Signal announces advancements in post-quantum security for the encrypted Signal protocol
Signal is enhancing quantum security with the introduction of the Sparse Post Quantum Ratchet (SPQR), marking a substantial enhancement in the security of its cryptographic protocol. By integrating SPQR, Signal aims to better protect users against anticipated threats from quantum computing while keeping established privacy protections intact, including forward secrecy and post-compromise security.
With the addition of SPQR to its existing Double Ratchet mechanism, Signal is moving to a new Triple Ratchet structure. This approach provides quantum-safe messaging, ensuring that conversations remain secure both now and in the event that cryptographically relevant quantum computers become reality. According to Signal, users will not need to take any action; the update will be deployed slowly and carefully in a way that ensures all conversations transition automatically to the new protocol without disruption.
Signal began efforts to advance the protocol’s quantum resistance in 2023, and the integration of SPQR represents a major step forward. The open source Signal Protocol, published in 2013, is a widely adopted set of end-to-end encrypted communication specifications and serves as the foundation for private messaging in both Signal and major communication platforms like WhatsApp.
- Instant Messenger
- Free • Open Source
Related news
External links
- Signal Protocol and Post-Quantum RatchetsSignal • Official source
- Signal Enhances Security With New Hybrid PQ Ratchet to Compact Quantum Computing ThreatsCyber Security News
- Signal Introduces Hybrid Post-Quantum Ratchet to Strengthen SecurityGBHackers
Comments
Good to see that Signal is holding it's high standards in security and prepare for the future.
Can someone explain to me how something can be post quantum secure if we're still pre quantum?
the post doesn't say it's post-quantum. if you ready it whole, it says its resistant to a specific type of attack involving quantum computers, "store-now-decrypt-later", not against all of the attacks that a quantum computer can perform.
plus, we're very much "quantum". No quantum computer today (that we know of) has the capabilities to break RSA (or similar algorithms), but quantum computers are there, indeed.
very accurate response from @GseThinkpad
Here's a clarification on what's actually changing:
@Tobias - "Post-quantum secure" doesn't mean "after quantum computers exist." It means cryptography that's resistant to attacks by quantum computers, designed now before they become powerful enough to break current encryption.
@GseThinkpad - You're mostly right. SPQR protects against quantum attacks on the protocol's key exchange mechanism (breaking ECDH). "Harvest-now-decrypt-later" is the main threat scenario that makes this urgent, but SPQR defends against all quantum cryptographic attacks on ECDH, not just HNDL specifically. It doesn't protect against non-cryptographic attacks, of course.
What's Actually Changing:
BEFORE (Double Ratchet):
Symmetric Ratchet (quantum-safe hashing) → Forward Secrecy ✓
ECDH Ratchet (elliptic curve, 32 bytes) → Post-Compromise Security ✓
Problem: ECDH is vulnerable to quantum computers
AFTER (Triple Ratchet with SPQR):
Symmetric Ratchet (unchanged)
ECDH Ratchet (still there)
Hybrid approach: Both ECDH and ML-KEM keys are independently generated and mixed
Real difference: You now need to break both classical ECDH AND post-quantum ML-KEM to compromise messages. Even if a future quantum computer breaks ECDH, the ML-KEM layer keeps conversations secure.
Trade-off: ~2KB extra data every 50 messages for quantum resistance.
We do have quantum computers and we also do have algorithms to break encryption (like Shor's algorithm), but the hardware isn't good enough still. So that's why we're preparing for the future, when these algorithms might be executed within seconds, not years. Some agencies already hoard data to decrypt later.