3.9.23

The Quantum Risk to Messaging: Why End-to-End Encryption Isn't Enough

Category:
Blog Post

Part five of Qrypt’s “Understanding Quantum Risk” series of articles.

Introduction

 

In today’s fast-paced business environment, chat messaging has become the norm for communication between colleagues, partners, and customers. It’s quick, convenient, and helps us stay connected wherever we are. However, there’s a risk to using chat messaging services, even those that promise end-to-end encryption. That risk is quantum computing.

 

In this post, we’ll explore the prevalence of chat messaging usage today, the lack of end-to-end security in most chat messaging services, why end-to-end security isn’t quantum security, and why quantum security for chat messages is essential now. We’ll also discuss how Qrypt can help mitigate this risk with its quantum-secure key generation and ability to create quantum-secure tunnels.

The Prevalence of Chat Message Usage Today in Business

 

Chat messaging is now an essential part of business communication. However, according to Spiceworks’ “2018 State of IT” report, 51% of businesses use chat apps for internal communication, while 41% use email. Additionally, 34% of businesses use team chat apps for customer communication. As we all know, these numbers have only increased over time with the prevalence of Teams, Slack, and other tools becoming ubiquitous.

The Limitations of End-to-End Encryption

 

While many chat messaging services promise end-to-end encryption, the truth is that most of them do not provide true end-to-end security. For instance, one of the most popular messaging apps globally, WhatsApp, claims to use end-to-end encryption. However, their backup feature, which allows users to store their chat history in the cloud, is not encrypted end-to-end. That means the backups could be intercepted and decrypted, revealing sensitive information[1].

 

Messaging apps that use end-to-end encryption, such as Signal, are widely regarded as a secure way to communicate with others. However, the threat of quantum computers means the encryption model is not quantum-secure. When quantum computers arrive, they will break the encryption used by Signal and other messaging apps, giving attackers access to users’ chat history. This risk is not unique to Signal but affects all messaging services that rely on encryption that quantum computers can break.

 

Signal uses the Signal Protocol based in part on the Double Ratchet algorithm for its end-to-end encryption. The Double Ratchet algorithm provides forward secrecy and message confidentiality by generating new encryption keys for every message and then discarding them. However, the encryption algorithms used by Signal, including Elliptic-curve Diffie-Hellman, are only quantum-safe and are vulnerable to attacks by quantum computers once they become powerful enough. This means that messages sent through Signal are not secure against a quantum adversary who harvests and store encrypted messages for future decryption. As a result, the content of Signal messages will be exposed when a quantum computer capable of breaking these encryption algorithms becomes available.

Why End-to-End Security Isn’t Quantum Security

 

End-to-end encryption is a valuable tool for protecting data in transit from being intercepted or read by unauthorized parties. However, it is insufficient to protect against the risk of quantum computing. Traditional encryption algorithms, like RSA and ECC, rely on complex mathematical problems difficult for classical computers to solve. But these same problems are easy for quantum computers to solve, making traditional encryption algorithms vulnerable to quantum attacks.

Why Quantum Security for Chat Messages Now?

 

Quantum computing is advancing rapidly, and it’s only a matter of time before quantum computers can break the encryption used by most chat messaging services. When that happens, all harvested chat history and messages will be exposed, putting businesses and individuals at risk of data breaches, intellectual property theft, and other cybercrimes. But the real risk lies in the fact that this data is already being harvested today, and mitigation must happen now. We cover data harvesting in the post How is Encrypted Data Being Harvested?

 

Everything sent today, even if it is encrypted using end-to-end encryption, is at risk of being decrypted in the future. And while some data may lose its value over time, much of the data exchanged in chat messages has long-term value, such as trade secrets, intellectual property, and personal information like medical records and financial data. The ubiquitous usage of chat in businesses today makes chat messages a particularly high-risk area for cyberattacks. When a quantum computer capable of breaking current encryption standards becomes available, attackers that harvested encrypted chat messages will decrypt them to reveal sensitive information. The risks are exceptionally high for businesses, as the loss of trade secrets and other sensitive data could be catastrophic.

 

This is why quantum security for chat messages is more important than ever. By adopting quantum-secure encryption, businesses and individuals can protect their chat messages against the risk of quantum computing attacks today.

How Qrypt Can Help

 

Qrypt offers a solution to this problem with Quantum Key Generation and Quantum Secure Encryption. Our quantum-secure key generation solution eliminates encryption key transmission, the root of quantum risk. We start by leveraging true quantum random numbers from our Quantum Entropy service to independently generate encryption keys for endpoints. Our Quantum Secure Encryption provides an additional layer of encryption over what a channel provides, ensuring that the messages are encrypted and protected from any third-party interception and future compromise of the algorithm protecting the channel. This technology is based on Claude Shannon’s work on perfect secrecy, making it impossible for even quantum computers to decrypt sensitive data.

 

In conclusion, the risk to chat messaging services is real, and businesses need to take action to protect themselves from this risk. End-to-end encryption is not enough to protect against the risk posed by quantum computing. Qrypt offers a quantum-secure solution to this problem, ensuring that your chat messages remain private and secure.

 

To learn more, sign up for our newsletter on our home page or contact our sales team at info@qrypt.com.