Signal Protocol’s latest upgrade introduces SPQR, a triple-ratchet design that aims to preserve forward secrecy even as quantum computers loom on the horizon.
The update creates a seamless blend of a quantum-safe key-exchange mechanism and the existing Double Ratchet, incorporating PQXDH to ensure the handshake remains secure in a post-quantum world.
Key material now includes ML-KEM-768, a module-lattice-based key-encapsulation mechanism derived from CRYSTALS-Kyber, which is larger than traditional EC keys and required new strategies to keep messages efficient across asynchronous channels.
To deploy this safely at scale, Signal used erasure coding and chunking to distribute key components across messages, enabling reconstruction even if some packets are lost. The approach was developed with PQShield, AIST, and NYU, and was presented at Eurocrypt 2025.
The broader impact is notable: this design demonstrates how a major messaging protocol can advance post-quantum readiness while providing real-world performance considerations, offering a blueprint for other security protocols facing the cryptocalypse.
Signal notes that many TLS connections remain vulnerable and adoption of quantum-resistant TLS remains uneven, underscoring why proactive upgrades like SPQR are crucial for long-term security.
