PQShield, a Post-quantum cryptography company, has published a white paper communicating Secure Messaging in a Post-Quantum World. They laid out the threats quantum poses to secure end-to-end messaging and explained how post-quantum cryptography (PQC) could be added to the Signal secure messaging protocol to protect it from quantum attacks.
PQShield is proposing to license their end-to-end encrypted messaging IP to the Signal Foundation pro bono – if/when they plan to enhance their system. This is to help the non-profit organization behind the free encrypted messaging app, Signal, with its goal to make secure communication available to everyone.
Over the last ten years, the use of encrypted messaging applications has skyrocketed due to the widespread use of smartphones. In January 2022, 40 million people were using Signal, while over 2 billion people were using WhatsApp. Though safe, end-to-end encryption, which keeps conversations on these platforms private, may soon be broken by large-scale quantum computers. The potential for a “harvest now, decode later” assault worsens the situation. Threat actors could already be collecting and storing encrypted messages to decrypt them later, which might have terrible consequences.
Adding post-quantum cryptography to the Signal protocol (regarded as the gold standard for creating secure transmission between two parties) would be technically challenging. PQShield discusses the need for quantum-secure solutions that mirror the functionality and security of the Signal protocol’s existing key components.
PQShield’s white paper describes the use of post-quantum cryptography to secure messaging in a two-party scenario, which commonly occurs between mobile devices and has specific performance and data requirements. It further describes how this may be applied to group texting, which has special data and bandwidth challenges.