End-to-End Encryption Explained

How conversations are encrypted and decrypted.

Increasingly hackers, thieves, corporations, and other agencies are snooping on our private lives. What was once thought to be private can increasingly fall into the hands of the wrong people.

How Uses Encryption

When you start app for the first time it creates 2 keys for you, a private key and public key, this is known as public or asymmetric cryptography.

Private key: Your private key is just that, private. It never leaves your phone; it is not shared with anyone including us. Your private key is used to decrypt messages and location data sent to you. Contained within your private key is 2 or more prime numbers (more on this later).

Public key: Your public key is created then stored on our server. It is available to any phone using Chat that requests it. Anything encrypted with a public key can only be decrypted with the matching private key.

At the heart of today’s encryption are prime numbers. As a refresher, a prime number is a whole number, greater than 1, which is only divisible by itself and 1. Some examples are: 13, 17, 19, 47, 89.

In simple terms, the product (multiply) of two large prime numbers is used to create an extremely large number – n (~617 decimal digits). Without knowing the two factors used to create n, a computer must use brute-force to try every combination of numbers to find the 2 factors. Even with today’s computational power, this can take up to 40 years. If you know the two factors, it takes a trivial amount of computational power to ensure that they are correct. This is the core of how encryption works.

Good encryption software requires balancing strength with performance. We use 3072 bit RSA keys and 256 bit AES keys. This is the maximum that current mobile hardware can handle within our application and still feel fast.


Sending a message

When “A” wants to send a message using phone app,”B” phone requests “A” public key from the servers. “B” phone uses “A” public key and encrypts her message such that it can only be decrypted by “A” private key. Note, “B” does not have “A” private key, but using an encryption algorithm with the public key will generate a file that can only be opened by “A” private key.

That encrypted file is sent securely to servers using SSL and stored securely on our servers. Note that since the server does not have access to “A” private key, we have no way of decrypting it, and neither does anyone but “A”. The message is briefly stored in its encrypted format until it is sent on to “A” over SSL. Once the message arrives on “A” phone, it is decrypted using the private key stored on “A” device. The message is then deleted from our servers.

In short, end-to-end encryption is about keeping data secured upon its creation and only decrypting on the device that it is going to be consumed on. With the appropriate keys, encrypting and decrypting is virtually transparent to customers and data is only consumed by the intended recipients.


Share your thoughts

For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

If you agree to these terms, please click here.