End-to-end encryption (E2EE) is a model in which a message is encrypted on the sender’s device and can only be decrypted on the recipient’s device. The servers that route the message in between, including the service provider’s own infrastructure, never hold the keys needed to read it. This is the property that distinguishes E2EE from ordinary transport encryption, where the provider can still see the plaintext.
The Signal protocol is the most widely cited modern design for E2EE messaging, and its specifications are published openly. They include X3DH (Extended Triple Diffie-Hellman) for establishing a shared secret with mutual authentication, and the Double Ratchet algorithm, which continuously derives new keys so that earlier keys cannot be recovered from later ones.
These designs provide strong guarantees beyond simple confidentiality. Forward secrecy means that compromising a current key does not expose past messages, and post-compromise security helps a conversation recover after a key is exposed. Signal’s published specifications also describe deniability and, in newer documents, post-quantum variants such as PQXDH.
The same protocol underpins consumer messaging at scale: it is used by Signal itself and has been adopted by services including WhatsApp, while platforms such as iMessage offer their own end-to-end designs. Because E2EE keeps even the provider from reading messages, it sits at the center of the ongoing public debate between personal privacy and lawful access for investigators.