Information is wealth, and an important way to protect it is encryption. End-to-end (E2E) encryption in particular protects information in a way that has transformed human rights organisations’, law-enforcement agencies’, and technology companies’ outlook on their ability to access and use information about individuals to protect, prosecute or profit from them, as the case may be.
What is encryption?
Fundamentally, encryption is the act of changing some consumable information into an unconsumable form based on some rules. There are different kinds of such rules.
For example, (with particular settings) the Data Encryption Standard (DES) encrypts the words “ice cream” to AdNgzrrtxcpeUzzAdN7dwA== with the key “kite”. If the key is, say, “motorcycle”, the encrypted text becomes 8nR+8aZxL89fAwru/+VyXw==.
The key is some data using which a computer can ‘unlock’ (decrypt) some ‘locked’ (encrypted) text, knowing the set of rules used to ‘lock’ it.
Say I write down AdNgzrrtxcpeUzzAdN7dwA== on one piece of paper and “kite” on another piece of paper, crumple them both, and throw them at my friend across the room. Suddenly a man I didn’t notice in the middle of the room leaps up to snatch the piece of paper saying AdNgzrrtxcpeUzzAdN7dwA== and runs away with it. Because this fellow doesn’t know the key (“kite”), he won’t know what the piece of paper says.
This is how encryption protects information, digitally.
What is E2E encryption?
E2E is encryption that refers to particular locations between which information moves.
Say you are chatting with your friend on a messaging app. When you send a message, it first goes to a server maintained by the company that built the app; based on its instructions, the server routes the message to your friend.
In this setup, two important forms of encryption are encryption-in-transit and E2E encryption.
Encryption-in-transit means before a message is relayed from the server to you (or vice versa), it is encrypted. This scheme is used to prevent an actor from being able to read the contents of the message by intercepting the relay. In E2E encryption, the message is encrypted both in transit and at rest – i.e. when being relayed from your phone to the server (or vice versa) and when it is sitting inside the server. It is only decrypted when your friend receives the message.
How is information encrypted?
There are several ways to encrypt information depending on the level of secrecy and protection required. If some information is to remain encrypted for 100 years, a computer must require more than 100 years to decrypt it without the key.
One broad distinction is between symmetric and asymmetric encryption.
In symmetric encryption, the key used to encrypt some information is also the key required to decrypt it. DES is a famous example of a symmetric encryption protocol.
In a stronger version of DES, called Triple DES, the key a user provides is split into three parts. Let’s say they are “mot”, “orcy”, and “cle”. Then, the message – “ice cream” – is encrypted by the first part (“mot”); the result is decrypted by the second part (“orcy”); and its result is again encrypted by the third part (“cle”). The garbled text thus produced is then transmitted to the recipient along with the key.
Symmetric encryption is useful when the sender and the recipient are the same person, for example when you encrypt the hard drive of your computer. The Advanced Encryption Standard (AES), which you might have noticed when setting your WiFi password, is also a symmetric encryption algorithm.
In asymmetric encryption, if the message “ice cream” is encrypted using the key “motorcycle”, it can be decrypted using a different key that corresponds to “motorcycle” in a predetermined way.
For example, say you and your friend agree that if you use the key “motorcycle” to encrypt the message, your friend will use the key “helmet” to decrypt it, and if you use “banana” to encrypt, your friend will use “pineapple” to decrypt. You and your friend go to a party and find yourself standing far from each other, and you wish to send them a message. So you encrypt “ice cream” with “banana” as the key, and you shout out the encrypted text to your friend along with the word “banana”. Your friend now knows that they should decrypt the text using the key “pineapple” to reveal the underlying message.
In this situation, using asymmetric encryption, you have been able to reveal the encryption key without compromising your or your friend’s privacy.
The key you shouted out is called the public key; the corresponding key you agreed your friend would use is called the private key.
(Have a computer? Open the shell terminal – called Command Prompt on Windows and Terminal on OSX and Linux – type ssh-keygen, hit ‘enter’, and follow the next steps. You will soon have your own public and private keys.)
Asymmetric encryption will work as long as the private key and the correspondence between the public key and the private key are kept secret. In advanced implementations of asymmetric encryption, this correspondence is ‘stored’ in the solution of a mathematical problem that even a computer would require a long time to solve.
