Signal announced amendments to the Signal protocol in order to add support for quantum stability. The Extnded Triple Diffie-Shallman (X3DH) specification was improved to post-Quantum Extnded Diffie-Shellman (PQXDH).
Eren CRAT from Signal stated, “With this update, we introduce a level of protection that will safeguard users from the threat of future quantum computers, which could potentially violate current encryption standards.”
Google has previously taken a similar approach by adding support for quantum-resistant encryption algorithms to its Chrome web browser. They also announced the implementation of the quantum and resistant safety key FIDO2.
The signal protocol is a set of cryptographic specifications that provides end-to-end encryption for private text and voice messages. It is used by various messaging platforms such as WhatsApp and Google RCS encrypted posts for Android.
Existing cryptosystems are threatened by the concept of “Collect now, decipher later” or HNDL. This means that data encrypted today could be decrypted in the future using a quantum computer.
To counteract these threats, the National Institute of Standards and Technologies (NIST) chose crystals-kyber as a quality cryptography algorithm for a post-quantum transition. However, Signal has opted for a hybrid approach, similar to Google, for their PQXDH. This combines the X25519 protocol with Kyber-1024 to provide safety equivalent to AES-256.
CRET explained, “Our renewal of the protocol from X3DH to PQXDH involves calculating the shared secret using both X25519 and Crystals-Kyber, known only to participants in private communication.”
Signal has confirmed that the new protocol is already supported by the latest versions of their client applications. They plan to soon disable the outdated X3DH for new chats, making the use of PQXDH mandatory. This transition will occur once support for new encryption algorithms is deployed on all Signal devices.
The introduction of quantum-resistant encryption in Signal is a significant step towards enhancing the security of personal communications. While the threat of hacking existing encryption using quantum computers is currently hypothetical, companies should proactively prepare to protect user confidentiality in the long run.