this post was submitted on 19 Sep 2023
33 points (88.4% liked)

The Signal messenger and protocol.

1647 readers
1 users here now

https://signal.org/

founded 4 years ago
MODERATORS
max@lemmy.ml
33
Quantum Resistance and the Signal Protocol (signal.org)
submitted 1 year ago* (last edited 1 year ago) by LollerCorleone@kbin.social to c/signal@lemmy.ml
10 comments fedilink hide all child comments
 

'Today we are happy to announce the first step in advancing quantum resistance for the Signal Protocol: an upgrade to the X3DH specification which we are calling PQXDH. With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current encryption standards.'

you are viewing a single comment's thread
view the rest of the comments
[–] boo@lemmy.one 5 points 1 year ago (1 children)

The essence of our protocol upgrade from X3DH to PQXDH is to compute a shared secret, data known only to the parties involved in a private communication session, using both the elliptic curve key agreement protocol X25519 and the post-quantum key encapsulation mechanism CRYSTALS-Kyber. We then combine these two shared secrets together so that any attacker must break both X25519 and CRYSTALS-Kyber to compute the same shared secret.

Not an expert, but what i read here is that they will be using 2 locks. e.g. one traditional key based lock and another fingerprint based lock, and when you need to open the door, you need to open both the locks.

[–] SturgiesYrFase@lemmy.ml 3 points 1 year ago (1 children)

But does that actually give decent protection against quantum decryption?
I don't actually expect you to answer that question, it's pretty pertinent though.

[–] KLISHDFSDF@lemmy.ml 6 points 1 year ago (1 children)

From https://signal.org/docs/specifications/pqxdh/#passive-quantum-adversaries

PQXDH is designed to prevent “harvest now, decrypt later” attacks by adversaries with access to a quantum computer capable of computing discrete logarithms in curve.

Also:

PQXDH is not designed to provide protection against active quantum attackers.

Basically this makes it pointless to collect any data now with the intent to decrypt it in the future - e.g. the NSA collecting all your encrypted messages to decrypt them all in 5-10 years once they have a capable quantum computer.

It does not protect against an active quantum attacker - of which there are currently none, so work in the field is likely expected to continue.

[–] SturgiesYrFase@lemmy.ml 1 points 1 year ago (1 children)

OK, cool, thanks for the disambiguation. So kinda actual protection, but at the same time lip service. I'll take that.

[–] LollerCorleone@kbin.social 2 points 1 year ago* (last edited 1 year ago)

Also remember that this is only a layer of added protection. Work on this will continue. But this is more than what any other player in this market space currently offers.