PQShield publishes post-quantum upgrade to the Signal Protocol and offers it pro bono to the Signal Foundation
Quantum computers pose a fundamental threat to the end-to-end encryption used in secure messaging apps. A new white paper from PQShield lays out the security issues, and explains how post-quantum cryptography can protect secure messaging protocols.
Post-quantum cryptography company PQShield has today published a white paper addressing Secure Messaging in a Post-Quantum World. In the white paper, PQShield lays out the quantum threat to secure end-to-end messaging and explains how post-quantum cryptography (PQC) can be added to the Signal secure messaging protocol to protect it from quantum attacks.
PQShield is offering to license its end-to-end encrypted messaging IP to the Signal Foundation pro bono - if/when they plan to upgrade their system - to support the non-profit behind the free encrypted messaging app, Signal, in its mission to make secure communication accessible to everyone.
The widespread adoption of smartphones in the last decade has brought with it a meteoric rise in the use of secure messaging apps. Over 2 billion people used WhatsApp in January 2022, and 40 million people used Signal. But however secure these messaging apps are today, large-scale quantum computers will soon have the processing power to break the end-to-end encryption they rely on to keep messages private.
The issue is compounded by the prospect of a “harvest now, decrypt later” attack. Threat actors could already be gathering and storing encrypted messages today, with a view to decrypting them at a later date, with potentially devastating consequences.
Adding post-quantum cryptography to the Signal protocol - considered the gold standard for establishing secure messaging between two parties - would not be without technical challenges. In the new white paper, PQShield explains the need to build quantum-secure solutions that mimic the functionality and security guarantee of the Signal protocol’s existing key components.
The white paper outlines how post-quantum cryptography can be applied to secure messaging in a two-party setting, which typically takes place between mobile devices, and therefore comes with specific performance and data requirements. PQShield then explains how this could be scaled to group messaging, which comes with its own unique data and bandwidth challenges.
Ali El Kaafarani, PQShield’s founder and CEO, says: “Secure messaging has become almost a fundamental right for much of the global population. It’s how many businesses communicate, how whistle-blowers share truth with journalists, and how family and friends connect across borders.
“As one of the most common forms of end-to-end encryption, secure messaging is particularly vulnerable to the quantum threat. The PQShield team has worked hard to set out the security and performance challenges for secure messaging in such a way that all the leading messaging apps could become quantum-secure in a reasonable timeframe. We’re proud to offer this advisory for free, so private communication can remain accessible to all.”
Thomas Prest, who co-authored the white paper, is lead cryptography researcher at PQShield and co-led the development of FALCON, one of NIST’s new draft standards for post-quantum cryptography. He says: “The Signal protocol is widely regarded as the gold standard for secure instant messaging. However, the cryptographic problem underlying its security is known to be easily solvable by quantum computers, and any adversary harvesting current communications would easily be able to decrypt exchanged messages in the future. That's why we are publishing our full analysis, research and solutions for how to protect secure instant messaging from the quantum threat. The stakes are just too high not to do so.”