The Messenger Signal has presented a new key exchange protocol for its communication service. “SPQR” is also said to protect messages from attackers with quantum computers and complements the Double Ratchet procedure established by Signal by a third component, which is why the developers are now speaking of “Triple Ratchet”.
SPQR does not stand for the Senate and the people of Rome, but for “Sparse Post-Quantum Ratchet”. Post-quantum procedure is cryptographic protocols that can carry out conventional computers, but-according to the current state of science-can not be cracked by quantum computers. Currently there are no quantum computers that have to begin to attack usual encryption and signature processes. But one is afraid of “Harvest Now, Decrypt Later” attacks. Encrypted data could be cut today to decrypt it in the future when (and if) quantum computers are available.
Signal has been using the PQXDH post quantum protocol (post quantum extended diffie-hellman) for a long time, but this only serves to initiate key exchange when starting a conversation. SPQR, on the other hand, creates new keys in ongoing communication, similar to the two existing “Ratchets”, which, however, are not safe from quantum computers.
Protection before and after the accident
These “ratchets” are components of the protocol that can only be symbolized in one direction: Chat participants can thus constantly generate new keys, but no conclusions can be drawn from older keys. As a result, attackers in the past cannot deciphered the cipher, even if they compromise one (or both) chat partners and capture the current secret keys; A property that is called “Forward Secrecy”.
Signals also offer ratchet ratchets “Post-Compromise Security”: Because the devices of interlocutors negotiate keys interactively, communication can recover from the compromising of the chat participants and safely encrypted future messages. The attacker flies out of the line, so to speak, as long as he has no permanent access to the keys of the devices concerned. Such self -healing after temporary compromising is relevant, among other things, when attackers captured backups. These give you access to the keys used at the backup time. This allows you to decipher some of the messages you have recorded, even if the messages from the chats are deleted and are not included in the backup. But because signals are negotiating new keys to previous “asymmetrical ratchet” and in the future SPQR in the further conversation, the keys captured by the attacker will eventually become obsolete. Then communication is safe again.
Skilful
SPQR does not replace the asymmetrical ratchet, but also comes to it. Among other things, this is due to a hurdle that has a lot of post quantum procedures: their keys are large, in signals fall over a kilobyte. This is not only a lot compared to the 32-byte keys of the classic asymmetrical ratchet, but also a lot compared to the size of a typical text message. Therefore, SPQR does not immediately establish a new key with every direction change of communication (as the classic asymmetrical ratchet does). Instead, SPQR distributes its keys over several messages and thus keeps the overhead low.
However, the protocol does not simply divide the keys into n Parts, but use Erasure codes to encode key fragments. In this way the recipient can use the new key as soon as he n Has received messages with key parts, no matter which one n News are. Attackers cannot prevent new keys by making most messages pass, but for example each n-Te block message.
In one -sided chats in which one interlocutor sends a lot more news than the other, but this division does not solve all the problems: the silent partner hinders quick key changes that the talkative chat could use well. Signal therefore modifies the underlying post quantum procedure ML-KEM 768 so that interlocutors can create and transmit key fragments faster and do not have to wait until they all n Have received fragments of the other person. The resulting incremental procedure names signal “ML-Kem Braid” and has documented it as an own protocol.
Fault -free
In addition, Signal in the blog post on SPQR describes how the protocol is to be distributed: Initial SPQR data sends the messenger in such a way that older signal versions that cannot do anything with it can ignore the data. However, the established news authentication very well captures the data, so that attackers cannot simply remove it and thus keep the chat SPQR-free. New clients allow a downgrade at the beginning of a conversation: If the partner does not speak a SPQR, the protocol is not used. Downgrade attacks that use such behavior wants to avoid signal by downgrading the messenger only allowed at the beginning of a conversation. Once SPQR is activated, it must continue to be used. If SPQR-capable clients have widespread, Signal wants to remove the downgrade option with another update and force SPQR for all chats. Remaining chats without a SPQR should then be archived.
Many more details about the protocol (and some ultimately rejected ideas) are in Signals of detailed blog post for SPQR. Also researchers from the company PQSHIELD that were involved in the development of the protocol, have blogged through their work on SPQR. Signals blog post does not show when exactly SPQR will be available. The developers speak in the present tense of roll-out and the SPQR code can also be found on Githubbut there is obviously no signal release with a SPQR.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.