End-to-end encryption

from Wikipedia, the free encyclopedia

Under end-to-end encryption (English "end-to-end encryption", "E2EE") is the encryption of data transmitted over all transmission stations away. Only the communication partners (the respective endpoints of the communication) can decrypt the message.


Theoretically, end-to-end encryption prevents anyone else from intercepting the message, including telecommunications providers , Internet providers and even the providers of the communication services used. When using symmetrical encryption , the key to ensure end-to-end encryption may only be known to the end communication partners. When using asymmetric encryption, it must be ensured that the private key is only in the possession of the recipient.

The data to be transmitted is encrypted on the sender side and only decrypted again at the recipient. As a result, side-channel information, such as that used to control the transmission process, cannot be encrypted. On the other hand, intermediate stations where the transmitted content is available in clear text are eliminated.


Common technology for end-to-end encryption is, for example, OpenPGP and S / MIME for e-mail traffic, the signal protocol , OTR and OMEMO for chat traffic, and ZRTP / SRTP for audio / video chats and SIP telephony.

A counterpart is the point-to-point encryption , with which it can also be used nested in combination.


The minimum requirement of an encryption process is that no ciphertext can be decrypted without the secret key. However, this requirement is often too weak because it does not prevent an attacker from obtaining information about parts of the message from the cipher. The established security term ciphertext indistinguishability requires that the attacker must not be able to extract any information about the plain text from a cipher apart from the length of the plain text, which cannot be kept secret.

See also

Web links