Signal is preparing for a quantum computing world, unveiling a new protocol designed to be resistant to quantum computers.
Quantum computing is a revolutionary advance in computing, one that threatens to obsolete existing encryption and security standards. Signal, one of the most secure messaging platforms, is already working on a new protocol designed for the quantum era.
The company announced the development in a blog post:
Today we are happy to announce the first step in advancing quantum resistance for the Signal Protocol: an upgrade to the X3DH specification which we are calling PQXDH. With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current encryption standards.
Signal goes on to highlight the new measures:
To address this problem, new post-quantum cryptosystems have been created to implement new one-way functions that cannot be advantageously reversed by a quantum computer. Thanks to innovation from cryptographic researchers and the NIST Standardization Process for Post-Quantum Cryptography we now have stable options that have been created and vetted by a large community of experts.
The company is not relying exclusively on the new protocol, but using a combination of both:
We believe that the key encapsulation mechanism we have selected, CRYSTALS-Kyber, is built on solid foundations, but to be safe we do not want to simply replace our existing elliptic curve cryptography foundations with a post-quantum public key cryptosystem. Instead, we are augmenting our existing cryptosystems such that an attacker must break both systems in order to compute the keys protecting people’s communications.
The essence of our protocol upgrade from X3DH to PQXDH is to compute a shared secret, data known only to the parties involved in a private communication session, using both the elliptic curve key agreement protocol X25519 and the post-quantum key encapsulation mechanism CRYSTALS-Kyber. We then combine these two shared secrets together so that any attacker must break both X25519 and CRYSTALS-Kyber to compute the same shared secret.
The new protocol is already implemented in the latest version of Signal.