Signal Protocol Updated to Resist Quantum Computing Attacks

Signal has announced Signal Protocol v4, a major update to its end-to-end encryption protocol that integrates NIST-approved post-quantum cryptographic algorithms to protect messages against future quantum computing threats while maintaining the protocol's strong forward secrecy properties.

The updated protocol replaces the X3DH key agreement with a hybrid scheme combining X25519 (classical elliptic curve) and ML-KEM-1024 (post-quantum lattice-based). The Double Ratchet algorithm has been enhanced to incorporate post-quantum key encapsulation at every ratchet step.

Signal's head of engineering, Ehren Kret, explained: "Our threat model now explicitly includes adversaries who are collecting encrypted messages today with the intent to decrypt them once cryptographically relevant quantum computers become available. The protocol update ensures that even messages sent today will remain confidential indefinitely."

The update is transparent to users and has been rolling out to all Signal clients (iOS, Android, Desktop) over the past two weeks. Message sizes increase by approximately 1.2KB per message due to the larger post-quantum key material, but Signal has implemented compression to minimize the impact on bandwidth.

WhatsApp and Google Messages, which also use the Signal Protocol, are expected to adopt the v4 update in the coming months. Matrix/Element and Wire have announced plans to implement compatible post-quantum upgrades to their own protocols.