End-to-end encryption simply explained
How cool is that ? And that ’ s not tied the best part ! Which is : however brawny Charlie is, he can not decrypt their messages, not even in a million years. Charlie could even be the king of the populace : it doesn ’ deoxythymidine monophosphate matter. As a wise man once said, “ the universe believes in encoding. ”
Yeah, that sounds identical nice and cool but … how does it work ? Let ’ s have a look.
What is end-to-end encryption (E2EE)?
throughout encoding is a well-known method used in networking to guarantee private communications between two parties. It converts a message from plaintext to ciphertext, preventing potential eavesdroppers from decrypting the message. The cool thing is, the two parties do n’t have to previously agree on the encoding samara – meaning that throughout encoding ( E2EE ) allows two strangers to communicate in total privacy. In early words, E2EE is an execution of asymmetric cryptography. 
End-to-end encryption explained: Symmetric cryptography
Cryptography, precisely to make sure we ‘re on the lapp page, is the art of secret communication. It protects your WhatsApp messages, the hypertext transfer protocol at the cornerstone of the global wide web, even your bank account. basically, it ‘s everywhere. But actually, it ’ second nothing new. today, privacy is frequently held in low regard, but in the past it was an artwork. The like room you don ’ metric ton want anyone to read your messages, so did generals and kings of the good ol ‘ days.
The first and most celebrated example of encoding is the Caesar cypher. Named after Julius Caesar, this encoding protocol was used by the Divus Iulius to encode messages of military meaning. It is very simple – so much so that you probably used it yourself in elementary school to send notes to your friends during class. At least, I did. 
The Caesar cypher is a substitution cypher. The two parties agree on a certain encoding samara, which is nothing more than a protocol defining how to substitute letters in your message with some early letters of the alphabet. For example, let ’ s say you want to send this message : “ BARBARIANS WILL ATTACK IN THREE DAYS. ” One way of using this method acting to encrypt this message would be to substitute each letter of the message with the very next letter down the rudiment. You see what I barely did ? I just spelled out the protocol to decrypt and encrypt the message – in early words, the key. The message would appear like this.
CBSCBSJBOT XJMM BUUBDK JO UISFF EBZT
Sounds cool, right ? The problem with this method is that you must first send a non-encrypted message where you contribution the encoding cardinal in plaintext. Ok, you could meet in person, but that would hush expose you and your co-conspirator to the attention of anyone keeping tabs on you. And if your recipient lives very army for the liberation of rwanda away, this is straight out impossible.
What you just read is called symmetric encryption. Why symmetrical ? Because the lapp key is used to encrypt and decrypt the message. Mind you : symmetrical cardinal is not synonymous with bad. In fact, it ‘s even used nowadays – well, not the Caesar code, of course.
Asymmetric cryptography
Asymmetric cryptography, on the other hand, employs two keys – one to encrypt the message and the other to decrypt it. How is that possible ? The magic ingredient is one-way functions. ( Yeah, we ‘re diving into numerical waters, I know, but trust me : it ‘s simple. And besides cool. ) A one-way function is a routine that is easy to run but hard to invert. You did n’t understand a thing, right ? Let me explain. Imagine a number – pronounce, 2133. What are the smallest prime numbers that multiplied together will give you 2133 as a solution ? It ’ second hard, veracious ? The solution is – I looked it up – 3 x 3 x 3 x 79 – or, put it another manner, 27 adam 79. This is what is called “ factorization. ” The cool thing about factorization, or factorization, is that if I merely give you 27 and 79, verifying that their product is 2133 is a no-brainer. You good take your calculator, and voila ! It ’ sulfur fair the inverse that is hard. ( hard meaning it can ’ t be solved in polynomial time, but we do n’t need to go that deeply into mathematics. suffice to say that animal impel is your merely option. )
so, back to the topic. Asymmetric cryptanalysis, besides called public-key cryptography, works through a copulate of keys – a secret key that you must keep to yourself and a populace key that you can distribute in the open. In short, both the transmitter and the recipient have their own specify of private and public keys. Each of them can use the other party ’ s public identify to encrypt a message that can only be decrypted via the other party ’ south private key.
To a certain extent, you can equate your public key to your address and your private winder to your password. now, the super cool thing is, since private and public keys are generated via one-way functions, it is literally impossible to break the encoding. Well, not precisely – it just takes longer than the age of the universe.
Get it ? This, my ally, is throughout encoding.
End-to-end encryption is not synonymous with privacy
so, you learned what end-to-end encoding is. Want to send private messages ? No problem. Just find an blink of an eye message or electronic mail serve supplier that supports E2EE. Right ? Wrong. End-to-end encryption does not equate to privacy. Why ? Remember what I told you.
