What is the 'quantum-resistant protocol' by 'Signal', which provides cryptographic communication protocols?



The messenger app

Signal uses an end-to-end encrypted Signal protocol that prevents third parties from eavesdropping or tampering with messages, and has received the highest rating on the Electronic Frontier Foundation's ' Most Secure Messengers List .' However, it has been pointed out that traditional encryption methods may be broken by quantum computers in the future. To address this, Signal has announced the introduction of ' Sparse Post-Quantum Ratchet (SPQR),' which introduces an additional mechanism with quantum resistance.

Signal >> Blog >> Signal Protocol and Post-Quantum Ratchets
https://signal.org/blog/spqr/



Signal is known as one of the most secure encrypted messaging apps, and is also highly valued in political and military circles, with Signal usage in Ukraine increasing dramatically after the Russian invasion of Ukraine began.

Russia's invasion of Ukraine has led to a surge in demand for Signal, the most secure encrypted messaging app - GIGAZINE



The Signal protocol uses elliptic curve cryptography , which reduces the number of bits, enabling fast calculations and resource consumption while maintaining a high level of security. However, the 'discrete logarithm problem' of elliptic curve cryptography has the property that it can be efficiently solved using algorithms designed for quantum computers. This raises concerns about an attack method in which current communications are intercepted and stored, and then decrypted once quantum computers become available.

Signal has now announced an update that includes a quantum-resistant feature called 'SPQR.' Signal's original encryption key update method was called 'double ratchet,' but by adding SPQR to this, it becomes a hybrid method called 'triple ratchet.' This means that an attacker would need to break both the elliptic curve cryptography and the quantum-resistant key exchange method to decrypt the key.



Using a quantum-resistant key sharing method would require a large amount of data to exchange keys, resulting in extremely high communication costs. To address this issue, Signal employs techniques to optimize the data transmission, such as 'split transmission,' which splits large key data into smaller pieces, and 'erasure codes,' which are error-resistant.

Not all devices support SPQR, so even if a sender uses SPQR, if the recipient's Signal version has not been updated to support SPQR, the message will not be readable. Therefore, Signal is designed to allow communication with non-SPQR-compatible parties to downgrade to a state where SPQR is not used. To prevent this downgrade from being exploited by malicious attackers, the SPQR attached to a message is encrypted with the MAC address using the authentication code for the entire message, preventing third-party attackers from deleting the SPQR data.

Signal says that the update, including SPQR, will have little impact on the user experience of Signal. 'We will slowly and carefully roll out encryption at a level that users won't notice or care about, so that one day, when quantum computers become a reality, we'll look back on this blog post and think, 'Oh, that's solved, so I don't have to worry about it.''

Related Posts:

in Software,   Security, Posted by log1e_dh