It is useful when the sender and the recipient are different. The level of protection it confers is greater the longer the key is.
There are different symmetric and asymmetric schemes that encrypt messages in different ways, i.e. using different hash functions.
What are hash functions?
The hash function is responsible for encrypting a message. These functions are expected to have many properties. Here are three for example:
(i) The function should accept an input message and produce an encrypted version – called the digest – in a way that, given the digest, doesn’t reveal what the message could be.
(ii) It should accept a message of any length and produce a digest of a fixed length, irrespective of how long or short the message is. This way, the length of the original message can’t be deduced from the length of the digest.
(iii) It should produce unique digests for unique messages.
For example, the hash function the DES algorithm uses has many steps, at the heart of which is a table called an S-box: it converts a six-bit value into a four-bit value. (The combination of the first and last digits is provided in a particular row and the middle four digits are provided in a particular column, and the cell where these two meet specifies a unique four-digit bit.)
DES is a type of symmetric cipher called a block cipher, meaning it operates on fixed-length blocks of information at a time, in this case 64 bits, with 56-bit keys. (The bits refer to the message converted to binary.)
A hash function called the Feistel function begins by splitting a block into two parts. In each part, it selects 16 bits and appends them to the end, extending the 32-bit block to 48 bits. This is fed to a XOR logic gate as one input, the other being a 48-bit subkey that’s derived from the key. The XOR gate’s output is then split into eight parts, each of which is remixed in a different S-box. The outputs of the eight S-boxes are finally arranged in a specified pattern.
The function repeats this process until the whole message has been encrypted.
DES was developed at IBM in the 1970s, and since then researchers have found ways to crack it. Nonetheless, its working provided an early illustration of the processes that could be used to obfuscate a message such that they would be easy to implement on computing hardware but hard enough to not be broken easily.
The messaging app WhatsApp uses the Curve25519 algorithm to create public keys for messages. Curve25519 uses the principles of elliptic-curve cryptography (ECC), which in turn is based on some concepts in algebraic geometry. ECC’s advantage is that it can provide the same level of security as another asymmetric encryption algorithm but with a shorter key.
Can E2E encryption be ‘cracked’?
Messaging apps with E2E encryption promise that even their parent companies won’t be able to read messages sent and received by its users. However, the informational content of the messages can still be accessed in other ways.
A common example is the man-in-the-middle (MITM) attack. This is related to the example earlier of an unnoticed man in the middle of the room jumping up to intercept your message to your friend. In that instance, the man didn’t have the key and couldn’t decrypt the message. In an MITM attack, this man is the attacker and he has been able to acquire the key to decrypt the message, either by hacking your device to obtain the encryption key as well as the correspondence between the encryption and decryption keys or by hacking your friend’s device to acquire the decryption keys.
MITM attacks can be prevented by using and comparing fingerprints. Each fingerprint is some data that uniquely identifies a key. Users can compare the fingerprints of their public keys in a separate channel (i.e. different from the one susceptible to an MITM attack) to make sure an attacker doesn’t intercept a message, modify it, re-encrypt it with a different key and send it to the intended recipient.
Another issue with E2E encryption is that it could induce complacency in a user who believes an attacker can’t access, say, an image they’re sending over a messaging app in any other way. Since the image may be stored on the sender’s device, an attacker can hack the device to obtain it.
Some potent malware can also ‘snoop’ on your messages by infiltrating your device via other means – an SMS, say – and reading them before they are encrypted.
Finally, the company that installs E2E encryption on its products can install a backdoor or an exception that allows the company to surmount the encryption and access the messages. Such a thing may be required by law, such as companies being expected to retain and, in the event of litigation, share that information with lawyers.
Illegal use also abounds, of course, such as that exposed in the Edward Snowden affair in 2013. The whistleblower revealed, for example, that Skype had installed a backdoor on its application that allowed it to access and make copies of the contents of messages to share with the U.S. National Security Agency even though the messages were E2E-encrypted.
If the goal is to surveil a user, an actor can do so if they can access the messages’ metadata, i.e. data about the messages, such as when they were sent, to which user, how often at different times, from which location, etc., instead of the messages themselves.