Zoom Leads with Post-Quantum Encryption Amid Quantum Threat
As quantum computers become increasingly powerful, they threaten to render many of the encryption algorithms we rely on today obsolete, leaving our data vulnerable to sophisticated attacks.
It is this impending quantum threat that has prompted leading video conferencing platform Zoom to take a proactive stance, becoming the first Unified Communications as a Service (UCaaS) company to offer a post-quantum end-to-end encryption (E2EE) solution for video conferencing. This pioneering move underscores the urgency for organisations to rethink their encryption strategies and prepare for a post-quantum era.
Zoom's implementation of post-quantum E2EE is now available worldwide for Zoom Workplace, specifically Zoom Meetings, with Zoom Phone and Zoom Rooms set to follow suit in the near future. When users enable E2EE for their meetings, Zoom's system is designed to provide only the participants with access to the encryption keys used to encrypt the meeting, ensuring that both post-quantum E2EE and standard E2EE adhere to this security principle.
"Since we launched end-to-end encryption for Zoom Meetings in 2020 and Zoom Phone in 2022, we have seen customers increasingly use the feature, which demonstrates how important it is for us to offer our customers a secure platform that meets their unique needs," said Michael Adams, Chief Information Security Officer at Zoom. "With the launch of post-quantum E2EE, we are doubling down on security and providing leading-edge features for users to help protect their data. At Zoom, we continuously adapt as the security threat landscape evolves, with the goal of keeping our users protected."
Zoom's servers do not possess the necessary decryption keys, rendering any encrypted data relayed through their servers indecipherable. Furthermore, to defend against the threat of "harvest now, decrypt later" attacks, the post-quantum E2E encryption employed by Zoom utilises Kyber 768, an algorithm being standardised by the National Institute of Standards and Technology as the Module Lattice-based Key Encapsulation Mechanism, or ML-KEM, in FIPS 203.
This move comes as the cybersecurity landscape faces an unprecedented challenge from the rapidly advancing field of quantum technology.
What the worry is
Post-quantum encryption is a proactive approach to safeguarding digital communications from the potential of quantum computers to break traditional encryption methods.
Unlike classical computers, which process information in binary bits (0s and 1s), quantum computers harness the principles of quantum mechanics to perform calculations using quantum bits or "qubits." These qubits can exist in multiple states simultaneously, allowing quantum computers to perform certain calculations exponentially faster than classical computers.
The power of quantum computing therefore poses a significant risk to current encryption protocols, which rely on the computational difficulty of factoring large numbers or solving complex mathematical problems. Quantum computers, with their ability to perform parallel computations and leveraging quantum algorithms, such as Shor's algorithm, allow it to efficiently factor large numbers and solve these problems, effectively breaking the encryption.
Post-quantum cryptography algorithms, such as lattice-based and hash-based cryptography, are designed to be resistant to attacks from both classical and quantum computers, by relying on mathematical problems believed to be intractable for quantum computers, differing from traditional encryption methods like RSA and elliptic curve cryptography vulnerable to quantum attacks.
Although not there yet, this growing potential threat posed by quantum computing has not gone unnoticed by industry.
Industry interest in quantum
Tech giant Microsoft is advising organisations to begin preparing for potential cyberattacks based on quantum technology.
Honeywell, a company involved in the securing of critical infrastructure like utilities, has recognised the threat and become the first to integrate quantum-computing-hardened encryption keys into smart meters for gas, water, and electric utilities.
This vulnerability extends beyond just data encryption; it also threatens the security of digital signatures, being able to potentially forge digital signatures and compromise the integrity of critical systems and enable mass-scale identity theft and financial fraud.
Although, like AI in cybersecurity, quantum is not all doom and gloom. The computational power of quantum computers has the very same Microsoft, who warned about its dangers, make plays to expand its presence in the field as a way to fuel their AI ambitions.
While the full realisation of a "cryptographically relevant" quantum computer capable of breaking current encryption methods is still years away, Zoom’s move highlights, and others believe, that the time to prepare is now.
******
Make sure you check out the latest edition of Technology Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Technology Magazine is a BizClik brand