Signal has announced an upgrade to its end-to-end encryption (E2EE) protocol to protect users of its popular messaging app from encryption-breaking attacks through quantum computers.
Getting ready for quantum computing
“Quantum computing represents a new type of computational system which leverages quantum mechanical properties to solve certain complex problems many orders of magnitude more quickly than modern classical computers. Instead of bits as in a classical computer, quantum computers operate on qubits,” explained Ehren Kret, CTO at Signal.
Quantum computers already exist, but they are still not powerful enough to be perceived as a threat for public-key cryptography. This does not mean they will not become a threat in the future, though.
“If a sufficiently powerful quantum computer were built in the future, it could be used to compute a private key from a public key thereby breaking encrypted messages. This kind of threat is known as Harvest Now, Decrypt Later (HNDL),” Kret noted.
It’s impossible to know when such powerful computers will be created, but many organizations and companies are getting ready for the post-quantum era.
NIST has, for example, recently started the process of standardizing encryption algorithms that can resist attacks by quantum computers.
Protecting Signal
To advance quantum resistance for the Signal Protocol, Signal upgraded its Extended Triple Diffie-Hellman (X3DH) key agreement protocol to the Post-Quantum Extended Diffie-Hellman (PQXDH).
“The essence of our protocol upgrade from X3DH to PQXDH is to compute a shared secret, data known only to the parties involved in a private communication session, using both the elliptic curve key agreement protocol X25519 and the post-quantum key encapsulation mechanism CRYSTALS-Kyber,” Kret explained.
“We then combine these two shared secrets together so that any attacker must break both X25519 and CRYSTALS-Kyber to compute the same shared secret.”
The new protocol is already available to Signal app users in the latest versions. Both chat participants must update to the latest Signal software to enable this feature.
Denis Mandich, CTO and Co-Founder of Qrypt and founding member of Quantum Economic Development Consortium (QED-C), told Help Net Security that Signal’s upgrade to quantum-safe encryption elevates them far above all secure messaging apps.
“However, it’s not enough to ensure durable privacy in the quantum era because it does not solve the ‘harvest now, decrypt later’ (HNDL) problem. That requires a transition to a new cryptographic architecture eliminating the legacy of encryption key exchange entirely,” he added.