End-to-End Encryption for the Rest of Us

2026-03-08

Frequently, companies brag about having "end-to-end encryption". Although, I've come to realize that people don't know what these technical terms mean. I hope to explain it in an easy way to understand. My intention with this post is primarily for novices to get a sufficient, and practical undertanding of end-to-end encryption (e2ee) and its implications.

My secondary purpose for writing this post is to serve as a foundational building block for another post in the future about Messaging Layer Security. Keep in mind that Messaging Layer Security is much more technical and complex. Messaging Layer Security is meant to be a solution for group chats rather than private one-on-one messaging.

e2ee

Take the following problem:

Person A wants to send a message to Person B through WhatsApp. Take note that Person A can't send it directly to Person B. Instead, the message has to go through WhatsApp's servers before they reach Person B. A server is just a group of computers that handle requests from the public (including your phone). The server provides a centralized middleman because WhatsApp's servers are reliable, always on, and therefore can hold the messages from Person A until Person B comes back online. Compare this to your phone, which isn't always connected to the internet, and may shut down before Person B is online to recieve the message. Another reason for WhatsApp to store these messages so that they still exist if you need them on a different device.

e2ee solves the following problem:

how can Person A send a message so that only Person B can read it?

Despite the messages being stored on WhatsApp's servers, ideally WhatsApp should not be able to read them. Additionally, anyone spying on the internet traffic between Person A and WhatsApp's servers, or the servers and Person B, should not be able to read it.

The simple answer to the question is this:

obfuscation

Obfuscation means to make something unintelligible. End to end encryption makes the message unintelligible during transit. Person A's phone encrypts, or obfuscates the message before sending it to WhatsApp's servers. WhatsApp passes the encrypted message to Person B's phone. Person B's phone is now able to decrypt it so that Person B can read the unobfuscated plaintext. Please note that the encrypted messages are also still just data, and usually text. For example, "Hello", can change to some unintelligible text such as "Zb0OYF6ni^#SRvPb".

The way encryption works is via keys. Typically, both Person A and Person B will have a pair of keys. One key is considered the private key, and should never be shared. The second key is considered the public key, and should be shared. Public keys are used to encrypt data to be sent to a specific user. For example, Person A may encrypt a message using Person B's public key. However, through ~~math~~ magic, only Person B can decrypt the encrypted message using their private key. Remember, only private keys are used for decryption. That is why private keys should not be shared.

the end

Now, we've gone over the basics of end-to-end encryption. If it seemed scary before, hopefully, it doesn't seem scary now. e2ee has many benefits. For starters, it prevents data from being stolen, or even leaked by accident by companies. It also prevents data from being stolen by attackers, by obfuscating it.

However, there are still drawbacks to e2ee that must be considered. The encryption keys are usually derived from your password, or your device credentials. If either of those are lost without being changed, data can become unrecoverable unless a company creates some less secure way to retrieve the data.

It is important that we keep in mind that encryption is an expensive process in terms of compute. It has to take a long time to compute, since the security of encryption is largely dependent on encryption taking a relatively long time. Otherwise, a machine could guess keys by trying a bunch of randomly generated keys in quick succession.

(When I say a long time, I mean a long time for computers. Remember, computers are super efficient at math. The time it takes to encrypt a message is pretty much instant in the eyes of a human being.)

This long compute time makes it infeasible to use basic e2ee messages on group chats. On July 19, 2023, the Internet Engineering Task Force (IETF) standard published the Messaging Layer Security (MLS) protocol. The MLS protocol is one way that e2ee can be achieved efficiently in group chat communication.