
Signal Braces For Quantum Age With SPQR Encryption Upgrade (nerds.xyz) 57
BrianFagioli shares a report from NERDS.xyz: Signal has introduced the Sparse Post Quantum Ratchet (SPQR), a new upgrade to its encryption protocol that mixes quantum safe cryptography into its existing Double Ratchet. The result, which Signal calls the Triple Ratchet, makes it much harder for even future quantum computers to break private chats. The change happens silently in the background, meaning users do not need to do anything, but once fully rolled out it will make harvested messages useless even to adversaries with quantum power.
The company worked with researchers and used formal verification tools to prove the new protocol's security. Signal says the upgrade preserves its guarantees of forward secrecy and post compromise security while adding protection against harvest now, decrypt later attacks. The move raises a bigger question: will this be enough when large scale quantum computers arrive, or will secure messaging need to evolve yet again?
The company worked with researchers and used formal verification tools to prove the new protocol's security. Signal says the upgrade preserves its guarantees of forward secrecy and post compromise security while adding protection against harvest now, decrypt later attacks. The move raises a bigger question: will this be enough when large scale quantum computers arrive, or will secure messaging need to evolve yet again?
SPQR? (Score:4, Interesting)
Ah, is that what those Romans were trying to use? https://en.wikipedia.org/wiki/SPQR [wikipedia.org] builds post-quantum bridges and triumphal arches!!
Seriously though, as a signal user, I'm happy they are thinking about increasing encryption safety but how can anyone take any 'post quantum' marketing seriously when we're still in pre-quantum, and a quantum computer hasn't even been able to break weak encryption? Will real quantum computing power actually be stronger than 'post quantum' cryptography? Or maybe we'll find out current EC based crypto is stronger than we thought. Who knows!
Re: (Score:3)
You beat me to it. Senatus Populusque Romanus was my immediate reaction.
Re:SPQR? (Score:4, Informative)
Caesar cipher [wikipedia.org] is best cipher!
Re: (Score:3, Informative)
Re: (Score:2)
Re: (Score:3, Funny)
Yes, but what have the Romans ever done for us?
I mean, besides cryptography, roads, water...
Re: (Score:2)
Re: (Score:3)
If we can't make a capable quantum computer, then how do we know its protected?
Re: (Score:3)
Ok but aside from sanitation and roads, what have the Romans ever done for us?
Theory vs practice (Score:4, Interesting)
It appears that a lot of effort has gone into designing a system that is theoretically secure (at least, against currently known attacks). However, it requires trust in the implementation which can never be completely transparent. State actors can insist on secret server-side backdoors that will store less secure copies of messages. These would not require code injection within clients (which would be detectable). There are many ways this could work, including such things as session key substitution.
Re:Theory vs practice (Score:4)
> secret server-side backdoors that will store less secure copies of messages
How do you do that with end-to-end cryptosystems?
Re: (Score:2)
However, it requires trust in the implementation which can never be completely transparent. State actors can insist on secret server-side backdoors that will store less secure copies of messages.
A few months ago top US officials discussed secret stuff over Signal, and the outrage over this was heard world wide. So much for the trustworthiness of Signal. Pepperidge Farm remembers ...
Re:Theory vs practice (Score:5, Interesting)
You mean the conversation where they included a journalist because he was in someone's address list?
Yeah, nobody was worried about someone breaking Signal's encryption in that case - Hegseth was sending the classified details directly to the external parties.
The main reason the Trump admin uses Signal is to avoid keeping records of their conversations as required by law.
They are still using Signal, btw. Yesterday a Trump admin official was recorded having a classified Signal conversation in public.
The conversation was absolutely insane in many ways. Among other things, Hegseth wanted to send the 82nd Airborne to Portland, in response Trump's hallucinations about what was heppening there.
https://www.startribune.com/tr... [startribune.com]
Re: (Score:3)
The main criticism was not directed at Signal's encryption standards, and the fact, that a journalist was carelessly added to the conversation was only a side act. The real criticism came about, because they hosted their app on private, i.e. insecure, phones. Signal can use whatever encryption they want, they have no control over the platforms their software is run on.
Re: (Score:3)
Re: (Score:2)
All these "revolutionaries", who'd like to "stick it to the man" and communicate their schemes through smart phone based means, are not going to be protected by any app's design or technology, and whether Signal changes encryption algo or not will not make much of a difference. Anyone decrying this as tinfoil hattery or conspiracy theory driven nuttery shall reread the serious reporting about the US gov't communicating over Signal.
Re: (Score:3)
Re: Theory vs practice (Score:2)
Re: Theory vs practice (Score:2)
Re: (Score:3)
Sorry, the algorithm used in quantum encryption is secure,
Which algorithm are you talking about? Because it's certainly not the algorithm discussed in the story (SPQR encryption)
Re: (Score:2)
Which algorithm are you talking about? Because it's certainly not the algorithm discussed in the story (SPQR encryption)
The Fine Article describes traditional encryption method (not quantum), which is RESISTANT to ATTACKS that run on (sometime in the future) upcoming quantum computers. Quantum encryption itself is a completely different beast, not discussed in this story.
Re: (Score:3)
Any system that has a secure method for transmission of one-time pads between the parties in a conversation ought to be secure. However, there is no method of which I am aware that involves passing the one-time pads via a third party (in this case, Signal) where we can be confident the security will not be subverted by (especially) state actors. Would you be confident using one-time pads passed usin
Re: (Score:2)
Quantum encryption is 100% secure (barring new physics). It involves sending a one time pad that is known not to be intercepted.
