this post was submitted on 22 Feb 2024
53 points (96.5% liked)

The Signal messenger and protocol.

1644 readers
8 users here now

https://signal.org/

founded 4 years ago
MODERATORS
 
top 9 comments
sorted by: hot top controversial new old
[–] Rwaterhouse@lemmy.world 35 points 8 months ago (3 children)

Technically true in that Signal does not yet use PQC for forward secrecy. Meredith Whittaker has a good statement on it here:

https://mastodon.world/@Mer__edith/111975543824684264

[–] WolfLink@lemmy.ml 27 points 8 months ago (1 children)

TLDR Signal made a decision that has different tradeoffs and is waiting for the tech to improve before taking the step Apple did.

All of these updates are extremely cutting edge and PQC tech is not matured, so both Signal and Apple implementing it now is mostly a marketing move.

In Apple’s press release, they mention they use a combination of the new PQC “Kyber Crystals” algorithm and the existing standard “ECDSA” algorithm. This is because Kyber is is too new and hasn’t stood the test of time yet. Apple doesn’t want to trust it fully because someone could come discover a vulnerability.

Even if it is motivated by marketing, it’s good that these companies are competing in this space because it drives the tech forward, and it’s good that they are working on including PQC now even though the tech is immature, because the goal is to protect against attacks involving storing encrypted data now and decrypting it later once quantum computers are more mature.

[–] otter@lemmy.ca 7 points 8 months ago (1 children)

In Apple’s press release, they mention they use a combination of the new PQC “Kyber Crystals” algorithm and the existing standard “ECDSA” algorithm

Wait what?

https://starwars.fandom.com/wiki/Kyber_crystal

[–] WolfLink@lemmy.ml 17 points 8 months ago* (last edited 8 months ago) (1 children)

Yep! Researchers are nerds. The state-of-the art PQC asymmetric encryption algorithm is named after Star Wars Kyber Crystals, and the same group released a digital signature algorithm based on the same underlying math named after Star Trek Dilithium Crystals.

A press release.

The research group’s website.

Wikipedia

[–] otter@lemmy.ca 3 points 8 months ago

Super cool, thanks!

[–] unexposedhazard@discuss.tchncs.de 16 points 8 months ago

Does claiming "my encryption is magically unbreakable" make your encryption unbreakable? No. So dont give companies the benefit of the doubt on these kinds of things. If its actually so secure that they dont have to worry about it, they could prove it by releasing their code. Dont just believe things companies say, especially when the claim benefits them monetarily.

[–] satanmat@lemmy.world 3 points 8 months ago

You just put quantum in front of everything don’t you?

/s

[–] Timely_Jellyfish_2077@programming.dev 3 points 8 months ago (1 children)
[–] ursakhiin@beehaw.org 1 points 8 months ago

Difficult to say which is better. This particular blog post is from Apple themselves. You'll want to wait until some 3rd party is able to do an audit and compare them.