Signal has introduced a new cryptographic defense named Sparse Post-Quantum Ratchet (SPQR) to protect user communications against potential future quantum computing attacks. This system functions as an advanced component that continuously refreshes encryption keys during conversations. SPQR ensures both forward secrecy and post-compromise security, meaning messages remain secure even if a key is stolen.
The protocol integrates post-quantum Key-Encapsulation Mechanisms (ML-KEM) to replace older elliptic-curve methods, efficiently managing large key sizes without excessive bandwidth use. It works alongside Signal's existing Double Ratchet to form a "Triple Ratchet," creating a hybrid key derived from both classical and post-quantum algorithms for enhanced security.
Developed in partnership with academic and industry experts, the system's design has been formally verified for robustness. The rollout will be gradual and automatic for users who keep their apps updated. While the system is backward compatible, security will be temporarily downgraded when communicating with non-supporting clients, with full enforcement planned once SPQR is universally available.
Read more...