In PGP, Mr Zimmermann solved this by using public-key cryptography, which uses a pair of private and public keys to handle encryption. The public key is freely published and distributed online, and verified by other trusted parties. A PGP-protected document would contain an encryption key unique to the document that scrambled the file’s contents. That document key is itself enciphered using recipient’s public key. Only an intended party with the corresponding private key could extract the document’s secret and decrypt it.
That may be straightforward for expert cryptographers, but not for the vast majority of internet users. So ZRTP takes a different tack. It relies on the fact that it is difficult to impersonate a voice. After a voice call is initiated with Silent Circle’s VoIP software, the two users are both presented with the same short number. At any point in the call, they can read this number to the other person to ensure it matches. If it doesn’t, an eavesdropper might be listening in.
Mr Zimmermann notes that by “dragging a couple of human brains into the protocol”, Silent Circle makes it impossible for an interloper to predict when the people in a conversation will perform the verification step or how they will perform it, and so pre-arrange a convincing impersonation. (Video chats in Silent Circle will show a blank screen until the short code is verified, and the text messaging app shows the code and suggests making a brief phone call to verify it.)„