Comms app Signal adds quantum-proof encryption protocol layer

The free, popular Signal communications app will add quantum-resistant encryption to its messaging system, aiming to protect conversations from future decryption by powerful quantum computers.

The end-to-end encrypted messaging service is introducing a new layer called SPQR, or Sparse Post Quantum Ratchet, which works alongside its existing Double Ratchet protocol.

In a ratcheting model, encryption keys evolve forward but can never be reversed.

As the protocol ratchets forward, attackers cannot decrypt past and future messages even in cases of successful hacks.

The goal is to safeguard Signal’s key features such as forward secrecy and post-compromise security, ensuring they hold up even in a post-quantum world, the organisation's staffers Graeme Connell and Rolfe Schmidt wrote in a technical blog post.

At present, Signal relies on elliptic curve cryptography to secure messages sent by users.

This method remains robust against any computer available today, but quantum machines operating at sufficient scale could one day break those protections.

The concern is not merely theoretical, and intelligence agencies and data harvesters could collect encrypted data now and decrypt it later once quantum technology matures, a risk known as “harvest now, decrypt later.”

Signal wants to upgrade its messaging protocol without further burdening users or networks.

Quantum-safe encryption methods typically require far larger keys, sometimes more than a 1000 bytes compared with just 32 bytes for elliptic curve systems, which can quickly add up for mobile users.

Signal’s engineers found a way around this using erasure codes that split large keys into smaller chunks and send them gradually alongside normal messages.

This approach keeps data usage low while ensuring resilience.

Even if some packets are lost or blocked, the protocol can reconstruct the keys from whichever chunks do arrive.

It also prevents attackers from silently disabling quantum protection without triggering a visible failure.

Rather than replacing the existing double ratchet, Signal is layering SPQR on top of it becoming effectively a “triple ratchet” model.

Such a hybrid design means an attacker would need to defeat both the elliptic curve system and the quantum-safe algorithm known as ML-KEM (module lattice-based key encapsulation mechanism) to gain any advantage.

The system also downgrades automatically when a user messages someone whose app has not yet been updated, ensuring full compatibility during the rollout.

Once every client supports SPQR, Signal plans to make the upgrade mandatory for all sessions.

The company has taken an unusually rigorous approach to proving the protocol’s correctness, working with researchers from PQShield (a British quantum-safe cryptography company), AIST (Japan’s National Institute of Advanced Industrial Science and Technology), and New York University.

Signal published its work at the Eurocrypt 2025 and USENIX Security 2025 conferences.

It also partnered with verification specialists Cryspen to ensure mathematical soundness through formal verification.

In terms of development effort, the mathematical proofs are run automatically when code is submitted to the project.

"We re-run formal verification in our continuous integration pipeline every time a developer pushes a change to GitHub," Signal said.

That process aims to guarantee that the code remains secure and stable as it evolves, rather than relying on a traditional, one-off validation at the end of development.

The rollout will happen gradually across Signal’s user base, with users unlikely to notice the change.

"When it comes to your experience using the app, nothing changes," Connell and Schmidt said.

Meta's WhatsApp uses the Signal Protocol by default while the company's Messenger applies it to the optional Secret Messages feature.

Google's Messages, meanwhile, uses the Signal Protocol for the rich communications services (RCS) texting feature.