Toggle menu
Toggle personal menu
Not logged in
Your IP address will be publicly visible if you make any edits.

PQXDH

From the unofficial Signal Wiki

PQXDH ("Post-Quantum Extended Diffie-Hellman") is the latest iteration of Signal's Key-agreement protocol. It is an extension of the previous protocol, X3DH, itself an extension of the Diffie–Hellman key exchange from 1977. It is designed to be resistant to attacks from quantum computers, which it achieves by using CRYSTALS-Kyber, the mechanism that won the NIST Post-Quantum Cryptography Standardization competition.

The white paper for PQXDH was published on May 2023,[1] with a blog post announcing its implementation following in September.[2]

PQXDH has already been implemented in the latest versions of the clients. Once all clients not supporting PQXDH have expired, the old X3DH will be disabled and PQXDH will be required for all new chats. Furthermore, Signal plans to roll out updates to update existing chats to PQXDH.[2]

During a formal verification process, a few minor issues were found with the protocol.[3] In October 2023, a second revision of the protocol was published, addressing these issues.[1] Formal analysis of the second revision found these issues to be resolved and proved "all the desired security properties of the protocol".[3]

Implementation details[edit | edit source]

In addition to the regular "one-time" pre-keys both Curve25519 and Kyber each have, for Kyber there is also one "last-resort pre-key". Unlike regular pre-keys, this pre-key doesn't get discarded when used, so that it's always available to use if all of the regular Kyber pre-keys have been used up.[4]

References[edit | edit source]

  1. 1.0 1.1 Ehren Kret, Rolfe Schmidt, The PQXDH Key Agreement Protocol, Revision 1, 2023-05-24, Revision 2, 2023-10-18, Revision 3, 2024-01-23
  2. 2.0 2.1 ehrenkret, Quantum Resistance and the Signal Protocol, 2023-09-19
  3. 3.0 3.1 Karthikeyan Bhargavan, Charlie Jacomme, Franziskus Kiefer, Rolfe Schmidt, An Analysis of Signal's PQXDH. Cryspen Blog, 20 October 2023.
  4. comment by jrose-signal in issue 547
Cookies help us deliver our services. By using our services, you agree to our use of cookies.