The PQXDH specification is designed as an added layer of protection
Many people have caught onto the benefits of end-to-end encryption for instant messaging. As it grows in popularity, companies are beginning to integrate it into their products to provide the option. For example, Meta's WhatsApp is known for its end-to-end encryption, and the feature is slowly being rolled out for Instagram as well. However, not everyone is sold on end-to-end encryption features developed by tech giants like Apple and Meta. If you prefer to use Signal, the independent encrypted messaging service, you may have a bit more peace of mind. Now, Signal is expanding upon the security it offers its users with the development of a protective measure for the future.
Signal mentions on its blog that it's created a new specification called PQXDH, an added layer of protection against future computers that could surpass encryption. Specifically, Signal is attempting to create a barrier that quantum computers will not be able to break in the future. PQXDH will be a second security measure on top of Signal's elliptic curve key agreement protocol.
In layman’s terms, the developers of Signal believe that it’s only a matter of time before a quantum computer is created with the power to break encrypted messages. While some experts believe that it could take decades, the middle ground has been narrowed down to the next 5 to 10 years. The creation of PQXDH essentially forces these computers to break through an extra security measure to access encrypted messages. Signal intends to eventually upgrade existing chats within the app to the PQXDH specification.
Signal has received several updates to sustain privacy and security since it was initially launched. In 2022, it phased out support for SMS, to the dismay of some of its users. The developers backed their decision by claiming they lacked the ability to guarantee full privacy of SMS messages. Unlike end-to-end encrypted messages, SMS messages leave a paper trail with mobile network providers. They are also known to leak metadata and other critical information, and you may be charged for sending them without your knowledge.
While there isn’t anything inherently wrong with using a non-encrypted instant messaging app, it’s worth knowing the risks of doing so before you strike up another conversation. It may be seemingly easier to default to SMS, for example, but opting for an end-to-end encrypted alternative can give you peace of mind. Knowing that you’re significantly reducing the risk of data leakage by leveraging a service like Signal can save you a headache in the future — even if it’s just in relation to SMS charges on your monthly bill.
Krystle Vermes is a Boston-based news writer for Android Police. She has more than a decade of experience as a journalist in industries ranging from technology to health. You can learn more about her work at krystlevermes.com.