- cross-posted to:
- technology@lemmy.world
- hackernews@derp.foo
- signal@lemmy.ml
- cross-posted to:
- technology@lemmy.world
- hackernews@derp.foo
- signal@lemmy.ml
We believe that the key encapsulation mechanism we have selected, CRYSTALS-Kyber, is built on solid foundations, but to be safe we do not want to simply replace our existing elliptic curve cryptography foundations with a post-quantum public key cryptosystem. Instead, we are augmenting our existing cryptosystems such that an attacker must break both systems in order to compute the keys protecting people’s communications.
…
Our new protocol is already supported in the latest versions of Signal’s client applications and is in use for chats initiated after both sides of the chat are using the latest Signal software. In the coming months (after sufficient time has passed for everyone using Signal to update), we will disable X3DH for new chats and require PQXDH for all new chats. In parallel, we will roll out software updates to upgrade existing chats to this new protocol.
There was a “quantum safe” encryption scheme proposed that had a non-quantum vulnerability found in it. Perhaps they are hedging against that occuring again? The scheme was rejected in the end so didnt matter to much.
https://arstechnica.com/information-technology/2022/08/sike-once-a-post-quantum-encryption-contender-is-koed-in-nist-smackdown/