What does end-to-end encryption mean?
End-to-end encryption (E2EE) refers to encrypting data before it is sent and decrypting it only after it is received. This provides the highest level of security for the data during transmission.
Example of end-to-end encryption
These days any app or piece of software that handles any kind of sensitive data almost certainly uses E2EE. This includes social media platforms. The software allows users to send end-to-end encrypted messages. Likewise, free email providers support email encryption.
Any business that takes card payments uses E2EE. This is typically incorporated into the payment hardware and software they use. Merchants themselves simply have to follow the usage instructions correctly. Likewise, companies involved in payment processing (e.g. merchant acquirers) also use E2EE, as does any company handling personal data.
In fact, increasing numbers of companies are starting to use E2EE as standard on most files. Even enterprise-grade encryption software has now reached the point where this is cost-effective. This is partly due to the affordability of encryption tools and also due to the severity of penalties for data breaches.
Importantly, there are now cloud-based encryption solutions that are both effective and easy to use. This means that even SMEs with little to no technical knowledge can benefit from encrypted email and files.
Learn more about how Square handles your security.
How end-to-end encryption works
There are various ways to encrypt data. At present, the two main ones are the AES-256 protocol and the TLS 1.2 RSA protocol. AES is usually considered to be the better option for protecting data when it’s at rest. Currently, it’s believed to be virtually impossible to breach through brute-force attacks.
RSA is usually considered the better option for data in transit, which means it’s generally used for end-to-end encryption. With RSA, the message-sender retrieves a public encryption key (generally known as a public key). This can be used to encrypt communications sent to a specific recipient.
The message recipient decrypts it using a secret encryption key (usually known as a private key). If they want to reply to the sender, they encrypt their response using the sender’s public key. The original sender then decrypts the response with their private key. This process can continue for as long as necessary.
Public keys are generally held in server-side storage, which allows them to be made accessible to anyone. Private keys may be held either in secure (i.e. private) cloud storage or locally. Using cloud storage is increasingly becoming the preferred option. Firstly, it allows the private key to be accessed from anywhere. Secondly, it’s less vulnerable to hardware failures.
The development of end-to-end encryption
The concept of end-to-end encryption has existed for literally thousands of years. It’s known to have been used by the Spartans in about 500 BC. In the modern world, E2EE is now linked with cybersecurity.
Cybersecurity has been a concern since the very beginning of modern IT in the 1970s, when only government agencies regularly used file encryption. The process was just too expensive and complicated even for enterprises. In 1991, Phil Zimmerman released PGP (Pretty Good Privacy). This is now widely regarded as the starting point of modern encryption software.
Even today, PGP is considered to deliver pretty good privacy and is still used in some industry sectors (e.g. journalism). The main drawback of PGP is that it is hugely complicated to learn and administer. This is why it has largely been replaced by more user-friendly encryption software that even SMEs can manage.
Modern encryption software can now deliver levels of security that could only be dreamed of in the early days of computing. It is continually being developed; for example, the RSA protocol is expected to be updated by 2030 to ensure it stays ahead of hackers. Even so, it’s predicted that eventually the current encryption protocols will be replaced by quantum computing.