The very term ‘end-to-end encryption’ should, and indeed often does, inspire confidence. Commonly used by messaging apps, email providers, cloud storage services, and file-sharing platforms, E2EE conveys an image of Fort Knox-like security when it comes to our private correspondence, which is why we often hear about efforts by frustrated law enforcement agencies to access criminals’ devices (two years ago the FBI said it was “deeply concerned with the threat end-to-end and user-only-access encryption pose.”)
Naturally any confidential technology can be censured for its supposed usefulness to bad actors. The truth is, data privacy safeguards protect all of us from encroaching surveillance and fraud. In any case, although it is sometimes hailed as a revolutionary tool for secure communication, the reality of E2EE often falls short of its promise – leaving users vulnerable to data leaks.
But a better solution is already emerging.
So, what’s wrong with end-to-end encryption exactly? While it is an impressive innovation when properly implemented, the term is frequently misused: the current framework is not, in fact, truly end-to-end.
Many companies purporting to offer E2EE are actually routing information through third-party services that decrypt and then re-encrypt data, creating potential points of failure in the middle.
End-to-end encryption, of course, is based on the premise that only communicating users should be able to read the contents of their messages. Clearly this is not strictly true when the data has to be decrypted and then re-encrypted along the way, introducing the risk of third-party access, security breaches, and improper handling of cryptographic keys.
It is natural to wonder why this approach is taken in the first place. The reality is that true E2EE is extremely challenging to implement – particularly for computationally-intensive apps that serve millions of users. As such, users must often take claims of ‘full encryption’ on faith alone.
The tech industry itself seems divided on the efficacy of E2EE. Telegram founder Pavel Durov has questioned the privacy of Signal messages, while Signal President Meredith Whittaker has countered that Telegram “is notoriously insecure and routinely cooperates with governments behind the scenes while talking a big game about speech and privacy.”
Needless to say, such public spats only serve to erode user trust in E2EE.
E2EE isn’t the only show in town in the realm of data security. Enter fully homomorphic encryption (FHE), a superior form of zero-trust encryption that delivers the level of security E2EE aspires to provide. That’s because FHE enables ‘blind data processing’, bypassing the decrypt phase and allowing computation to be performed directly on encrypted data. In effect, ensuring information is protected throughout the entire process.
With FHE, service providers can operate on encrypted data without ever viewing its contents. For instance, an email provider can comb through an encrypted database and generate results without ever actually viewing the data or having to decrypt it. This is what is meant by zero-trust: sensitive information is not exposed to third parties at any stage.
One company seeking to bring FHE to the masses is Fhenix, the first FHE Layer 2 Rollup. Founded in 2023 to address Ethereum’s lack of encryption, the Layer-2 network is powered by fhEVM, its variation of the Ethereum Virtual Machine, which lets Solidity developers deploy encrypted smart contracts without additional cryptographic expertise.
These web3 devs can opt to build and deploy their apps directly on Fhenix or alternatively use its coprocessors (companion processors that offload encrypted computation tasks from other chains) to selectively encrypt their apps.
With its public testnet having been released in May and mainnet launch slated for early next year, Fhenix is shaping up as a pioneer in blockchain-based FHE implementation. Who knows, it might gradually overtake E2EE as the industry standard for data encryption.
For all its innovation and promise, it has become clear that the current implementation of E2EE is insufficient for true data security. FHE represents the next evolution in encryption, delivering a level of protection that aligns with the principles and promise of end’-to-end’.
By enabling computation on encrypted data, this form of cryptography eliminates the need for vulnerable intermediaries and ensures data remains protected at all times. Why trust a third party if you don’t have to?
As more platforms adopt FHE in the coming months and years, we can look forward to significant improvements in data security across a diverse range of domains, from healthcare and finance to messaging and file sharing. As for the authorities, it will be up to them to catch the bad guys without undermining law-abiding citizens’ fundamental right to privacy.
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
_____________
Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.