View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Hardware
  2. Quantum
September 22, 2023

Signal adds quantum-resistant encryption to its protocol

The update is available in the latest release of the Signal client and will be a requirement for all chats in the future.

By Ryan Morrison

Messaging app Signal has added post-quantum cryptography to its underlying encryption protocol. The Signal Protocol is a set of specifications providing end-to-end encryption that is used in messaging apps like Signal, WhatsApp, and Google’s messages. The new updates will protect voice and text messages from attack by future quantum computers. It isn’t clear whether other applications will also be able to upgrade to the post-quantum version of the protocol.

Post-quantum cryptography protects data from attack by a future quantum computer (Photo: Postmodern Studio / Shutterstock)
Post-quantum cryptography protects data from attack by a future quantum computer. (Photo by Postmodern Studio/Shutterstock)

There is a global drive to replace current cryptographic standards and underlying encryption mechanisms with those resistant to quantum computers in the future. This is coming to the fore after recent standards were approved by the US standards body NIST. The US government has also ordered any service or application to switch to post-quantum cryptography by 2035 if it is to be used by publicly funded organisations.

British post-quantum cryptography company PQShield published an upgrade to the Signal Protocol earlier this month and provided it to the Signal Foundation for free as part of a wider mission to make secure communication accessible to everyone. The new update announced for the Signal Protocol and the messaging app upgrades the Extended Triple Diffie-Hellman specification to the Quantum Extended Diffie-Hellman. It incorporates the latest NIST standards and adds a layer of threat protection. 

Signal is taking a hybrid approach to post-quantum cryptography, combining the elliptic curve key agreement protocol with the Kyber-1024 standard. “We then combine these two shared secrets together so that any attacker must break both X25519 and CRYSTALS-Kyber to compute the same shared secret,” explained Signal’s Ehren Kret.

It is already supported as of the latest version of the Signal client and there are plans to require post-quantum for all new chats once everyone has updated to the latest client. This is because for the new encryption to work both ends of a chat have to support and understand the post-quantum key.

Combatting harvest now, decrypt later

The threat of harvest now, decrypt later attacks is also pushing companies to adopt more resilient cryptography standards. Most experts put the time a quantum computer can crack RSA and other current encryption mechanisms at about 2030. While this might seem some way off, data encrypted today could still be valuable to hackers by 2030.

Google has already introduced post-quantum encryption into Chrome’s transport layer and protocols are being adopted for protocols such as the Signal Protocol and for VPNs. The NIST standards also provide enterprises with cover for making the changeover.

Content from our partners
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business
When it comes to AI, remember not every problem is a nail

“This news demonstrates the impact that the years-long NIST standardisation project is already having to cement global post-quantum cryptography standards and signal to industry that the focus should now be on transitioning to quantum cryptography and staying one step ahead of the attackers,” said Dr Ali El Kaafarani, founder and CEO of PQShield. 

“Google Chrome and Signal have already started to make the leap, and it’s only a matter of time before other SaaS products and services throughout the global technology supply chain look to modernise their security systems as well,” El Kaafarani said.

Adding that the Signal protocol is widely considered the most secure messaging protocol available, but the threat from quantum computers makes the implementation of new post-quantum cryptography essential. 

Denis Mandich, a former US intelligence official and the CTO and co-founder of Qrypt said the Signal update was a big step in the industry to prepare for the quantum era. “However, it’s not enough to ensure durable privacy in the quantum era because it does not solve the ‘harvest now, decrypt later’ problem. That requires a transition to a new cryptographic architecture eliminating the legacy of encryption key exchange entirely.”

Read more: NIST publishes post-quantum cryptography standards

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.