The telecommunications app has announced an upgrade to its cryptographic specifications so it can withstand a potential future cyberattack by a threat actor using quantum computers.
Signal announced “the first step in advancing quantum resistance” for its dedicated protocol on September 19th: an upgrade to the X3DH specification that it calls PQXDH.
“With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current encryption standards,” said Signal.
Signal prides itself on being a secure and private app in an era when users are increasingly concerned about their every digital move being snooped on by anyone from a US big tech company to a foreign state-backed cyber group.
Quantum computing, once perfected to be “noise-free” in the industry jargon, will revolutionize certain sciences and technologies in the transport, energy, and medical fields – but it also means the existing standard of encryption, known as the RSA Cryptosystem, will be rendered obsolete.
This is because quantum computers can perform certain functions, including cracking today’s encryption codes, in a fraction of the time it would take even a supercomputer to do.
“RSA relies on a mathematical one-way function,” said Signal. “Easy to compute in one direction, but requires substantially more work to compute in reverse.”
To date, this has served encryption systems well because it makes it difficult for an attacker using a conventional computer to crack codes. But a quantum computer would have little trouble breaking RSA.
“To address this problem, new post-quantum cryptosystems have been created to implement new one-way functions that cannot be advantageously reversed by a quantum computer,” said Signal.
NIST: respect is due
The telecoms company paid tribute to the National Institute of Standards and Technology (NIST), for spearheading research into quantum-ready computer codes.
“Thanks to innovation from cryptographic researchers and the NIST Standardization Process for Post-Quantum Cryptography, we now have stable options that have been created and vetted by a large community of experts,” said Signal.
Of the four models shortlisted by NIST last year for further development, Signal says it believes CRYSTALS-Kyber is the best suited for its purposes. However, nor is it about to put all its eggs in one basket.
“We believe that the key encapsulation mechanism we have selected, CRYSTALS-Kyber, is built on solid foundations, but to be safe we do not want to simply replace our existing elliptic curve cryptography foundations with a post-quantum public key cryptosystem,” said Signal.
It added: “Instead, we are augmenting our existing cryptosystems such that an attacker must break both systems in order to compute the keys protecting people’s communications.”
Thus its protocol upgrade from X3DH to PQXDH will be done “to compute a shared secret, data known only to the parties involved in a private communication session.”
Signal will then combine these shared secrets so any threat actor would have to break both X25519 and CRYSTALS-Kyber to crack its encryption coding.
That said, the company acknowledges that this is just the beginning of its journey towards full quantum-readiness.
“We will need to make further upgrades to address the threat of an attacker with a contemporaneous quantum computer,” it said. “Further research in the area of post-quantum cryptography will be needed to fill in the remaining gaps.”