What are End to End Encryption and Problems with it?
Suppose you are sending a message to your friend and want the message to be encrypted. You tell him that you will send him some numbers and these numbers will be the index numbers of English alphabets. He will have to match the numbers against the index numbers and decrypt the hidden message. Suppose you want to write come home.
What is Encryption?
What is an end to end encryption? also known as E2EE. This question might come to your mind when you hear about encryption. To understand the topic of end to end encryption, you should be clear about the idea of encryption. In simple language, I will give you an example that all of you will relate to. Remember the time when we were in college and whenever the dean caught you breaking some college rules, the dean used to say, let’s have a cup of tea in my office.
We all knew that he or she is not inviting you for the tea but he is asking you to come to discuss the rule that you have broken. We all know about it because most of us have been in that situation 😂.
This was the Encryption in the verbal language now let’s see how to write something that is encrypted. Let’s take the English Language Alphabets.
Suppose you are sending a message to your friend and want the message to be encrypted. You tell him that you will send him some numbers and these numbers will be the index numbers of English alphabets. He will have to match the numbers against the index numbers and decrypt the hidden message. Suppose you want to write come home. You will write –
Encrypted Message – 3,15,13,5. 8,15,13,5
Real Message – Come Home
In this case, the encryption key is that you need to match the number against the index number to decrypt the message. This is the simple way of encryption that you and your friend have decided to use. You can make this process more and more complicated that will become very time consuming to decrypt.
Let’s make this Encryption more complicated. You tell your friend that every number that he will receive has 2 added with it. First, he will have to subtract 2 from the number, and then whatever the answer comes will be the index number of the alphabet.
Real Message – Come Home
Encrypted Message – 5,17,15,7. 10,17,15,7
Now only you and your friend know the encryption key. The key is that you first need to subtract the 2 from the given number and then match it against the index numbers.
The number of encryption layers you keep on adding will make the encryption more and more complicated. It will become so complicated that you will need computing power to solve it.
Encryption in Modern Computing World
In the modern computing world where computing power is increasing exponentially. The hackers are using this computing power to decrypt our messages and break our encryption. That is why hardworking computer scientists have worked and designed algorithms to do the encryptions. Some of the algorithms are as follows.
- Triple Data Encryption Standard
- Blowfish Encryption Algorithm
- Advanced Encryption Standard
- MD5 Encryption Algorithm
- RSA Security
- IDEA Encryption Algorithm
- Twofish Encryption Algorithm
- HMAC Encryption Algorithm
These algorithms ask us for some keys which is a long string. The algorithm uses this long key and encrypts the message. Now the point is, whoever has this encryption key and knows the process of the algorithm will be able to decrypt the message.
These algorithms are not only used by the programmers but also the hackers. So now the only safety is the key that was used to make the encryption.
I hope, at this point, you have understood what Encryption is. Now, let’s move to the next level.
Now we need to understand the process of transferring a message from one device to another device.
How Two Devices Communicate
Look at the diagram below that I have created for you guys.
Whenever we have two devices and we want them to communicate, there are two ways of communication.
- The devices should be nearby.
- They need a server and technology to communicate with the server.
If you are going to be using the first way, you will need to keep the devices in the vicinity and use Bluetooth or similar technologies to communicate.
In a second way, you will need a server that will work as a mediator, because the other device is not nearby. The server should connect both of these devices together. In order to connect to the server, you need some other technology like GSM or Wi-Fi (Internet) to connect to the server.
Whenever your phone is first time connects to the server, it generates a key and shares it with the server, in the above diagram example, the User1 key is “abc” and the User2 key is “xyz”. The device will use the keys to encrypt and decrypt the messages that User1 and User2 will send to their friends using the server. Just like you, all other users that are connected to the server, will generate their own keys and share them with the server.
Let’s say User1 sends a message “I Love you Jane” to User2. How will this process work? I will write it in the steps so that you can understand it easily.
- I love you Jane, the system will encrypt the message using abc key. The message becomes encrypted and unreadable.
- The encrypted message travels through the internet to the server.
- The server has abc key of User1, It was shared by User1. It uses abc key and decrypts the message.
- Once the server reads the message, it encrypts the same message again but this time it uses the Encryption key of User2 which is xyz. The server has the key of User2 because it was shared by User2 when it was first connected to the server.
- Again the encrypted message travels through the internet to the User2 device. The User2 device uses its own xyz key and decrypts the message.
I hope you have understood this process, the message travels through the internet in encrypted form and hackers do not get to intercept the messages.
The Problem with Above Communication Process
The process with the above communication process is that it creates a single point of failure. I know that your message was traveling through the internet in an encrypted form, but what if someone hacks the server that is making this communication possible. After hacking the server the hacker will dump your data over the internet.
The server has the keys of billions of users, and if a hacker hacks into this server, the entire security environment collapses. I know you would be wondering, What is the solution to this problem? The solution to this problem is an end to end encryption.
What is End to End Encryption?
Because the server in this process is a weak point and a single point of failure, we need to shift the responsibility of encryption and decryption to the devices themselves. In end to end encryption, we design our devices or application to generate two types of keys. Pubic key and Private key. As soon as the device connects to the server, it generates a public key and sends it to the server.
Once the User1 has shared the public key with the server, and the User1 starts communication with User2. Both User1 and User2 first use the Diffie-Hellman Key Exchange process again and share their private keys without letting the middle server know about the private key. In the above example that key is pqr.
Now every time when User1 wants to send a message to User2, it encrypts the message two times. It first encrypts the message using the public key (already shared with the server). The system Encrypts the message again by the private key. The server received the message, decrypt it by using the public key, and then encrypt the message by using the User2 public key. The server will not be able to break the second encryption because it does not have the private key.
Problems with the End to End Encryption
The End to End encryption has been criticized by the governments largely because it does not let the governments know what the public is talking about. It gives privacy to the general public but it also increased the chances of criminal activities. One of the biggest headaches of governments is terrorism activities. The terrorists are using End to End Encryption as a firewall. The End to End Encryption hides their illegal talk from the governments.
The government wants to read these messages so that they can gain control over illegal activities. The governments want access to private keys so that they can read through all the messages. Once the governments find the private key, the entire process of End to End Encryption will fail. The governments save these keys on their servers, and then the government’s server will be the chicken neck.
Whether the private key should be shared with the governments or not is the topic of a big debate. Let us know in the comment section, what do you think about it?
See you next time. Stay Safe Stay Healthy, Take Care!