IBM Research Highlights Potential for Quantum Computers to Break Encryption

IBM Research is highlighting a potential vulnerability in widely used encryption methods as quantum computing rapidly advances from theory to engineering; this could impact secure messaging apps like Signal, which launched in 2014 and prioritizes user privacy. Current encryption easily withstands attacks from even the most powerful conventional supercomputers, but the unique capabilities of quantum computers, using qubits to explore vast computational possibilities, threaten to break the mathematical problems safeguarding online data. This potential disruption has prompted security researchers to develop “post-quantum” cryptography standards, with IBM Research scientists contributing to the first set published by the US National Institute of Standards and Technology in 2024. “Nobody wants to use more cryptography than they really need,” said Vadim Lyubashevsky, principal research scientist at IBM Research working on quantum-safe cryptography. His team now focuses on advanced solutions for complex systems like Signal’s group messaging.

Signal’s End-to-End Encryption & Emerging Quantum Threats

Signal has proactively fortified its end-to-end encryption against the threat of quantum computers, beginning defenses as early as 2023 and further strengthening them with the SPQR protocol in 2025. While current encryption methods are practically impenetrable to classical computers, the rapid advancement of quantum computing necessitates a preemptive overhaul of digital security infrastructure. Quantum computers leverage qubits, utilizing superposition and entanglement to achieve exponential speed increases in specific tasks, including the factorization of large numbers, a cornerstone of modern cryptography. However, implementing these standards isn’t straightforward, as some applications demand more advanced cryptography that may lack efficient quantum-safe versions. A collaboration between IBM researchers and Signal developers focused on securing group messaging metadata, information about who joins or leaves groups, revealed a significant challenge. Replacing existing components with quantum-safe alternatives threatened to increase Signal’s bandwidth usage by up to a hundredfold.

This prompted a redesign of the protocol, shifting the role of gatekeeper from Signal’s server to the group members themselves, with the server acting as a data store and access enforcer. Each group member receives a pseudonym key, allowing for accountability without revealing real identities. Utilizing a modified version of ML-DSA, an algorithm standardized by NIST, the team proposed a system that is efficient, quantum-safe, modular, and auditable, while maintaining existing privacy guarantees.

IBM’s ML-DSA Algorithm for Post-Quantum Digital Signatures

The increasing viability of quantum computing presents a fundamental challenge to modern cryptography, prompting a shift toward algorithms resistant to attacks from these powerful machines. The 2024 publication of initial post-quantum cryptography standards by NIST marked a critical step, but applying these standards universally proves complex. Some applications demand more sophisticated solutions lacking efficient quantum-safe equivalents. Recognizing this, IBM researchers extended their focus beyond initial standardization, seeking to address nuanced security needs within specific technologies. This led to a collaboration with Signal developers, centered on fortifying the platform’s group messaging capabilities against future quantum threats. Signal’s existing security infrastructure, designed to minimize data retained on its servers, presented a unique challenge. The team quickly discovered that simply swapping existing cryptographic components for quantum-resistant versions could increase bandwidth usage by as much as a hundredfold.

Central to this redesign was the implementation of ML-DSA, a lattice-based digital signature algorithm developed by IBM and standardized by NIST. Modified to support key re-randomization, ML-DSA enables a system where the server stores encrypted group data and enforces writing permissions, while individual members are assigned pseudonym keys. This allows for accountability without revealing user identities; the server can identify actions performed by “member #3,” but cannot link that pseudonym to a real-world identity. The resulting system, presented at the Real-World Crypto conference, aims to be efficient, modular, auditable, and maintainable, while preserving Signal’s core privacy guarantees.

IBM researchers are actively extending the reach of newly established post-quantum cryptographic standards beyond initial implementation, collaborating with secure messaging app Signal to address complex challenges in group communication security. Some systems demand more advanced cryptography lacking efficient quantum-safe equivalents, and the increased communication overhead of less efficient schemes presents a significant cost concern for companies. Initial attempts to retrofit the existing protocol with quantum-safe components threatened to increase bandwidth usage by a factor of one hundred.

Metadata Protection: Redesigning Signal’s Group Messaging Protocols

While existing encryption effectively shields message bodies from even powerful classical computers, metadata, details of group membership and message origination, remains vulnerable to future quantum decryption. This prompted a collaborative effort between IBM researchers and Signal developers to fortify the platform against “harvest now, decrypt later” attacks, where intercepted data is stored for future exploitation. A key obstacle was the sheer computational cost of simply swapping existing encryption with quantum-resistant alternatives; initial tests indicated a potential hundredfold increase in bandwidth usage. This realization led to a shift in architectural thinking, moving away from a server-centric “gatekeeper” model to a distributed system where group members share responsibility for security.

The proposed solution leverages a pseudonym key system, assigning each member a unique identifier visible to the server only. This allows Signal to verify operations, like message sending, without knowing the user’s true identity. “Every group would get its own pseudonym key for each member,” the researchers detail, meaning the server can see if “member #3 of this group” performed an operation, but it can’t link that pseudonym to the user’s real identity. The team presented their research at the Real-World Crypto conference, and Signal is now evaluating potential implementation strategies.