Signal has published a blogpost about Quantum Resistance and the Signal Protocol
What do y’all think?
1 Like
It is a start. And a safe bet on Kyber (which is also being standardized by NIST as ML-KEM and by IETF for pq TLS). I particularly like how they achieve the properties of their previous protocol (deniability, for example) with neat little tweaks.
Per Signal’s pq-xdh spec, the cryptography community is yet to figure out pq safe authentication of identities; so that’s a big fruit left hanging (imo).
The authors note that pq-xdh is rough and some more analysis on its security aspects is needed (which should happen in due time).
The only ominious thing about Signal pursuing pq right now is speculation that perhaps powerful enough Quantum Computers are around the corner. This spells disaster for a LOT of companies our there, who perhaps aren’t as nimble / agile to pq safe their public key setups.