PQShield has published a technical book that teaches quantum threat to ensure end-to-end messaging and explains how post-quantum cryptography (PQC) can be added to Signal’s secure messaging protocol to protect it from quantum attacks.
The company offers a license to its end-to-end encrypted IP for messaging Signal Foundation pro bono – if/when they plan to upgrade their system – to support the non-profit organization behind the free encrypted messaging app Signal, in its mission to make secure communication accessible to everyone.
The popularity of secure messaging apps
The widespread adoption of smartphones over the past decade has brought with it a rapid increase in the use of secure messaging apps. As of January 2022, WhatsApp was used by more than 2 billion people, while Signal was used by 40 million people. But as secure as these messaging apps are today, large-scale quantum computers will soon have the processing power to break the end-to-end encryption they rely on to keep messages private.
The problem is compounded by the prospect of a “harvest now, decrypt later” attack. Threat actors today can collect and store encrypted messages with the goal of decrypting them later, with potentially devastating consequences.
Adding post-quantum cryptography to the Signal protocol
Thomas Purst, lead cryptography researcher at PQShield, said: “The Signal protocol is widely regarded as the gold standard for secure instant messaging. However, the cryptographic problem underlying its security is known to be easily solvable by quantum computers, and any adversary collecting current communications will easily be able to decipher future communications. That’s why we’re publishing our full analysis, research and solutions on how to protect secure instant messaging from the quantum threat. The stakes are too high not to.”
Adding post-quantum cryptography to the Signal protocol, which is considered the gold standard for establishing secure messaging between two parties, will not be without technical challenges. There is an urgent need to create quantum-secure solutions that mimic the functionality and security assurance of existing key components of the Signal protocol.
“Secure messaging has become almost a fundamental right for much of the world’s population. It’s how many companies communicate, how whistleblowers share the truth with journalists, and how families and friends connect across borders. As one of the most common forms of end-to-end encryption, secure messaging is particularly vulnerable to the quantum threat,” he said. Ali KaafaraniCEO of PQShield.
“The PQShield team has worked diligently to identify the security and performance challenges of secure messaging in a way that allows all leading messaging applications to become quantum secure within a reasonable timeframe. We are proud to offer this consultation free of charge, so private communication can remain accessible to all,” Kaafarani concluded.