Signal, the encrypted messaging app, has taken a proactive step towards quantum resistance by upgrading its Signal Protocol to incorporate Post-Quantum Extended Diffie-Hellman (PQXDH), moving away from Extended Triple Diffie-Hellman (X3DH).
At the same time, this quantum-resistant enhancement is aimed at safeguarding communications from potential threats posed by future quantum computers capable of breaking existing encryption standards. While mainstream quantum computing adoption remains uncertain, the risk of decrypting today’s data with quantum machines in the future is real. Signal’s PQXDH employs a hybrid approach, combining X25519 with CRYSTALS-Kyber, akin to Google’s strategy, ensuring robust security.
Furthermore, this development follows Google’s recent addition of support for quantum-resistant encryption algorithms in its Chrome web browser and the introduction of quantum-resilient FIDO2 security keys as part of its OpenSK security keys initiative. The Signal Protocol, known for providing end-to-end encryption (E2EE) for private text and voice communications, is utilized by various messaging apps like WhatsApp and Google’s encrypted RCS messages for Android.
Additionally, while quantum computers are not expected to become mainstream anytime soon, existing encryption systems are susceptible to a potential threat referred to as “Harvest Now, Decrypt Later (HNDL),” where data encrypted today could be decrypted in the future using quantum computing.
Signal’s PQXDH aims to address this issue by combining X25519 with CRYSTALS-Kyber, enhancing security. The new protocol is already supported in the latest client applications, and Signal plans to require PQXDH for all new chats after a sufficient update period.