Researchers publish post-quantum upgrade to the Signal protocol
PQShield published a white paper that lays out the quantum threat to secure end-to-end messaging and explains how post-quantum cryptography (PQC) can be added to the Signal secure messaging protocol to protect it from quantum attacks.
The company is offering to license its end-to-end encrypted messaging IP to the Signal Foundation pro bono – if/when they plan to upgrade their system – to support the non-profit behind the free encrypted messaging app, Signal, in its mission to make secure communication accessible to everyone.
Popularity of secure messaging apps
The widespread adoption of smartphones in the last decade has brought with it a meteoric rise in the use of secure messaging apps. Over 2 billion people used WhatsApp in January 2022, and 40 million people used Signal. But however secure these messaging apps are today, large-scale quantum computers will soon have the processing power to break the end-to-end encryption they rely on to keep messages private.
The issue is compounded by the prospect of a “harvest now, decrypt later” attack. Threat actors could already be gathering and storing encrypted messages today, with a view to decrypting them at a later date, with potentially devastating consequences.
Adding post-quantum cryptography to the Signal protocol
Thomas Prest, Lead Cryptography Researcher at PQShield said: “The Signal protocol is widely regarded as the gold standard for secure instant messaging. However, the cryptographic problem underlying its security is known to be easily solvable by quantum computers, and any adversary harvesting current communications would easily be able to decrypt exchanged messages in the future. That’s why we are publishing our full analysis, research and solutions for how to protect secure instant messaging from the quantum threat. The stakes are just too high not to do so.”
Adding post-quantum cryptography to the Signal protocol – considered the gold standard for establishing secure messaging between two parties – would not be without technical challenges. There is a pressing need to build quantum-secure solutions that mimic the functionality and security guarantee of the Signal protocol’s existing key components.
“Secure messaging has become almost a fundamental right for much of the global population. It’s how many businesses communicate, how whistleblowers share truth with journalists, and how family and friends connect across borders. As one of the most common forms of end-to-end encryption, secure messaging is particularly vulnerable to the quantum threat,” said Ali Kaafarani, CEO at PQShield.
“The PQShield team has worked hard to set out the security and performance challenges for secure messaging in such a way that all the leading messaging apps could become quantum-secure in a reasonable timeframe. We’re proud to offer this advisory for free, so private communication can remain accessible to all,” Kaafarani concluded.