IBM researchers are working with the developers of the secure messaging platforms Signal and Threema to design cryptographic systems that can resist future quantum computer attacks.
The collaborations aim to adapt messaging protocols and encryption schemes so that private communications remain secure once quantum machines become powerful enough to break today’s widely used cryptography.
The initiative aims to curb the risks posed by the so-called “harvest now, decrypt later” threat, in which attackers steal encrypted data today and store it until future advances in computing allow them to decrypt it.
The work is carried out by a team of IBM Research cryptographers led by principal research scientist Vadim Lyubashevsky, in collaboration with engineers from the Signal Foundation. Their findings are being presented at the Real-World Crypto (RWC) conference, a prominent venue where academic and industry experts discuss practical cryptographic implementations.
Signal, launched in 2014, is widely regarded as one of the most secure messaging platforms available. The service provides end-to-end encrypted messaging, voice, and video calls, ensuring that encryption keys are generated and stored on users’ devices rather than on Signal’s servers. This design prevents the platform itself from accessing user conversations, a key principle behind its privacy model.
However, while classical supercomputers would take billions of years to break modern encryption, quantum computers could dramatically reduce that time by efficiently solving the mathematical problems underlying common encryption schemes. This looming possibility has led to the development of post-quantum cryptography, which relies on mathematical structures believed to remain secure even against quantum attacks.
In 2024, the US National Institute of Standards and Technology (NIST) finalized its first three post-quantum cryptography standards. Two of those algorithms, ML-DSA (Module-Lattice Digital Signature Algorithm) and ML-KEM (Module-Lattice Key Encapsulation Mechanism), were developed by IBM researchers.
While these standards provide a foundation for quantum-resistant encryption, integrating them into existing systems is not always straightforward. Some cryptographic protocols become significantly less efficient when replaced with quantum-safe alternatives, increasing bandwidth and computational requirements. Simply swapping existing components with post-quantum equivalents could have increased Signal’s bandwidth consumption by up to 100 times, making the approach impractical.
To overcome this limitation, the research team redesigned the protocol architecture. Instead of relying solely on the server as the gatekeeper for group actions, their proposal distributes some verification responsibilities among group members. In this model, each group participant receives a pseudonym key, allowing the server to track actions performed by “member #3” or “member #4” without learning their real identities.
The design uses a modified version of ML-DSA that supports key re-randomization, enabling group operations to remain private while preserving accountability among members. Researchers also introduced a new security model that accounts for different roles within groups, such as administrators and regular participants, while considering scenarios where servers or members could be compromised.
According to IBM, the redesign would make Signal’s group messaging quantum-safe, modular, and more efficient, while preserving the platform’s privacy guarantees against its own infrastructure.
IBM is also collaborating with Threema, a Switzerland-based secure messaging provider known for its strong privacy protections and compliance with European data protection laws. In that partnership, researchers are exploring how to integrate ML-KEM, the NIST-selected post-quantum key exchange algorithm, into Threema’s messaging architecture.
The transition to post-quantum cryptography will take many years, as internet protocols, applications, and infrastructure gradually adopt the new algorithms. Messaging platforms are among the early adopters because they store large volumes of sensitive data that could become targets for long-term interception. Users should keep their messaging apps updated, use end-to-end encryption, and review their privacy settings to identify opportunities to strengthen their security.
Leave a Reply