End-to-end encryption (E2EE) is a system of communication where only the communicating parties can read the messages. When implemented properly, E2EE prevents potential eavesdroppers – including telecom providers, Internet providers, and even the provider of the communication service – from being able to access and decrypt the messages exchanged or the cryptographic keys needed to decrypt the messages.
End-to-end encryption is intended to prevent data being read or secretly modified, other than by the true sender and recipient(s). The messages are encrypted by the sender and any third party that may have access to the messages can access them only in their encrypted form. Only the recipient can decrypt the encrypted message.
In places where encryption is implemented, but not end-to-end – i.e. email – messages between parties are typically encrypted while ‘in-transit’ but ultimately pass through trusted intermediaries that can access the plaintext messages.
E2EE’s safety is highly dependent on its implementation, in particular its key exchange protocol. Other security problems on both ends of the communications channel can also undermine confidentiality and integrity.
WhatsApp end-to-end encryption ensures only people communicating with one another can read what’s sent, and nobody in between, not even WhatsApp, can eavesdrop.
End-to-end encryption ensures that data is transferred securely between endpoints. If sufficiently large encryption keys are used, then it is practically impossible to break. Attacks on E2EE focus on subverting the key exchange process to try to fool one party into exchanging keys with the attacker and not the legitimate other party. E2EE may also be subverted by compromising the endpoint of one or both parties and reading the confidential communications after it has been decrypted.