Signal Braces For Quantum Age With SPQR Encryption Upgrade (nerds.xyz)
- Reference: 0179646772
- News link: https://it.slashdot.org/story/25/10/03/234236/signal-braces-for-quantum-age-with-spqr-encryption-upgrade
- Source link: https://nerds.xyz/2025/10/signal-spqr-quantum-encryption/
> Signal has [2]introduced the Sparse Post Quantum Ratchet (SPQR), a new upgrade to its encryption protocol that mixes quantum safe cryptography into its existing Double Ratchet. The result, which Signal calls the Triple Ratchet, makes it [3]much harder for even future quantum computers to break private chats . The change happens silently in the background, meaning users do not need to do anything, but once fully rolled out it will make harvested messages useless even to adversaries with quantum power.
>
> The company worked with researchers and used formal verification tools to prove the new protocol's security. Signal says the upgrade preserves its guarantees of forward secrecy and post compromise security while adding protection against harvest now, decrypt later attacks. The move raises a bigger question: will this be enough when large scale quantum computers arrive, or will secure messaging need to evolve yet again?
[1] https://slashdot.org/~BrianFagioli
[2] https://signal.org/blog/spqr/
[3] https://nerds.xyz/2025/10/signal-spqr-quantum-encryption/
Theory vs practice (Score:2)
It appears that a lot of effort has gone into designing a system that is theoretically secure (at least, against currently known attacks). However, it requires trust in the implementation which can never be completely transparent. State actors can insist on secret server-side backdoors that will store less secure copies of messages. These would not require code injection within clients (which would be detectable). There are many ways this could work, including such things as session key substitution.
Re: Theory vs practice (Score:1)
All you theoretically need is adding a state-provided additional key you encrypt against. That is, formally speaking, not a backdoor, but a normal function in public key encryption, e.g. when sending messages to multiple recipients using PGP.
Re: (Score:2)
> secret server-side backdoors that will store less secure copies of messages
How do you do that with end-to-end cryptosystems?
Post quantum cryptography is around the corner (Score:1)
Excellent stuff, and a good read for people who studied PQC. Given that in the next few weeks or months, PQC-capable (ML-KEM and ML-DSA enabled) releases of OpenSSL and OpenSSH will be rolled out in most if not all Linux distros, likely in MacOS and hopefully in the mobile variants as well, and hoping that server admins will swiftly upgrade, quantum computing supported decryption may actually be over before it even starts. (No idea what Microsoft is doing but they cannot risk adversary triggered downgrades
Re: (Score:2)
Problem with PQC is that *none* have been really proven to be secure (not the algorithms themselves, and implementations of course have their issues). Then we get stuff like [1]https://datatracker.ietf.org/d... [ietf.org] where idea is that you negotiate the keys with a ton of different PQC algorithms (and one classical) and hope that at least one of them works.
The whole FIPS algorithm evaluation process kinda proved that - and then we got headlines like this: [2]https://thequantuminsider.com/... [thequantuminsider.com] - and that made it to the f
[1] https://datatracker.ietf.org/doc/rfc9242/
[2] https://thequantuminsider.com/2022/08/05/nist-approved-post-quantum-safe-algorithm-cracked-in-an-hour-on-a-pc/
Re: (Score:2)
Conventional algorithms aren't proven secure either. They've just been around for a lot longer with no successful breakages, which increases confidence in them. In some cases you can use hash-based signature algorithms which rely only on the irreversibility of their hash functions. SLH-DSA produces long signatures and signing is very slow, but for firmware signatures in many cases neither of these will be problems.
Irrelevant (Score:1)
All of this is irrelevant as literally all of the hardware (everything from cpu to the last tiny chip controlling your keyboard, secure enclave, ...) and most of the software (bios-layer, operating system, anything lurking around hidden and equipped with root rights, ...) on all of the systems you use (PC, mobile phone, ...) is under control of the adversary. After the lessons of WW2 information warfare (Enigma and the like) you wouldn't think that any government allowed their potential enemies to equip th
What "quantum age"? (Score:1)
Why are people falling for this nonsense? After half a century of research the quantum factorization record is currently 35. Not 35 bit, 35, i.e. 6 bit. That is utterly pathetic and not likely to change anytime soon. For all practical purposes, QCs do not exist.
so they have quantum proof encryption (Score:2)
and backdoors for law enforcement and intelligence and whatnot. teh irony
SPQR? (Score:2)
Ah, is that what those Romans were trying to use? [1]https://en.wikipedia.org/wiki/SPQR [wikipedia.org] builds post-quantum bridges and triumphal arches!!
Seriously though, as a signal user, I'm happy they are thinking about increasing encryption safety but how can anyone take any 'post quantum' marketing seriously when we're still in pre-quantum, and a quantum computer hasn't even been able to break weak encryption? Will real quantum computing power actually be stronger than 'post quantum' cryptography? Or maybe we'll
[1] https://en.wikipedia.org/wiki/SPQR
Re: (Score:2)
You beat me to it. Senatus Populusque Romanus was my immediate reaction.
Re: (Score:2)
If your system is protected from both conventional and quantum computers, but nobody can make capable quantum computers, then your system is still protected.