Signal has announced a major upgrade to its encryption with the introduction of Sparse Post-Quantum Ratchet (SPQR), a new cryptographic component designed to secure user conversations against future quantum computing attacks.
The Triple Ratchet System
SPQR is being added on top of Signal's existing Double Ratchet system to create what the platform calls a Triple Ratchet. This new structure forms a "mixed key" that significantly boosts security.
When a user sends a message, both the Double Ratchet and the new SPQR component generate a key. Instead of using either key alone, both are passed into a Key Derivation Function (KDF) to produce a single, hyper-secure "mixed" key. This ensures the chat has hybrid security.
The new system guarantees both forward secrecy and post-compromise security. This means that even if a party's encryption key is somehow compromised or stolen, all future messages exchanged between the parties will remain secure.
Post-Quantum Technology
The core of SPQR's quantum resistance comes from its use of post-quantum Key-Encapsulation Mechanisms (ML-KEM), specifically built upon CRYSTALS-Kyber, which Signal has been using alongside Elliptic Curve Diffie-Hellman since 2023.
To handle the large key sizes associated with post-quantum cryptography without slowing down the app, SPQR uses efficient chunking and erasure coding to prevent bandwidth bloat.
Rollout and Verification
The SPQR system was developed in collaboration with top security partners, including PQShield, AIST (Japan), and New York University. The design underwent rigorous formal verification using the ProVerif tool, and continuous verification will be applied to all future builds.
The rollout will be gradual, and Signal users simply need to keep their apps updated to the latest version to receive the upgrade. While the system is backward compatible (it will downgrade security when communicating with an older client), Signal will enforce SPQR across all sessions once it becomes available to all users.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
