Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Search

Signal towards the Future: Post Quantum Cryptography now protects our messages

Tara Lie : 25 September 2023 14:06

Translator: Tara Lie

Signal has announced that it has improved encryption within its messenger application.

Its end-to-end communication protocol now uses quantum-resistant cryptographic keys, making it resistant to future attacks by quantum computers.

Prova Gratuitamente Business Log! L'Adaptive SOC italiano

Proteggi la tua azienda e ottimizza il tuo lavoro grazie al SOC di Business Log, il software leader per audit, log management e cybersicurezza realizzato in Italia. Business Log garantisce:

  • Conformità a NIS2, GDPR e ISO 27001
  • Analisi avanzata e prevenzione del dossieraggio
  • Semplice da installare, potente da usare

  • Scarica ora la versione di prova gratuita per 30 giorni e scopri come Business Log può rivoluzionare la tua gestione dei log e la sicurezza IT!

    Promo Corso CTI

    Quantum computers – that at the moment do not have concrete applications, as we saw in the interview with Prof. Morello from the ARC Center of Excellence for Quantum Computation in the University of New South Wales in Australia and from Prof. Severini, director of quantum technologies at Amazon Web Services (AWS) – have the potential to be much more powerful and efficient than current systems, allowing them to perform calculations that would take years for a modern supercomputer.

    As these computers slowly begin to become a reality, one of the threats this emerging technology poses is weakening current cryptographic schemes – allowing protected data to be quickly decrypted at a future time, and gaining access to confidential information.

    Nevertheless, the collection of encrypted data with the aim of decrypting it once such computers become a reality, is beginning to be spoken about. This can be remediated – or at least mitigated – by implementing encryption algorithms that are resistant to quantum computers, as suggested previously by the National Institute of Standards and Technology (NIST).

    In terms of messaging apps such as Signal that utilise end-to-end encryption to protect communication, the adoption of such approaches – and therefore the use of quantum-safe algorithms – becomes an increasingly important step to implement as each day passes. 

    Signal explains that its X3DH (Extended Triple Diffie-Hellman) protocol has been upgraded to PQXDH (Post-Quantum Extended Diffie-Hellman), which incorporates quantum-resistant key generation mechanisms for Signal’s end-to-end encryption specification protocol (E2EE).

    “We believe that the key encapsulation mechanism we have selected, CRYSTALS-Kyber, is built on solid foundations, but to be safe we do not want to simply replace our existing elliptic curve cryptography foundations with a post-quantum public key cryptosystem” explains Signal, and adds: “Instead, we are augmenting our existing cryptosystems such that an attacker must break both systems in order to compute the keys protecting people’s communications.

    PQXDH uses both the elliptic curve protocol X3DH and a post-quantum key encapsulation mechanism called CRYSTALS-Kyber.

    CRYSTALS-Kyber is one quantum-resistant algorithm among those approved by NIST, suitable for quick operations that require encryption key exchange. Signal points out that the transition to PQXDH is just the first step towards reaching quantum-resistant E2EE (end-to-end encryption). 

    Tara Lie
    Cyber Security analyst from Perth, Western Australia, focused on governance, risk quantification and compliance. Graduate of cyber security and pure mathematics, with a second-major in Italian Studies. Tara has earned a Master's degree in Cyber Security, and has a great passion for quantum-preparedness.