Signal’s Post-Quantum Cryptographic Implementation
好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内。首先,我得仔细阅读文章,理解主要信息。 文章标题是Signal的后量子密码实现。看起来Signal推出了一个量子安全的加密方案。接着,Ars Technica的文章详细说明了Signal的技术细节。他们没有简单地将KEM添加到现有的双重棘轮中,而是引入了一个新的棘轮系统,称为SPQR。 SPQR是与PQShield、AIST和纽约大学合作设计的。这个系统通过结合经典双重棘轮和新的量子安全棘轮,生成混合加密密钥。这样即使其中一个系统被破解,另一个仍然能保护消息安全。 用户的要求是用中文总结,不超过100字,并且不要以“文章内容总结”这样的开头。我需要抓住关键点:Signal推出量子安全加密、引入SPQR、结合双重棘轮和新棘轮、增强安全性。 现在组织语言:Signal推出量子安全加密方案,采用新设计的SPQR棘轮,结合经典双重棘轮和新棘轮生成混合密钥,增强安全性。 检查字数:刚好在100字以内。确保信息准确且简洁。 </think> Signal 推出量子安全加密方案,采用新设计的 Sparse Post Quantum Ratchet(SPQR),结合经典双重棘轮与新棘轮生成混合密钥,增强安全性。 2025-10-29 11:9:57 Author: www.schneier.com(查看原文) 阅读量:9 收藏

Signal’s Post-Quantum Cryptographic Implementation

Signal has just rolled out its quantum-safe cryptographic implementation.

Ars Technica has a really good article with details:

Ultimately, the architects settled on a creative solution. Rather than bolt KEM onto the existing double ratchet, they allowed it to remain more or less the same as it had been. Then they used the new quantum-safe ratchet to implement a parallel secure messaging system.

Now, when the protocol encrypts a message, it sources encryption keys from both the classic Double Ratchet and the new ratchet. It then mixes the two keys together (using a cryptographic key derivation function) to get a new encryption key that has all of the security of the classical Double Ratchet but now has quantum security, too.

The Signal engineers have given this third ratchet the formal name: Sparse Post Quantum Ratchet, or SPQR for short. The third ratchet was designed in collaboration with PQShield, AIST, and New York University. The developers presented the erasure-code-based chunking and the high-level Triple Ratchet design at the Eurocrypt 2025 conference. At the Usenix 25 conference, they discussed the six options they considered for adding quantum-safe forward secrecy and post-compromise security and why SPQR and one other stood out. Presentations at the NIST PQC Standardization Conference and the Cryptographic Applications Workshop explain the details of chunking, the design challenges, and how the protocol had to be adapted to use the standardized ML-KEM.

Jacomme further observed:

The final thing interesting for the triple ratchet is that it nicely combines the best of both worlds. Between two users, you have a classical DH-based ratchet going on one side, and fully independently, a KEM-based ratchet is going on. Then, whenever you need to encrypt something, you get a key from both, and mix it up to get the actual encryption key. So, even if one ratchet is fully broken, be it because there is now a quantum computer, or because somebody manages to break either elliptic curves or ML-KEM, or because the implementation of one is flawed, or…, the Signal message will still be protected by the second ratchet. In a sense, this update can be seen, of course simplifying, as doubling the security of the ratchet part of Signal, and is a cool thing even for people that don’t care about quantum computers.

Also read this post on X.

Tags: , , ,

Posted on October 29, 2025 at 7:09 AM0 Comments

Sidebar photo of Bruce Schneier by Joe MacInnis.


文章来源: https://www.schneier.com/blog/archives/2025/10/signals-post-quantum-cryptographic-implementation.html
如有侵权请联系:admin#unsafe.sh