Zoom Announces Post-Quantum End-to-End Encryption for Meetings

Zoom, the popular video conferencing platform, has announced that it will be adding extra security to its meetings. This change is meant to protect users’ private information from potential threats posed by advanced quantum computers.

Zoom’s engineering team has been working hard to create a strong encryption solution that can protect data from powerful quantum computers.

EHA

By using advanced algorithms and protocols, Zoom has added extra security to its platform, ensuring that meeting data remains private and safe, even in the future when quantum computers become more powerful.

Zoom is being proactive by introducing post-quantum E2EE to address concerns about quantum computing’s potential impact on cybersecurity.

While quantum computers are still in the early stages of development, experts predict that they could eventually break traditional encryption methods. This could leave sensitive data vulnerable to interception and decryption.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

“Since we launched end-to-end encryption for Zoom Meetings in 2020 and Zoom Phone in 2022, we have seen customers increasingly use the feature, which demonstrates how important it is for us to offer our customers a secure platform that meets their unique needs,”  said Michael Adams, chief information security officer at Zoom. 

Zoom’s end-to-end encryption uses advanced techniques to keep your meetings private and secure, even in the future when quantum computers become more powerful. These techniques are very secure and protect your meetings from potential attacks.

Zoom will gradually introduce post-quantum end-to-end encryption (E2EE), starting as an optional feature for users who need maximum security. The company will make this feature more widely available over the next few months as it improves and perfects its implementation.

Zoom cares deeply about user privacy and security. Their new post-quantum E2EE feature shows their commitment to protecting user data during virtual meetings.

This proactive approach sets a new standard for the industry as businesses and individuals rely more on virtual communication and collaboration.

How Does post-quantum end-to-end Encryption Work?

Post-quantum end-to-end encryption works by using cryptographic algorithms that are believed to be secure against attacks by both classical and quantum computers. Here’s a high-level overview of how it works:

  1. Key generation: The sender and receiver each generate a pair of public and private keys using a post-quantum cryptographic algorithm, such as one based on lattices, codes, or multivariate equations. These algorithms are designed to be resistant to attacks by quantum computers using Shor’s algorithm or other quantum algorithms[1][2][7].
  2. Key exchange: The sender obtains the receiver’s public key. This can be done by the receiver sending their public key to the sender over an insecure channel, or by retrieving it from a trusted key server. The public key is used for encryption, while the private key is kept secret by the receiver and used for decryption[19].
  3. Encryption: The sender uses the receiver’s public key and a post-quantum encryption algorithm to encrypt the message or data. The encrypted data can then be securely transmitted over an insecure network[19].
  4. Decryption: The receiver uses their private key and the post-quantum algorithm to decrypt the encrypted data back into its original form. Due to the properties of the post-quantum algorithm, only the receiver’s private key can decrypt the data[19].
  5. Forward secrecy: Some post-quantum key exchange protocols like the ones based on Ring-LWE or supersingular isogenies can provide forward secrecy, meaning that even if a private key is later compromised, previously encrypted data cannot be decrypted[7].

The specific post-quantum algorithms used can vary. Some of the most prominent ones currently being standardized by NIST include:

  • Lattice-based schemes like Kyber and NTRU for general encryption
  • Code-based schemes like Classic McEliece
  • Hash-based signatures like SPHINCS+
  • Zero-knowledge proof schemes like Picnic

By using larger key sizes and different mathematical problems that are hard even for quantum computers, post-quantum encryption aims to maintain the end-to-end encryption security model in the face of future quantum attacks. However, the field is still evolving and the long-term security of these schemes against quantum computers is an active area of research and standardization.

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.