10 End-to-End Encryption


This chapter covers:

  • The importance of end-to-end encryption for companies and users.
  • The different attempts at solving email encryption.
  • How end-to-end encryption is changing the landscape of messaging.

Chapter 9 explained transport security via protocols like TLS and Wireguard. At the same time, I spent quite some time explaining where trust was rooted on the web: hundreds of certificate authorities trusted by your browser and operating system. While not perfect, this system has worked so far for the web, which is a complex network of participants who know nothing of each other.

This problem of finding ways to trust others (and their public keys), and making it scale, is at the center of real-world cryptography. A famous cryptographer was once heard saying "symmetric crypto is solved" to describe a field of research that had overstayed its welcome. And for the most part the statement was true. We seldom have issues encrypting communications, and we have strong confidence in the current encryption algorithms we use. Most engineering challenges when it comes to encryption are not about the algorithms themselves anymore, but about who Alice and Bob are, and how to prove it.

Cryptography does not provide one solution to trust, but many different ones that are more or less practical depending on the context. In this chapter, I will survey some of the different techniques that people and applications have used to create trust between users.

10.1  Why end-to-end encryption?

10.2  A root of trust nowhere to be found

10.3  The failure of encrypted email

10.3.1  PGP or GPG? And how does it work?

10.3.2  Scaling trust between users with the web of trust

10.3.3  Key discovery is a real issue

10.3.4  If not PGP, then what?

10.4  Secure messaging, a modern look at end-to-end encryption with Signal

10.4.1  Trust but verify

10.4.2  X3DH, the Signal protocol’s handshake

10.4.3  Double ratchet: Signal’s post-handshake protocol

10.5  The state of end-to-end encryption

10.6  Summary