End-to-End Encryption

Why Trust Techopedia

What Does End-to-End Encryption Mean?

End-to-end encryption (E2EE) is an asymmetrical approach to encrypting and decrypting data at the device level. E2EE was originally developed to protect the content of email messages as they traveled across the internet.


The goal of E2EE is to protect data in transit as it moves from a source to a destination. Messages and files are encrypted before they leave the sender's device and are decrypted when they reach the recipient's device. Servers along the transmission route can see routing information, but not the message's contents.

Techopedia Explains End-to-End Encryption

E2EE converts plain text to ciphertext at the device level. In this data protection scheme, the plain text contents of an email message can only be viewed by the sender and the receiver. Servers along the transmission route can see routing information, but not the message's contents.

Advantages of E2EE

The advantages of end-to-end encryption include the following:

  • E2EE discourages potential eavesdroppers and attackers from intercepting email messages and attached files.
  • Because encryption occurs at the device level, senders have greater flexibility when deciding which data to encrypt.
  • Because encryption keys are stored on endpoint devices, it significantly reduces the chance of key theft.

End-to-End Encryption vs. Confidential Computing

Increasingly, the term end-to-end encryption has been called a misnomer because it only applies to data in transit and potentially data at rest.

The problem is that E2EE was intended to support email privacy — but its use has been extended to software applications that typically need to decrypt data in order to process it. In the cloud, for example, data transfers are encrypted by the sender's device and then sent to a server that belongs to the service provider. The data is then decrypted for processing before being re-encrypted and sent on to its final destination. This leaves unencrypted data in use vulnerable to attack.

To protect data in use and make E2EE truly end-to-end, the Confidential Computing Consortium recommends a hardware-based approach to cybersecurity that allows data to stay encrypted while it is being processed in memory. This approach, which is called confidential computing, provides an additional layer of security for organizations that process sensitive or regulated data in the cloud and supports zero trust.

E2EE vs. Homomorphic Encryption

Confidential computing is considered by some industry pundits to be a hardware-based version of homomorphic encryption. While both approaches support computation on encrypted data, each has limitations. Homomorphic encryption is limited because it only supports specific arithmetic operations and confidential computing is limited because it only works with certain hardware.


Related Terms

Margaret Rouse
Technology Expert
Margaret Rouse
Technology Expert

Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.