Zoom Rolls Out Post-Quantum End-to-End Encryption

Zoom has rolled out a major upgrade, improving end-to-end encryption (E2EE) to protect users in a post-quantum computing world....
Zoom Rolls Out Post-Quantum End-to-End Encryption
Written by Matt Milano
  • Zoom has rolled out a major upgrade, improving end-to-end encryption (E2EE) to protect users in a post-quantum computing world.

    Quantum computing is a revolutionary leap in computing power, with ramifications across industries. One of the biggest concerns is that quantum computing will make much of the existing security and encryption protocols obsolete, making it possible to crack modern encryption in a fraction of the time as traditional computers.

    Zoom is already taking steps to prepare for that future, rolling out post-quantum E2EE. The company announced the news in a post on its site.

    “Since we launched end-to-end encryption for Zoom Meetings in 2020 and Zoom Phone in 2022, we have seen customers increasingly use the feature, which demonstrates how important it is for us to offer our customers a secure platform that meets their unique needs,” said Michael Adams, chief information security officer at Zoom. “With the launch of post-quantum E2EE, we are doubling down on security and providing leading-edge features for users to help protect their data. At Zoom, we continuously adapt as the security threat landscape evolves, with the goal of keeping our users protected.”

    As Zoom points out, while quantum computing is not a threat yet, there is concern regarding the “harvest now, decrypt later” approach, in which traditional E2EE communications are collected and saved until quantum computing allows for their decryption.

    The company outlines how its post-quantum E2EE works:

    When users enable E2EE for their meetings, Zoom’s system is designed to provide only the participants with access to the encryption keys that are used to encrypt the meeting; this is the behavior for both post-quantum E2EE and standard E2EE. Because Zoom’s servers do not have the necessary decryption key, encrypted data relayed through Zoom’s servers is indecipherable. In addition, to defend against “harvest now, decrypt later” attacks, Zoom’s post-quantum E2E encryption uses Kyber 768, an algorithm being standardized by the National Institute of Standards and Technology (NIST) as the Module Lattice-based Key Encapsulation Mechanism, or ML-KEM, in FIPS 203.

    The feature must be enabled in the Zoom web portal, and requires users to join via the desktop app, mobile app, or Zoom Rooms.

    Get the WebProNews newsletter delivered to your inbox

    Get the free daily newsletter read by decision makers

    Advertise with Us

    Ready to get started?

    Get our media kit