Signal anticipates the emergence of quantum computers. Fearing that a powerful machine would be capable of breaking its encryption algorithm, the messaging service deployed an update to its protocol. This combines two mechanisms to resist a computer with great computing power. Explanations.
Quantum computing poses a serious threat to privacy and data security. Still at the experimental stage, this type of computer uses qubitsallowing much faster and more complex calculations, which differentiates them from classic machines, which rely on bits for the calculation.
Also read: Microsoft promises a quantum computer within 10 years, but can we believe it?
Quantum computer, encryption and privacy
Thanks to this immeasurable computing power, a quantum computer is theoretically capable of break an encryption algorithm in a record time. A security algorithm, which a typical PC would take decades to bypass, could be deciphered in minutes or even seconds.
This is why many computer security experts believe that the advent of the quantum computer will spell the end of online privacy, at least as we know it. During a conference organized in Brussels last April, Ramsès Gallego, director of technology at CyberRes, even estimated that “everything can be deciphered” as soon as quantum computing has reached a certain power threshold, approximately in 7 to 12 years. He therefore recommends “start thinking about the challenges posed by quantum computing”.
A first protection against the quantum computer
This is exactly what Signal, the secure messaging developed by Signal Foundation, a non-profit organization, fits into. This September 19, 2023, Signal announced an update to the cryptographic protocol Signal Protocol which secures the conversations of its users.
The open source encryption protocol, also operated by WhatsApp, now benefits from “layer of protection against the threat of a quantum computer”. According to the press release published by Signal, this is a ” first stage “ to protect against machines “strong enough to violate current encryption standards”. The protection must prevent a quantum machine from breaking the Signal algorithm to decipher all the messages exchanged by its users.
How does Signal Defense work?
Concretely, Signal will rely on a protocol called PQXDH (Post-Quantum Extended Diffie-Hellman). This protocol combines encryption key generation mechanisms designed to withstand quantum computing. It uses both the X25519 algorithm and a new post-quantum encryption mechanism (CRYSTALS-Kyber) to create a shared secret key.
To access communications, an attacker will therefore have to be able to bypass both systems, which multiplies the computing power necessary for the attack. These two mechanisms will work in synergy by mutually authenticating each other.
“Any attacker must break both X25519 and CRYSTALS-Kyber to calculate the same shared key”summarizes Signal, which specifies that PQXDH will quickly replace the current X3DH protocol.
The latest versions of the Signal application, on Android or iOS, already support PQXDH, notes the messaging service. For now, conversations are encrypted with this new protocol only if both participants updated the app on their smartphone. In the near future, as soon as all users have updated the app, all new chats will be protected with PQXDH. Conversations already open will also gradually move to the new encryption mechanism.
Signal repeatedly clarifies that this is only a first step in protecting yourself from quantum machines. Further updates and further research are needed to “face the threat of an attacker with a quantum computer”.