End to End encryption (E2E)

Context (TH): While encryption is a robust safeguard, it is not entirely immune to vulnerabilities.

What is encryption?

Encryption is a process of converting information or data into a code (cipher) to prevent unauthorized access by making it unreadable to those without the proper decryption key.
An algorithm + key is used to encrypt/decrypt a message.
Algorithms: are a set of instructions or rules for changing regular information into a secret code (encryption) and turning it back to regular form (decryption).
Key: It is a string of characters used within an encryption algorithm for altering data so that it appears random.
- Public key infrastructure (PKI) governs encryption keys through the issuance and management of digital certificates.

For example, the Data Encryption Standard (DES), plus some settings, encrypts the words “ice cream” to AdNgzrrtxcpeUzzAdN7dwA== with the key “kite”.
If the key is, say, “motorcycle” instead, the encrypted text becomes 8nR+8aZxL89fAwru/+VyXw==.

Encryption strength depends on the length of the encryption security key. However, the larger the key, the more computing time is needed to encrypt and decrypt data.

Symmetric Encryption	Asymmetric Encryption
Single key (shared between sender and receiver)	Two keys, (public key for encryption, private key for decryption)
Generally faster due to simpler algorithms	Slower due to more complex algorithms and larger key sizes
Often used for bulk data encryption, like file encryption	Commonly used for secure communication, digital signatures, and key exchange.
Example: Data Encryption Standard (DES)	Examples: (Elliptic Curve Cryptography)

Data Encryption Standard (DES): Symmetric encryption, obsolete in today’s technology ecosystem.
Triple DES: Evolution form of DES. This method increased the key size.
Advanced Encryption Standard: Most used encryption method today. It is much stronger than DES and triple DES.
Twofish: The fastest symmetric encryption method and it is free to use.
Rivest-Shamir-Adleman (RAS): Asymmetric encryption. RSA keys can be very large.
Elliptic Curve Cryptography (ECC): Advanced form of asymmetric encryption.

For example, the messaging app WhatsApp uses the Curve25519 algorithm to create public keys for messages. Curve25519 uses the principles of elliptic-curve cryptography (ECC).

Confidentiality: keeps the contents of the data secret
Integrity: verifies the origin of the message or data
Authentication: validates that the content of the message or data has not been altered.
Nonrepudiation: prevents the sender of the data or message from denying they were the origin.

Encryption at Rest: Here encryption is applied to the stored data. Encryption may be implemented at the source, where data is generated and stored at the origin.
Encryption in Transit: Encrypting the data when it is transferred between two nodes of the network. The data may be stored in an unencrypted form at the source and destination storage systems.
End-to-End Encryption(E2E): Encryption at rest + Encryption in transit. This scheme is used to prevent an actor from being able to read the contents of the message by intercepting the relay.
- Messaging apps with E2E encryption promise that even their parent companies won’t be able to read messages sent and received by its users.

A malicious actor can obtain the encryption key either of yours or your friends via MITM attack.

Man-in-the-middle (MITM) attack: when a hacker positions himself in a conversation between a user and an application either to eavesdrop or to impersonate one of the parties.
- MITM attacks can be prevented by using and comparing fingerprints.
- Each fingerprint is some data that uniquely identifies a key.
- Users can compare the fingerprints of their public keys in a separate channel (that is different from the one susceptible to an MITM attack) to make sure an attacker doesn’t intercept a message.

Some potent malware can also ‘snoop’ on your messages by infiltrating your device via other means, an SMS, and reading them before they are encrypted.
The company that installs E2E encryption on its products can install a backdoor or an exception that allows the company to surmount the encryption and access the messages.

In 2013, Edward Snowden, a whistle-blower, exposed that Skype had a secret way (backdoor) to access and copy messages, even if they were E2E-encrypted.
- This information was shared with the U.S. National Security Agency.

Surveillance of a user can be done by accessing the messages’ metadata (Data about the messages, such as when they were sent, to which user, how often at different times, from which location, etc.).
Quantum computing has the potential to break existing encryption since can process a lot of data way faster than regular computers.