KeeJef
commented
2 years ago We're following the space here, but there is still significant research ongoing. Many schemes right now have much larger key sizes, signature sizes or are computationally more expensive to prove or verify signatures when compared with ECC. We don't want to overhaul the Session protocol just to have to change it again if a more effective scheme is found, so we are waiting for now.
Code of conduct
For as great as the signal protocol is, it is not PQ safe. I'm sure that Signal's developers will be moving towards implementing PQ algorithms within the Signal protocol soon, however it'd be nice if you beat them to it.
Here's a paper explaining the issues with the Signal protocol (as it pertains to quantum) and how to make the signal protocol PQ safe: https://essay.utwente.nl/77239/1/Duits_MA_EEMCS.pdf
It's a little outdated however, and they did not single out any one particular NIST algorithm (as they had yet to be selected) however since then NIST has released finalists for use in PQ environments: https://csrc.nist.gov/projects/post-quantum-cryptography/selected-algorithms-2022
I recognize that this likely will not be an issue for a long time, however I'm sure that there are individuals using session who may be doing so at grave risk to themselves or others, and the sooner PQ is implemented the sooner those people have the peace of mind that their messages cannot be read in the future.