‘Today we are happy to announce the first step in advancing quantum resistance for the Signal Protocol: an upgrade to the X3DH specification which we are calling PQXDH. With this upgrade, we are adding a layer of protection against the threat of a quantum computer being built in the future that is powerful enough to break current encryption standards.’

  • SturgiesYrFase@lemmy.ml
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 year ago

    I’m not a cryptography expert, or even a security expert, or even more than middling proficient with computers. Could someone with actual skill in this field read this and pipe in with an opinion on if this is actually sufficient to start with or just a layer of false security?

    • boo one@lemmy.one
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      1 year ago

      The essence of our protocol upgrade from X3DH to PQXDH is to compute a shared secret, data known only to the parties involved in a private communication session, using both the elliptic curve key agreement protocol X25519 and the post-quantum key encapsulation mechanism CRYSTALS-Kyber. We then combine these two shared secrets together so that any attacker must break both X25519 and CRYSTALS-Kyber to compute the same shared secret.

      Not an expert, but what i read here is that they will be using 2 locks. e.g. one traditional key based lock and another fingerprint based lock, and when you need to open the door, you need to open both the locks.

      • SturgiesYrFase@lemmy.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        But does that actually give decent protection against quantum decryption?
        I don’t actually expect you to answer that question, it’s pretty pertinent though.

        • ᗪᗩᗰᑎ@lemmy.ml
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 year ago

          From https://signal.org/docs/specifications/pqxdh/#passive-quantum-adversaries

          PQXDH is designed to prevent “harvest now, decrypt later” attacks by adversaries with access to a quantum computer capable of computing discrete logarithms in curve.

          Also:

          PQXDH is not designed to provide protection against active quantum attackers.


          Basically this makes it pointless to collect any data now with the intent to decrypt it in the future - e.g. the NSA collecting all your encrypted messages to decrypt them all in 5-10 years once they have a capable quantum computer.

          It does not protect against an active quantum attacker - of which there are currently none, so work in the field is likely expected to continue.

          • SturgiesYrFase@lemmy.ml
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            OK, cool, thanks for the disambiguation. So kinda actual protection, but at the same time lip service. I’ll take that.

            • LollerCorleone@kbin.socialOP
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              1 year ago

              Also remember that this is only a layer of added protection. Work on this will continue. But this is more than what any other player in this market space currently offers.

    • kromem@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 year ago

      Just for a point of reference, Moxie Marlinspike was probably one of the biggest names in breaking encryption standards before he started Signal.

      And as a lifelong anarchist, the sort of person who designs a protocol with the NSA as the imagined adversary.

      If you were going to put faith in an individual regarding crypto choices, I’m not sure there’s anyone else I’d recommend moreso.

        • kromem@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          Yes. He’s still on the board. He stepped down because he had worked towards integration of a traceless and private crypto option for payments which critics felt made Signal more of a target for governments and to be used by criminal elements.

          He was replaced as CEO by the previous co-founder of WhatsApp who used money from the sale to bankroll Signal.

          But the idea Moxie isn’t involved in crypto decisions for Signal is ludicrous. There’s no way he’s not actively being involved in protocol discussions.