What Does End-to-End Encryption Mean?
End-to-end encryption (E2EE) is an asymmetrical approach to encrypting and decrypting data at the device level. E2EE was originally developed to protect the content of email messages as they traveled across the internet.
The goal of E2EE is to protect data in transit as it moves from a source to a destination. Messages and files are encrypted before they leave the sender's device and are decrypted when they reach the recipient's device. Servers along the transmission route can see routing information, but not the message's contents.
Techopedia Explains End-to-End Encryption
E2EE converts plain text to ciphertext at the device level. In this data protection scheme, the plain text contents of an email message can only be viewed by the sender and the receiver. Servers along the transmission route can see routing information, but not the message's contents.
Advantages of E2EE
The advantages of end-to-end encryption include the following:
- E2EE discourages potential eavesdroppers and attackers from intercepting email messages and attached files.
- Because encryption occurs at the device level, senders have greater flexibility when deciding which data to encrypt.
- Because encryption keys are stored on endpoint devices, it significantly reduces the chance of key theft.
End-to-End Encryption vs. Confidential Computing
The problem is that E2EE was intended to support email privacy — but its use has been extended to software applications that typically need to decrypt data in order to process it. In the cloud, for example, data transfers are encrypted by the sender's device and then sent to a server that belongs to the service provider. The data is then decrypted for processing before being re-encrypted and sent on to its final destination. This leaves unencrypted data in use vulnerable to attack.
To protect data in use and make E2EE truly end-to-end, the Confidential Computing Consortium recommends a hardware-based approach to cybersecurity that allows data to stay encrypted while it is being processed in memory. This approach, which is called confidential computing, provides an additional layer of security for organizations that process sensitive or regulated data in the cloud and supports zero trust.
E2EE vs. Homomorphic Encryption
Confidential computing is considered by some industry pundits to be a hardware-based version of homomorphic encryption. While both approaches support computation on encrypted data, each has limitations. Homomorphic encryption is limited because it only supports specific arithmetic operations and confidential computing is limited because it only works with certain hardware.