‘Today we are happy to announce the first step in advancing quantum resistance for the Signal Protocol: an upgrade to the X3DH specification which we are calling PQXDH. With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current encryption standards.’

  • boo one
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    The essence of our protocol upgrade from X3DH to PQXDH is to compute a shared secret, data known only to the parties involved in a private communication session, using both the elliptic curve key agreement protocol X25519 and the post-quantum key encapsulation mechanism CRYSTALS-Kyber. We then combine these two shared secrets together so that any attacker must break both X25519 and CRYSTALS-Kyber to compute the same shared secret.

    Not an expert, but what i read here is that they will be using 2 locks. e.g. one traditional key based lock and another fingerprint based lock, and when you need to open the door, you need to open both the locks.

    • SturgiesYrFase@lemmy.ml
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      But does that actually give decent protection against quantum decryption?
      I don’t actually expect you to answer that question, it’s pretty pertinent though.

      • ᗪᗩᗰᑎ@lemmy.ml
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        From https://signal.org/docs/specifications/pqxdh/#passive-quantum-adversaries

        PQXDH is designed to prevent “harvest now, decrypt later” attacks by adversaries with access to a quantum computer capable of computing discrete logarithms in curve.

        Also:

        PQXDH is not designed to provide protection against active quantum attackers.


        Basically this makes it pointless to collect any data now with the intent to decrypt it in the future - e.g. the NSA collecting all your encrypted messages to decrypt them all in 5-10 years once they have a capable quantum computer.

        It does not protect against an active quantum attacker - of which there are currently none, so work in the field is likely expected to continue.

        • SturgiesYrFase@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          OK, cool, thanks for the disambiguation. So kinda actual protection, but at the same time lip service. I’ll take that.

          • LollerCorleone@kbin.socialOP
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            1 year ago

            Also remember that this is only a layer of added protection. Work on this will continue. But this is more than what any other player in this market space currently offers.