Published :
Updated :
In an age where information is considered wealth, protecting it has become paramount. Encryption, a process of converting information into an unconsumable form based on specific rules, has emerged as a powerful tool in this digital era.
One of its most robust forms, End-to-End (E2E) encryption, has revolutionised how various entities handle sensitive data.
From human rights organisations to law enforcement agencies and technology companies, the adoption of E2E encryption has reshaped their approach to accessing and utilising individuals' information for protection, prosecution, or profit.
At its core, encryption employs keys, data that unlocks or decrypts encrypted information. The Data Encryption Standard (DES) is a classic example of symmetric encryption, where the same key is used for encryption and decryption.
In contrast, asymmetric encryption involves separate keys for encryption and decryption. This method, exemplified by the Curve25519 algorithm used by WhatsApp, offers enhanced security with shorter keys, relying on elliptic-curve cryptography principles.
The encryption process encompasses hash functions responsible for encrypting a message. These functions ensure that the encrypted version of a message (digest) doesn't reveal the original content, produces a fixed-length digest irrespective of the message length, and generates unique digests for distinct messages.
The DES algorithm's hash function, involving S-boxes and block cyphers, illustrates the intricate processes encryption employs to obfuscate messages effectively.
E2E encryption comes into play during information transmission, particularly in messaging apps. It ensures that messages remain encrypted both in transit and at rest, only decrypted upon reaching the intended recipient.
This method enhances privacy and security, building trust among users regarding the confidentiality of their communications.
However, the effectiveness of E2E encryption is not absolute. The possibility of a man-in-the-middle (MITM) attack, where an attacker intercepts and decrypts messages, poses a threat. To counter this, users can employ fingerprint verification to confirm the authenticity of encryption keys, thwarting potential attackers.
Moreover, complacency among users is another concern. While E2E encryption secures messages during transmission, an attacker can exploit device vulnerabilities to gain unauthorised access to sensitive data. Malware attacks through channels like SMS can compromise the integrity of encrypted messages.
Legal and illegal factors also impact E2E encryption. Companies may be required by law to install backdoors, allowing access to encrypted information.
The Snowden affair exposed instances where companies cooperated with intelligence agencies, installing backdoors to provide unauthorised access to encrypted messages.
Additionally, the surveillance of users becomes possible by accessing metadata and providing details about message frequency, timing, and locations without revealing the content. Balancing the need for privacy with the legal requirements and the potential for misuse remains a complex challenge.
Its evolution from symmetric to asymmetric encryption showcases the ongoing efforts to enhance security and privacy. However, the digital security landscape is dynamic, requiring continuous adaptation to address emerging threats.