The Signal Protocol is a set of cryptographic specifications that provides end-to-end encryption for private communications exchanged daily by billions of people around the world. After its publication in 2013, the Signal Protocol was adopted not only by Signal but well beyond. Technical informat...

We believe that the key encapsulation mechanism we have selected, CRYSTALS-Kyber, is built on solid foundations, but to be safe we do not want to simply replace our existing elliptic curve cryptography foundations with a post-quantum public key cryptosystem. Instead, we are augmenting our existing cryptosystems such that an attacker must break both systems in order to compute the keys protecting people’s communications.

Our new protocol is already supported in the latest versions of Signal’s client applications and is in use for chats initiated after both sides of the chat are using the latest Signal software. In the coming months (after sufficient time has passed for everyone using Signal to update), we will disable X3DH for new chats and require PQXDH for all new chats. In parallel, we will roll out software updates to upgrade existing chats to this new protocol.

  • jet@hackertalks.comEnglish
    212·
    10 months ago

    A nice and reasonable approach.

    I just wonder why doubling up the cyphers is the way to go? Not confident in the post-quantum cipher yet?

  • kanzalibrary@lemmy.ml
    173·
    10 months ago

    I never predict Signal will implement this QuanResist really fast pace than other messenger apps. Applause to the dev team!

  • Obinice@lemmy.world
    8·
    10 months ago

    We believe that the key encapsulation mechanism we have selected, CRYSTALS-Kyber, is built on solid foundations, but to be safe we do not want to simply replace our existing elliptic curve cryptography foundations with a post-quantum public key cryptosystem.

    Does this sound like VX Junkies to anybody else? I feel the need to check on my turbo encabulator 😅

    • Possibly linux@lemmy.zipEnglish
      1·
      10 months ago

      The original machine had a base-plate of prefabulated aluminite, surmounted by a malleable logarithmic casing in such a way that the two main spurving bearings were in a direct line with the pentametric fan. The latter consisted simply of six hydrocoptic marzlevanes, so fitted to the ambifacient lunar waneshaft that side fumbling was effectively prevented. The main winding was of the normal lotus-o-delta type placed in panendermic semi-bovoid slots in the stator, every seventh conductor being connected by a non-reversible tremie pipe to the differential girdlespring on the “up” end of the grammeters.

  • incompetentboob@lemmy.worldEnglish
    410·
    10 months ago

    Do we still like signal? I remember reading something about why you should stop using signal but this seems contrary to that

    • Yesbutnotreally@lemmy.world
      351·
      10 months ago

      People dislike Signal because of the phone number. The problem is, in my opinion, that all the “more secure” messengers lack features to ever be somewhat mainstream. I think most privacy experts and enthusiasts still consider Signal to be the gold standard of E2EE messengers.

      Edit: Forgot to mention centralised servers, but if you dig a little bit deeper than then top layer of that, it’s not an issue.

      • sudneo@lemmy.world
        17·
        10 months ago

        Many people also fail to make a proper distinction between private and anonymous, which is why some people get mad at the phone number thing.

      • Obinice@lemmy.world
        43·
        10 months ago

        Ah, yes, I’m not giving an instant messenger application my phone number, it doesn’t need it, especially if I’m not even using it on a phone.

        That’s private information that I only give out to close friends and family members.

      • winterayars@sh.itjust.works
        12·
        10 months ago

        The phone number thing is a major problem but Signal just has the momentum imo. Ultimately, they’re gonna need to fix it or we’re all going to have to stop using it.

          • winterayars@sh.itjust.works
            1·
            9 months ago

            Anonymity is good but that’s not the biggest problem with Signal’s reliance on phone numbers. Phone numbers are just not secure and not designed to be authentication credentials. Phone services are vulnerable to a large number of exploits and that’s never going to change. Signal has a number of mitigations to try preventing those exploits from hitting people but that’s a bandage at best. Reliance on phone numbers is a gigantic weak point in Signal’s privacy and security.

    • Virkkunen@kbin.social
      8·
      10 months ago

      For every thing on this world, there will be people disliking this thing and being very vocal about it.