Zoom adds ‘post-quantum’ encryption for video nattering

Zoom has rolled out what it claims is post-quantum end-to-end encryption (E2EE) for video conferencing, saying it will make it available for Phone and Rooms “soon.”

This, Zoom explains, makes it “the first UCaaS company to offer a post-quantum E2EE solution for video conferencing.” That’s unified communications as a service.

And by post-quantum, the biz means it will encrypt calls and other data so that they are resistant to being forcibly decrypted by some future super-powerful quantum computer that can undo today and yesterday’s cryptography; said computers are typically always just 10 years away from being practical and powered up.

The video call giant added E2EE for Zoom Meetings in 2020 and its phone service two years later. Today’s upgrade uses Kyber 768, a quantum-resistant key encapsulation mechanism (KEM) to ideally help keep data safe during meetings from future qubit-based machines.

To enable E2EE, all meeting participants must join from the Zoom desktop or mobile app. While those hosting a meeting on a free account can use E2EE, they will still need to verify their phone number via an SMS-delivered code.

Once enabled, meeting participants will receive access to the encryption keys, which aren’t stored on Zoom’s servers, a move that should ensure that data traveling through servers is indecipherable.

Zoom does warn that “while E2EE provides added security, some Zoom functionality is limited. Individual Zoom users should determine whether they need these features before enabling E2EE in their meetings.”

Kyber 768 is in the process of being standardized by America’s National Institute of Standards and Technology (NIST) as the snappily titled Module Lattice-based Key Encapsulation Mechanism, or ML-KEM, in FIPS 203. 

This algorithm was among the first encryption tools to get NIST approval to protect privacy in a post-quantum world — as we said, a hypothetical point in the future when quantum computers may be able to crack traditional encryption methods.

While the technology, and general availability of quantum machines isn’t there yet, the worry is that government spies are already collecting people’s E2EE data for so-called “harvest now, decrypt later” surveillance programs.

To help mitigate this threat, various developers and tech companies are beginning to use quantum-resistant algorithms. 

For example, earlier this year Apple said it will update the cryptographic protocol used by iMessage to protect chats from quantum computers. And last fall, Signal added support for the PQXDH protocol, which establishes a post-quantum cryptographic key for encryption. ®

READ MORE HERE