Quantum Resistant Messengers

The quantum security related upgrades to [Apple iMessage]([https://security.apple.com/blog/imessage-pq3/](https://security.apple.com/blog/imessage-pq3/)) and the [Signal Protocol]([https://signal.org/blog/pqxdh/](https://signal.org/blog/pqxdh/)), matter as they impact normal people outside of the deep tech ecosystem. > TL;DR: Security changes of this nature are not optional, crucial to get right and will soon be top priority globally across governments, B2B corporates and B2C companies. The security of how we stay connected matters to me as I strongly believe that the freedom to communicate in confidence without eavesdropping and data exploitation should be universally available. ### On why The fundamental backbone of crypto-systems depends on hard problems, strong keys and secure distribution. The mathematical difficulty and computational infeasibility of cracking certain hard problems such as prime integer factorisation (RSA) and the discrete logarithm (ECC) in feasible time is being challenged. It's being challenged by the changing nature of the threat landscape given the rapid advent of new software formulations and the different types of compute machines that they can be run on such as ASICs and quantum computers. This couples existing system security with the pace of algorithmic ingenuity and computational capacity, and still relies on "assumption" as a fundamental basis, which makes it vulnerable. Leading to a cat and mouse race of extending resiliency through finding harder problems (Post Quantum Cryptography), using stronger keys (longer and truly random) and the ultimate, securing the distribution of these keys (Quantum Key Distribution). Post-quantum algorithms are still not well enough studied and there is no complete guarantee that the problems on which they are built will not be solved in the future. This is why it is imperative that the underlying security mechanisms (hardware/software used) in these messengers are as per the appropriate standards (if existing), open-sourced for verification and also vetted by third parties. ### On when So if there is consensus on the "if", when is the "when" that the so called "Harvest Now, Decrypt Later" threat is realised? What's worth throwing light on are the dimensions impacting the timelines. - when potentially a crypt-analytically relevant Quantum Computer is available (US Dept. of Homeland Security says as early as 2030). - the software and hardware innovations that are not in the public and are not being analysed/factored in are “known unknowns” - the migration timelines are expected to be long, some even spanning decades. ### On Who If you have highly valuable/sensitive data (trade secrets, IP, health information, digital assets etc.) or are in a sector where informational arbitrage matters and informational surprise hurts (government, defence, intelligence, etc.), you would rather not rely on wishful thinking or hope that nothing happens. ### On Trust Examining the dynamics of how trust works globally, “super apps” that do more than messaging have greater adoption in the “high trust economies” of the east. They are high trust as in they concentrate dependence on a single brand entity for everything from salt to communications to cars (e.g. Tata Group, Reliance). In the super app world, you can see the deviances in adoption in the east (WeChat/Line) and the west (WhatsApp/Monzo). Given the multi-utility nature of these super apps, their need for enhanced security is stronger. ### On Adoption For a consumer, given the strong stickiness to existing applications, the question of "will my friends also move to this quantum-resistant messenger" is definitely a vital factor impacting the adoption curve, where "critical mass" and Metcalfe's law matter. However, from a B2B perspective, if the transition is made mandatory for risk control and compliance reasons, larger corporate adoption could happen. ### On Price Lastly, if you are lamenting on if you would pay for this. Always remember, if the product you are using is free, then you are the product. We pay for things today, that were free / not a problem / were taken for granted in the past.