Traditional encryption requires that P not equal NP, which is not proven. If someone can find a way to reduce no polynomial time algorithms to polynomial time than current encryption is broken. If someone can prove it's impossible than current encryption is secure against non quantum algorithms.
Post quantum cryptography is around the corner (Score:1)
Re: (Score:3)
Problem with PQC is that *none* have been really proven to be secure (not the algorithms themselves, and implementations of course have their issues). Then we get stuff like https://datatracker.ietf.org/d... [ietf.org] where idea is that you negotiate the keys with a ton of different PQC algorithms (and one classical) and hope that at least one of them works.
The whole FIPS algorithm evaluation process kinda proved that - and then we got headlines like this: https://thequantuminsider.com/... [thequantuminsider.com] - and that made it to the f
Re: (Score:3)
Time to move to cascades? (Score:3)
One thing TrueCrypt and VeraCrypt have as an option is to use multiple encryption algorithms. The point isn't 768 bits, but more of, if AES has a break that causes it to have a lot fewer bits that need to be guessed, Serpent and other algorithms are likely not to be broken by the same attack, so the data is protected.
Maybe we need to consider this. Have a good conventional algorithm coupled with a PQ algorithm. This way, if something causes RSA to be completely useless, broken in O(n) time, the PQ algori
Irrelevant (Score:2)
What "quantum age"? (Score:2)
Why are people falling for this nonsense? After half a century of research the quantum factorization record is currently 35. Not 35 bit, 35, i.e. 6 bit. That is utterly pathetic and not likely to change anytime soon. For all practical purposes, QCs do not exist.
Re:What "quantum age"? (Score:4, Informative)
More specifically, digital quantum computers have factored 15, 21 and 35 -- but 15 is a near-trivial special case, and the circuits for the other two used shortcuts that were associated with knowledge of what the factors (of 21 and 35) are. The circuit for 35 can't factor 21.
Re: (Score:2)
That bad? I though this were at least 6 bit general factorization implementations. So even worse than Shor's Algorithm implemented for 6 bits. Speaking of any "threats" from this tech or expecting it to matter anytime soon is insane.
Thanks for pointing this out.
Re: (Score:2)
https://algassert.com/post/250... [algassert.com] addresses the case of 21.
https://arxiv.org/pdf/1903.007... [arxiv.org] seems to be the paper about 35, although it says that noise meant that "the algorithm fails to factor N = 35" (and didn't do a great job for 21 either).
Re: (Score:2)
Re: (Score:2)
That half a century claim is dumb, the first quantum computer happened in the past decade and I'll bet you've never used or seen one.
Re: (Score:2)
I have been following this tech for about 35 years now. Research into qbits and quantum gates was well established at that time. The 50 year claim is accurate and the dumb one here is you.
Re: (Score:2)
Richard Feynman famously proposed the theoretical possibility of quantum computing in a 1982 paper. That's closer to 40 years, but in a couple of years it will indeed round to 50.
What's the equivalent for the theoretical possibility of conventional computing? Something way back in antiquity. Anyway, Pascal was building rudimentry examples by the 17th century. Real practical codebreaking happened a couple centuries later.
Stuff happens faster today. If big quantum computers are possible or practical it's poss
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Well, in that case, factorize something larger than 35. I dare you.
Re: (Score:3)
Researchers in China have claimed to crack a 50-bit key. https://www.sciencing.com/1765... [sciencing.com] If true, that's a lot better than 6 bits, but still far, far away from RSA's 2048 bits. Getting from 6 to 50 is an accomplishment, but orders of magnitude short of being able to attack real encryption.
Re: (Score:2)
Researchers in China have claimed lots of things. And 50 bit would still be within other approaches than an actual general implementation of Shor's Algorithm. Oh, and look, they used a D-Wave. That is not a QC at all. It is a very restricted Quantum annealing device and it does NOT scale for factorization.
Re: (Score:2)
All of your observations are correct, in my opinion, and support the notion that we are far from needing to worry about quantum computing destroying the effectiveness of today's encryption algorithms.
The weakest link in encryption schemes, is the human, and this will remain true.
Re: (Score:3)
All of your observations are correct, in my opinion, and support the notion that we are far from needing to worry about quantum computing destroying the effectiveness of today's encryption algorithms.
Thank you.
The weakest link in encryption schemes, is the human, and this will remain true.
That is certainly true. Humans are really good at sabotage all forms of IT security, both by incompetence and by intent.
Re: (Score:1)
so they have quantum proof encryption (Score:2)
and backdoors for law enforcement and intelligence and whatnot. teh irony
Re: (Score:2)
What did you expect from an algorithm named after the Roman Empire?
Re: (Score:2)
Peer to peer (Score:2)
Isn't Ratchet a DIY Mechanical Keyboard? (Score:1)
Wrong! per gewgle: (Score:2)
Signal embraces SPQR. Vini, Vidi, Vici! (Score:2)
Signal invokes SPQR for post-quantum security. Marcus Aurelius reminds us: You have power over your keys, not over the quantum adversary. Realize this, and you will find strength.
Quantum computers have yet to factor 15 (Score:2)
Or at least quantum computers haven't factored 15 (or any other number) without cheating (using a classic computer to pre-calculate the answer using the answer, then the quantum computer "solves" it), making the threat non-existent. Peter Gutmann wrote about this: https://www.cs.auckland.ac.nz/... [auckland.ac.nz] showing all the hype about quantum factoring of integers is all smoke and mirrors. Well, at least we have jobs implementing post-quantum cryptography for the next 20 years, and profit from the results.
SPQR encryption? (Score:2)
Caesar used a simple substitution cipher. A modern codebreaker could decode this in a fraction of a second.