session-foundation / session-ios

A private messenger for iOS.
https://getsession.org
GNU General Public License v3.0
3 stars 1 forks source link

Post Quantum Cryptography #129

Open awesomepandapig opened 2 years ago

awesomepandapig commented 2 years ago

Code of conduct

For as great as the signal protocol is, it is not PQ safe. I'm sure that Signal's developers will be moving towards implementing PQ algorithms within the Signal protocol soon, however it'd be nice if you beat them to it.

Here's a paper explaining the issues with the Signal protocol (as it pertains to quantum) and how to make the signal protocol PQ safe: https://essay.utwente.nl/77239/1/Duits_MA_EEMCS.pdf

It's a little outdated however, and they did not single out any one particular NIST algorithm (as they had yet to be selected) however since then NIST has released finalists for use in PQ environments: https://csrc.nist.gov/projects/post-quantum-cryptography/selected-algorithms-2022

I recognize that this likely will not be an issue for a long time, however I'm sure that there are individuals using session who may be doing so at grave risk to themselves or others, and the sooner PQ is implemented the sooner those people have the peace of mind that their messages cannot be read in the future.

KeeJef commented 2 years ago

We're following the space here, but there is still significant research ongoing. Many schemes right now have much larger key sizes, signature sizes or are computationally more expensive to prove or verify signatures when compared with ECC. We don't want to overhaul the Session protocol just to have to change it again if a more effective scheme is found, so we are waiting for now.