TLS and similar security solutions prevent anyone from intercepting the message when it's moving from client to server. While these measures may prevent outsiders from accessing the data, the server can still read it. This is where encryption comes in. If data from A has been encrypted with a cryptographic key belonging to B, the server is unable to read or access it.
Without E2EE methods, the server can store the information in a database alongside millions of others. As large-scale data breaches have proven time and time again, this can have disastrous implications for end-users.
How does end-to-end encryption work?
End-to-end encryption ensures that nobody – not even the server that connects you with others – can access your communications. The communications in question could be anything from plain text and emails to files and video calls.
Data is encrypted in applications like Whatsapp, Signal, or Google Duo (supposedly) so that only senders and intended recipients can decrypt them. In end-to-end encryption schemes, you might kick that process off with something called a key exchange.
What's a Diffie-Hellman key exchange?
The idea of the Diffie-Hellman key exchange was conceived by cryptographers Whitfield Diffie, Martin Hellman, and Ralph Merkle. It's a powerful technique that allows parties to generate a shared secret in a potentially hostile environment.
In other words, the creation of the key can occur on insecure forums (even with onlookers watching) without compromising the ensuing messages. In the Information Age, this is particularly valuable as parties don't need to physically swap keys to communicate.
The exchange itself involves big numbers and cryptographic magic. We won't get into the finer details. Instead, we'll use the popular analogy of paint colors. Suppose that Alice and Bob are in separate hotel rooms at opposite ends of a hallway, and they want to share a particular color of paint. They don't want anyone else to find out what it is.