End-to-End Encryption (E2EE)
What is End-to-End Encryption (E2EE)?
End-to-End Encryption (E2EE)An encryption model in which only the communicating endpoints hold the keys, so intermediate servers and network operators cannot read the plaintext.
End-to-End Encryption (E2EE) means that data is encrypted on the sender's device and decrypted only on the recipient's device, with no intermediary — including the service provider — possessing the keys. Modern E2EE typically combines an asymmetric key-agreement step (X3DH, ECDH on Curve25519) with an authenticated symmetric ratchet (AES-GCM or ChaCha20-Poly1305) and forward secrecy, as standardized for messaging in the Signal Protocol and IETF MLS (RFC 9420). Signal, WhatsApp, iMessage, Threema, Wire, Matrix/Element, ProtonMail and Apple's Advanced Data Protection for iCloud all rely on E2EE. The model resists server compromise and lawful-but-targeted access requests but introduces hard problems around device verification, key transparency, group membership, and backup recovery.
● Examples
- 01
Signal protecting one-to-one and group chats with the Double Ratchet algorithm.
- 02
Apple's Advanced Data Protection extending E2EE to iCloud Backup, Photos, and Notes.
● Frequently asked questions
What is End-to-End Encryption (E2EE)?
An encryption model in which only the communicating endpoints hold the keys, so intermediate servers and network operators cannot read the plaintext. It belongs to the Identity & Access category of cybersecurity.
What does End-to-End Encryption (E2EE) mean?
An encryption model in which only the communicating endpoints hold the keys, so intermediate servers and network operators cannot read the plaintext.
How does End-to-End Encryption (E2EE) work?
End-to-End Encryption (E2EE) means that data is encrypted on the sender's device and decrypted only on the recipient's device, with no intermediary — including the service provider — possessing the keys. Modern E2EE typically combines an asymmetric key-agreement step (X3DH, ECDH on Curve25519) with an authenticated symmetric ratchet (AES-GCM or ChaCha20-Poly1305) and forward secrecy, as standardized for messaging in the Signal Protocol and IETF MLS (RFC 9420). Signal, WhatsApp, iMessage, Threema, Wire, Matrix/Element, ProtonMail and Apple's Advanced Data Protection for iCloud all rely on E2EE. The model resists server compromise and lawful-but-targeted access requests but introduces hard problems around device verification, key transparency, group membership, and backup recovery.
How do you defend against End-to-End Encryption (E2EE)?
Defences for End-to-End Encryption (E2EE) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for End-to-End Encryption (E2EE)?
Common alternative names include: E2EE, End-to-end crypto.
● Related terms
- identity-access№ 1042
Signal Protocol
The end-to-end-encryption protocol developed by Open Whisper Systems for the Signal messenger, combining the X3DH key agreement with the Double Ratchet algorithm.
- identity-access№ 986
Secure Messaging App
A communications app whose default mode applies end-to-end encryption, identity verification, and forward secrecy so that only the participants can read the messages.
- cryptography№ 379
Encryption
The cryptographic transformation of plaintext into ciphertext using an algorithm and key so that only authorized parties can recover the original data.
- cryptography№ 249
Cryptography
The science of securing information through mathematical techniques that provide confidentiality, integrity, authenticity, and non-repudiation in the presence of adversaries.
- network-security№ 1159
TLS (Transport Layer Security)
The IETF-standardized cryptographic protocol that provides confidentiality, integrity, and authentication for traffic between two networked applications.
- cryptography№ 067
Asymmetric Encryption
A cryptographic scheme that uses mathematically linked key pairs — a public key for encryption and a private key for decryption — to enable secure communication without prior secret sharing.
● See also
- № 654Mass Surveillance