Signal Messenger is claimed to be one of the most secure messaging apps available. The Signal team proved its commitment to superior security by adopting post-quantum cryptography (PQC) in their algorithm.
The Signal Protocol is a set of cryptographic specifications that provides end-to-end encryption for private communications exchanged daily by billions of people around the world. The team announced on their blog that they are upgrading the X3DH specification to PQXDH, a first step in advancing quantum resistance in the Signal protocol.
The announcement marks the arrival of PQC in consumer apps. PQC is no longer a concept limited to B2B transactions.
Although quantum computers already exist, the systems known to exist today do not yet have enough qubits to pose a threat to the public-key cryptography that Signal currently uses. However, if sufficiently powerful quantum computers were built in the future, they could be used to compute a private key from a public key thereby breaking encrypted messages.
To address this problem, new post-quantum cryptosystems have been created to implement new one-way functions that cannot be advantageously reversed by a quantum computer. These systems use the NIST-approved standardisation process for post-quantum cryptography.
The key encapsulation mechanism that Signal has selected, CRYSTALS-Kyber, is built on solid foundations. But the team clarifies that to be safe they do not want to simply replace their existing elliptic curve cryptography foundations with a post-quantum public key cryptosystem. Instead, they are augmenting their existing cryptosystems such that an attacker must break both systems in order to compute the keys protecting people’s communications.
The essence of the protocol upgrade from X3DH to PQXDH is to compute a shared secret, data known only to the parties involved in a private communication session, using both the elliptic curve key agreement protocol X25519 and the post-quantum key encapsulation mechanism CRYSTALS-Kyber. These two shared secrets are then combined so that any attacker must break both X25519 and CRYSTALS-Kyber to compute the same shared secret.
The new protocol is already supported in the latest versions of Signal’s client applications and is in use for chats initiated after both sides of the chat are using the latest Signal software.
In the coming months (after sufficient time has passed for everyone using Signal to update), the team will disable X3DH for new chats and require PQXDH for all new chats.
The rapid penetration of PQC in consumer-facing applications is an encouraging sign. Google also announced Chrome’s support for PQC. These ripples in the quantum era will certainly evade the wave of Harvest Now Decrypt Later (HNDL).