"We were doing this way before the NSA revelations broke," says Andersen Cheng. "We took it to Silicon Valley but they weren’t interested. They were investing in all of the social networks at that point so they didn’t want to alert users to the fact these people could see everything you’re writing."
Cheng is the CEO of SRD Wireless. The London-based firm has just released the world’s first post-quantum messaging app, PQChat.
The app promises quantum computing-proof encryption that, unlike competitors such as Whatsapp and Snapchat, puts privacy and security first without mining users’ data.
"Our business model is not to mine our users’ data," says Cheng. "That’s not an area we want to address."
Instead, Cheng and his three-person team are aiming straight at the heart of the enterprise market.
"We’re not interested in what our users are talking about, not like our competitors. We don’t hold encryption keys so we can’t know anyway."
PQChat, which is currently free on iOS and coming imminently to Android, uses the firm’s very own Never-The-Same (NTS) encryption. NTS employs the McEliece cryptosystem, which is one of the strongest encryption systems to be developed yet.
The McEliece system has not yet been broken, even using techniques that are designed for the quantum computing era. However, that time has not come yet, so you may wonder why we need a messaging service that is post-quantum proof?
Current encryption tools are facing threats from the ongoing evolution of quantum computing, which will make breaking even the most difficult algorithms far simpler. Most of the existing encryption standards have already been broken in theory, with only the IT horsepower needed to actually run these processes preventing widespread attacks. Quantum computing provides all the horsepower such techniques need, meaning that these standards could be left wide open.
Cheng explains how all of the current cryptography experts are like the Formula 1 drivers of their world. They’re all working at top speed and are at the best of their game, which is fine for now. But as soon as quantum-computing advances enough to allow for the breaking of highly sophisticated algorithms, they will instantly become redundant, because, as Cheng’s analogy goes – someone will come along with a jet aircraft and the Formula 1 drivers will be left behind in the dust. PQChat is the app prepared for that event, says SRD Wireless.
Cheng then explains just how important their business strategy is to PQChat.
"The ongoing Snowden revelations have brought home just how easily accessible our personal information is to the NSA or other groups," he says. "Yet most people are still handing over information to data miners, spammers and criminals without understanding what they are doing.
"People need to take back control of their data: even the smallest amount of personal information can compromise your privacy and security. Modern communication tools simply aren’t built with this as a priority and so make compromises in order to allow communication. Our aim with PQChat is to place end-to-end security at the heart of the application."
To avoid attackers analysing patterns in user messages, PQChat randomises message appearances, regardless of content. This means that every time you encrypt the same message the output will be completely different.
Some of PQChat’s main features also include the fact that it stores only a one way encrypted value of the user’s phone number, which cannot be reconstructed, plus an encrypted user-supplied nickname and pseudo ID image; making the user’s identity impossible to determine.
Received and read notifications also play a large role in the app, with timestamps of events available. This makes both parties in communication accountable for actions as there is history of viewing. The app also allows for timed self-destruct messages, as well as remote deletion.
"Even if an application or service claims to be secure, the data it holds still represents a risk," continues Cheng.
"For example, if an application stores personal details then a security breach can put all users at risk. Apart from having zero knowledge of any message contents, SRD Wireless vows not to obtain, store or share any personal details or password information from PQChat users: it is our belief that ultimately your security should be in your hands, not ours. Since SRD’s business model is based around selling solutions to enterprises rather than data mining, there is no need for us to hold any of this information. Quite simply, if we cannot guarantee this trust between us and our users, then all of our claims about the security of PQChat itself are worthless."
PQChat is also customising applications for specific enterprise needs. For example, SRD Wireless are currently trialling the app in a handful of London hospitals.
"We found that some A+E wards were using unsecure instant messaging apps to communicate with members of staff when there is a crisis," says Cheng.
With PQChat, first of all, these messages would now be secure and confidential, and secondly, there will be a record of who saw what and when, he explained. PQChat can be scalable to the compliance that these industries demand.
PQChat is available immediately on the Apple app store with the Android version due to launch shortly.
