We all must have heard about Whatsapp’s End to End encryption feature but what does it do? To answer that first we must first understand what End-to-end Encryption means.  Here it means that the data you send from your device gets turned a bunch of random numbers and hashes using a key and then gets sent to the receiver and vice versa. In layman’s terms, end-to-end encryption means to simply convert your messages into unreadable data and send it to the receiver. So the next question would be how does the receiver interpret the random data? Remember the key which was used to turn the data into random numbers; the same key can be also used to decrypt the sent data. But there’s a catch, how would the key be transferred without letting the third person (hacker) obtaining it? We will be looking at a method of securely exchanging keys over internet known as the Diffie–Hellman–Merkle key exchange.

Now you want to exchange the key without letting the third person knowing it, how would you do it? Let us understand with this example. Let X be you, Y be your friend and Z be the hacker. Now Z is listening to all the information that gets transferred between you (X) and your friend (Y). First X generates a common key such as the number 14 and sends it to Y. Z was also able to see the number 14. Then X generates a random number such as the number 4 and keeps it to themselves. Y does same and their number happens to be 7. We will call these numbers as private keys and these numbers will not be sent.  X and Y both multiply the common key with their private keys i.e X’s final number will be 14*4=56 and Y’s final number be 14*4=98. Here’s when it gets interesting; X and Y both exchange their final numbers with each other and then X gets left with 98 and Y gets left with 56. So now X multiplies the newly received number with their private key and Y does the same too. Both of them (X and Y) end up with the same number 392. That number will be the key used to encrypt/decrypt the information. The hacker (Z) only has 14, 56 and 98 with them since these were the only numbers which were transferred between X(You) and Y(Your friend). How did you and your friend end up with the same number even though that number was never sent? Here’s quick recap of what happened;

1. A common key gets generated and gets shared. (Attacker sees it).
2. You and your friend multiplied their private keys with the common key (Attacker cannot see it since no information gets shared or transferred).
3. Those two new numbers were exchanged between you two (Attacker sees it).
4. You were left with 98 and they were left with 56.
5. You multiplied number you were left with the private key and your friend did the same.(Attacker cannot see it since no information gets shared or transferred).
6. 98*4 (14*7*4) and 56*7 (14*4*7) always results in 392. (Remember that the numbers got exchanged)
7. Explanation: (A=common key, B=your private key, C=your friend’s private key) A*B*C and A*C*B or even AB*C or AC*B always results in ABC.

Voila! You and your friend have successfully exchanged the keys securely.

Note that: This example is the basic idea of the Diffie–Hellman–Merkle key exchange. The actual key transfer is much more complex but follows the same principal. You can read more about it on Diffie–Hellman–Merkle key exchange -Wikipedia

Image source 