#signal To add post‑quantum security, Signal introduced the Sparse Post‑Quantum Ratchet #SPQR , which runs alongside the existing #DoubleRatchet
The protocol now effectively combines three components: the symmetric ratchet, the classical DH ratchet, and the new post‑quantum ratchet (SPQR).
https://pqshield.com/diving-into-signals-new-pq-protocol/
https://blog.quarkslab.com/triple-threat-signals-ratchet-goes-post-quantum.html
We are excited to announce a significant advancement in the security of the Signal Protocol: the introduction of the Sparse Post Quantum Ratchet (SPQR). This new ratchet enhances the Signal Protocol’s resilience against future quantum computing threats while maintaining our existing security guar...
OH: "Ein Ratschen-Zwischenbescheid"
Wird es dann auch bei dem Messenger SimpleX Chat integriert, wenn es wirklich so gut und bewiesen ist?
Is it also integrated with the Messenger SimpleX Chat when it is really so good and proven?
Hashtags:
#Signal #SimpleXChat #Messenger #Sicherheit #doubleratchet #Quantencomputer
#Signal Braces For #Quantum Age With #SPQR #Encryption Upgrade - Slashdot
Signal has introduced the #SparsePostQuantumRatchet (SPQR), a new upgrade to its #encryption protocol that mixes quantum safe #cryptography into its existing #DoubleRatchet. The result, which Signal calls the #TripleRatchet , makes it much harder for even future quantum computers to break private chats.
#privacy #security
BrianFagioli shares a report from NERDS.xyz: Signal has introduced the Sparse Post Quantum Ratchet (SPQR), a new upgrade to its encryption protocol that mixes quantum safe cryptography into its existing Double Ratchet. The result, which Signal calls the Triple Ratchet, makes it much harder for even ...
this is interesting, according to Cremers et al, post-compromise security in signal (double-ratchet) and other protocols is impossible due to be in direct conflict with UX, and thus we can throw out a lof of complexity from the protocols if we want to maintain the UX....
Modern secure communication systems, such as iMessage, WhatsApp, and Signal include intricate mechanisms that aim to achieve very strong security properties. These mechanisms typically involve continuously merging in new fresh secrets into the keying material, which is used to encrypt messages during communications. In the literature, these mechanisms have been proven to achieve forms of Post Compromise Security (PCS): the ability to provide communication security even if the full state of a party was compromised some time in the past. However, recent work has shown these proofs do not transfer to the end-user level, possibly because of usability concerns. This has raised the question of whether end-users can actually obtain PCS or not, and under which conditions. Here we show and formally prove that communication systems that need to be resilient against certain types of state loss (which can occur in practice) fundamentally cannot achieve full PCS for end-users. Whereas previous work showed that the Signal messenger did not achieve this with its current session-management layer, we isolate the exact conditions that cause this failure, and why this cannot be simply solved in communication systems by implementing a different session-management layer or an entirely different protocol. Moreover, we clarify the trade-off of the maximum number of sessions between two users (40 in Signal) in terms of failure-resilience versus security. Our results have direct consequences for the design of future secure communication systems, and could motivate either the simplification of redundant mechanisms, or the improvement of session-management designs to provide better security trade-offs with respect to state loss/failure tolerance.
@adlerweb @jwildeboer @EU_Commission Actually, I'd prefer work on enabling an alternative to mail. Even S/MIME mail is shit (no forward secrecy, a lot of metadata, limited e2e, lacking key rotation, ...).
I'd like to see someone build #federation around #Zulip and optionally add some E2E like #Signal 's #doubleratchet encryption onto it.
Build a bridge from and to legacy mail and then phase out each mail system one by one.
#XMPP is not #e2ee encrypted unless you add something like #OMEMO. In practice, not all XMPP clients that implement OMEMO get the key exchange and trust settings right in a reliable and user-friendly way.
#Matrix has something like OMEMO built in.
Initial work for adding a very similar #doubleRatchet based encryption to Mastodon DMs has started, but I am not sure about the current status.
@realcaseyrollins
Signal does claim to be open but if memory serves, build is not-reproducible and #phoneNumbers as identifiers make it a poor choice, in our estimation, there are other #XMPP with #DoubleRatchet/#OMEMO.
The reason many clamour to get high on a broken ladder is unlikely to be explained in clear or encrypted text. That's what #subtext is for.
Vodozemac, https://github.com/matrix-org/vodozemac/.
Vodozemac is a Rust implementation of the Olm and Megolm algorithms.
Olm: https://gitlab.matrix.org/matrix-org/olm/-/blob/master/docs/olm.md
Megolm: https://gitlab.matrix.org/matrix-org/olm/-/blob/master/docs/megolm.md
Oh. It compiles to Wasm.
#matrix #encryption #doubleratchet #cryptography #rustlang #webassembly
🐦🔥nemo™🐦⬛ 🇺🇦🍉
fluxx
Eleazar 🇮🇱📖🇩🇪
PrivacyDigest
pacpac
stf
lj·rk
Christian Pietsch (old acct.)
Dick Smiths Fair Go Supporters
Ivan Enderlin 🦀