The transmitter ’ sulfur and recipient role ’ s public and secret keys are, please forgive me, key to ensure that no one can decrypt the message. The issue is, where are they stored ? That ’ s the solid point. If the service supplier tells you that, no worries, your messages are throughout code and we are holding your keys, that, my supporter, is how you get screwed. In fact, you should assume that your dainty and kind service provider uses the key you just gave him ( i.e. server-side encoding ) and can access your messages left and right.
Wait a minute… didn ’ thyroxine I tell you what is server-side encoding ? Related reading: Cloud storage privacy & security: 7 things to consider
Server-side encryption vs client-side encryption
Both server-side encoding and client-side encoding are processes of encrypting information between a transmitter and a recipient role. The deviation between the two is who generates and holds the individual keys. In the shell of server-side encoding, the waiter generates and holds the private keys. In the casing of client-side encoding, the node generates and holds the secret keys.
As you might assume, the dispute is enormous. In case of server-side encoding you are trusting the waiter with your keys the lapp way you can give your neighbor the key to your door while you are on vacation. theoretically, the neighbor could break into your house, but since you trust them, you assume they don ’ t. Client-side encoding, on the other hand, means that you hold your keystone and no one else.
Of run, this implies that if you lose your key for any reason, you won ’ deoxythymidine monophosphate be able to get back into your house. Why ? Because cracking an encoding key is not a easy as lockpicking. As I told you above, brute-forcing a one manner routine is not in truth an choice.
E2EE vs in-transit encryption
Does this mean I lied to you when I gave you the definition of end-to-end encoding ? Yes and no. That ’ s the problem with these definitions – they evolve. truth be told, they are marketing weapons to make you feel safe. many companies claim to employ throughout encoding, while they actually store your individual keys. They employ what is now called encryption in transit or transport encryption. Which means : they encrypt your messages while in theodolite, but they hold your individual keys. Translated : your messages are still inaccessible by unauthorized recipients, but who gets to decide who is authorized and who isn ’ deoxythymidine monophosphate ? You and, depending on the situation, your service supplier. If law enforcement knocks on their door, you can bet they ’ re going to authorize them.
Does that mean you shouldn ’ metric ton believe WhatsApp with your private stuff ? No. Unlike Telegram, WhatsApp uses throughout encoding – basically, in-transit encoding + client-side encoding. What is the difference ? Simply that WhatsApp can ’ t show your messages to the patrol even if they wanted to. In other words, WhatsApp, unlike Telegram, protects your privacy.
E2EE vs at-rest encryption
As you can see, throughout encoding explained in layman ‘s terms is a while of coat to understand. But odds are you ‘ve heard about at-rest encoding. What is it ? At-rest encoding is encoding on data that is not in transit. Your hard drive, for exercise. Let ’ s say you are a special agent guarding some X-Files kind of secret and hostile forces are looking for you. If they catched you, they ’ five hundred uncover the conspiracy, and you don ’ triiodothyronine want that. How do you make surely that, whatever happens, your confidential dies with you ? Easy. At-rest encoding.
At-rest encoding is precisely what you think it is. basically, you encrypt your arduous drive with some encoding protocol so that no one without the encoding key can pry into your stuff. Easy peasy.
Advantages of true end-to-end encryption
At this point of the article you might wonder : what are the advantages of genuine E2EE ? What are the pros ? There you go :
- Privacy: only you and the other party are able to read your messages.
- Security: traditional cloud storage service providers hold their users’ keys. This makes them a target for hackers, increasing the cyber-security risk.
- Democracy: when end-to-end encryption is not enforced, the result is the militarization of cyberspace and surveillance capitalism.
TL;DR
end-to-end encoding explained in a single sentence is a procedure to encode a message so that lone the transmitter and the telephone receiver can decrypt the message, and no one else. In other words, the concept of throughout is akin to zero-knowledge encoding, with the difference that while zero-knowledge applies to cloud storage, E2EE applies to networking.
now that you know what end-to-end encoding is, do you want to give it a try ? then, you are in the right place.
Cubbit is a peer-to-peer, end-to-end encrypted cloud storage platform. Rather than storing the exploiter ‘s files in a proprietary server grow, Cubbit leverages a network of Cubbit Cells, which are servers in the users ‘ hands. Files you store in Cubbit are not inside your Cell – they ’ re encrypted with AES-256 and split into chunks, which are then copied in multiple shards via error-correcting codes to ensure redundancy. then, each shard is distributed over the network, one shard per Cubbit Cell. Should one shard go offline, Cubbit makes new ones mechanically – all without ever getting access to your files.
This is made possible by Cubbit ’ s zero-knowledge cryptanalytic architecture. indeed, the platform is built upon the concept of privacy by design. In dim-witted terms, this means that no one without your consent could ever look into your files, not even Cubbit.
If you are curious, holy order a Cubbit Cell and try Cubbit for 30 days. It ’ sulfur wholly risk-free. What if you discover it ’ s not for you ? No problem ! You ’ ll be able to return your Cell for spare and we ’ ll offspring a full refund, no questions asked.