Encrypted messaging is becoming increasingly popular, and Signal is one of the leading apps in this space. Now, in an effort to enhance its security, Signal is preparing for a potential threat that could arise in the next 5 to 10 years – quantum computers. The app is taking precautions by introducing a new specification called PQXDH.

The purpose of PQXDH is to protect against future quantum computers that may have the ability to break encryption. Signal announced this upgrade in a recent blog post, stating, “With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current encryption standards.”

So why exactly should we be concerned about quantum computers? Well, unlike traditional computers, quantum computers operate on qubits instead of bits. Qubits can exist in a superposition of states, allowing them to represent multiple values simultaneously. While quantum computers may not find their way into our homes anytime soon, they are likely to be used for complex tasks such as protein folding, weather forecasting, and factoring large numbers.

Currently, the existing quantum computers do not have enough qubits to pose a threat to Signal’s encryption. However, if a powerful enough quantum computer is built in the future, it could potentially compute a private key from a public key, thus compromising encrypted messages.

There are various predictions regarding the timeline for the development of powerful quantum computers. Some experts believe it could happen within a couple of years, while others think it may take several decades. The consensus seems to be around the 5 to 10-year mark. Signal acknowledges this uncertainty, stating, “We are not in a position to judge which timeline is most likely, but we do see a real and growing risk which means we need to take steps today to address the future possibility of a large enough quantum computer being created.”

To address this potential threat, Signal has introduced PQXDH, which stands for Post-Quantum Extended Diffie-Hellman key agreement protocol. This protocol allows two parties to establish a shared secret key for future communication while mutually authenticating each other based on public keys. PQXDH offers post-quantum forward secrecy and cryptographic deniability, relying on the hardness of the discrete log problem for mutual authentication.

In essence, PQXDH is designed for asynchronous settings, where one user (“Bob”) is offline but has shared information with a server. Another user (“Alice”) can use that information to send encrypted data to Bob and establish a shared secret key for future communication.

By introducing PQXDH, Signal is taking proactive steps to safeguard encrypted messages against potential threats posed by future quantum computers. This upgrade ensures that users can continue to communicate securely, even as technology evolves.