operations in less than six months of the breach. Such data breaches usually result in loss of money which can’t be recovered easily, coupled with the fact that customer recovery is also slow. Large-scale data breaches have proven over time to have severe negative consequences for end-users.

What Is End-To-End Encryption?

Encryption is a method of scrambling (encrypting) data to prevent it from being read by anyone except the recipient who can decrypt (unscramble) it. End-to-end encryption is a system of communication where only the sender and recipient can encrypt and decrypt the message between them. The first type of E2EE was known as Pretty Good Privacy (PGP) released by Phil Zimmerman in the early 90s. A piece of encrypted shared information doesn't just move from the sender to the recipient; it passes through several internet network nodes before it is delivered, even though the delivery is instant. An end-to-end encrypted data can't be accessed by an intermediary even if they intercept the data. Encryption can be symmetric or asymmetric. The same key is usually used for the encryption and decryption of symmetrically encrypted data. Conversely, there are different keys for the encryption and decryption of the shared data.  

Public encryption is used to encrypt a message and anyone can use it, while the private key is used to decrypt it and only the recipient holds such a key.

How End-To-End Encryption Works

Cryptography, which is the art of writing code, is the basis of all encryption. Information is encrypted through the codes generated from the cryptography. The sender uses an encryption key to scramble the data he wants to transfer which can only be unscrambled by the recipient. For instance, when a credit card user uses his card at a payment system, the data from the credit card is encrypted automatically and will remain so it gets to the payment processor before it can be decrypted. Apps such as Signal and WhatsApp encrypt data to ensure that only the sender and recipient can decrypt them. A key exchange usually starts all end-to-end encryption schemes. One crucial development in public-key cryptography is the Diffie-Hellman key exchange. It was the first popular technique for developing and exchanging keys safely using an insecure channel and it is still widely used in most security protocols like PGP, SSH, IPSec, and TLS.

What Is a Diffie-Hellman Key Exchange?

Developed by cryptographers, Ralph Merkle, Martin Hellman, and Whitfield Diffie, the Diffie-Hellman key exchange allows a sender and a recipient with no prior relationship to create a key through which they can communicate securely. Such a key can be combined with symmetric-key algorithms to transfer data securely.

In order to help with understanding how this key exchange works, let's use an analogy of two people mixing paint - let's name them Winfrey and Geoff. Suppose both of them agree to choose yellow as their common color. Then, each person chooses a secret color which they don't reveal to each other. Suppose Winfrey chooses red, while Geoff selects a slightly greenish-blue. Now, both of them need to mix their secret color with the mutually agreed-upon yellow color. The result is a deeper blue for Geoff and a shade of orange for Winfrey. After the mixing is complete, they switch colors. Thus, Winfrey is sent the deeper blue, while Geoff receives the shade of orange. The next step is for them to add their secret color to the switched colors they both received. So, Winfrey adds red to the deeper blue, Geoff adds greenish-blue to the orange mixture. Ironically, the result for both of them was the same - a brown color. Thus, Winfrey and Geoff have a shared color that is unique between them. 

This shared color is called the common secret. The most important point to note from this analogy (one which is also a crucial reason why the Diffie-Hellman exchange works) is that both of them had the same result without revealing their common color throughout the communication channel. Hence, an intruder listening to the shared conversation can only access the common color and the exchanged mixed colors. He won't know the secret color. The Diffie-Hellman key exchange structure makes it possible for two parties to communicate even over a highly dangerous connection and still create a shared secret to encrypt their future communications. Since the complete shared secrets are never revealed over the connection, any attacker listening in would not be able to access any useful information.

Other Methods of Data Encryption

Apart from E2EE, data can also be encrypted via tokenization and elliptic curve integrated encryption scheme.

Tokenization involves using a non-sensitive data element (called the token) to replace a sensitive one. The token only reverts to the sensitive data; it has no value or meaning. Hence, your business is secure since hackers can’t define the token because it is meaningless and has no value.

Elliptic curve integrated encryption scheme is a system that uses the 'common secret' to create independent bulk encryption and message authentication code (MAC) keys. The symmetric cipher is used to encrypt the data, while the mac is used to encrypt the cipher.

Closing Thoughts

As more security and privacy-conscious apps are being released, it has to be noted that end-to-end encryption can't provide absolute protection against cyberattacks. However, it reduces the exposure to it massively. Hence, all crypto projects/protocols and small businesses will improve security by adopting E2EE. The sooner they start using it, the sooner they can start keeping their customer database secure and safe from cyber assault.

No items found.
Ifeanyi Egede

Ifeanyi Egede is an experienced and versatile crypto writer and researcher on fintech, the blockchain and emerging technologies. He has several published works online and in the print media. He loves reading, research, traveling, meeting people and football. When he is not writing, he spends time with his lovely wife and kids