Article
Cyber Security

Zoom Prepares for Quantum World with Post-Quantum Encryption

By Kristian McCann
May 22, 2024
undefined mins
This move comes as the cybersecurity landscape faces an unprecedented challenge from the rapidly advancing field of quantum technology
Zoom is preparing for the advent of the quantum-computing world with post-quantum end-to-end encryption that can resist hacks trying to decrypt its data

Leading video conferencing platform Zoom has announced its plans to implement post-quantum encryption to its suite of offerings, becoming the first UCaaS company to offer a post-quantum end-to-end encryption (E2EE) solution for video conferencing.

Post-quantum E2EE is now available worldwide for Zoom Workplace, specifically Zoom Meetings, and Zoom Phone and Zoom Rooms due to get it soon. 

When users enable E2EE for their meetings, Zoom’s system is designed to provide only the participants with access to the encryption keys that are used to encrypt the meeting; this is the behaviour for both post-quantum E2EE and standard E2EE. 

“Since we launched end-to-end encryption for Zoom Meetings in 2020 and Zoom Phone in 2022, we have seen customers increasingly use the feature, which demonstrates how important it is for us to offer our customers a secure platform that meets their unique needs,”  Michael Adams, Chief Information Security Officer at Zoom said following the announcement.

"With the launch of post-quantum E2EE,  we are doubling down on security and providing leading-edge features for users to help protect their data. At Zoom, we continuously adapt as the security threat landscape evolves, with the goal of keeping our users protected.”

Zoom’s servers do not have the necessary decryption key, encrypted data relayed through Zoom’s servers is therefore indecipherable.

Equally, to defend against any “harvest now, decrypt later” attacks, post-quantum E2E encryption that Zoom employs uses Kyber 768, an algorithm being standardised by the National Institute of Standards and Technology as the Module Lattice-based Key Encapsulation Mechanism, or ML-KEM, in FIPS 203.

This move comes as the cybersecurity landscape faces an unprecedented challenge from the rapidly advancing field of quantum technology.

Youtube Placeholder

What the worry is

Post-quantum encryption is a proactive approach to safeguarding digital communications from the potential of quantum computers to break traditional encryption methods. 

Unlike classical computers, which process information in binary bits (0s and 1s), quantum computers harness the principles of quantum mechanics to perform calculations using quantum bits or "qubits." These qubits can exist in multiple states simultaneously, allowing quantum computers to perform certain calculations exponentially faster than classical computers.

The power of quantum computing therefore poses a significant risk to current encryption protocols, which rely on the computational difficulty of factoring large numbers or solving complex mathematical problems. Quantum computers, with their ability to perform parallel computations and leveraging quantum algorithms, such as Shor's algorithm, allow it to efficiently factor large numbers and solve these problems, effectively breaking the encryption. 

Post-quantum cryptography algorithms, such as lattice-based and hash-based cryptography, are designed to be resistant to attacks from both classical and quantum computers, by relying on mathematical problems believed to be intractable for quantum computers, differing from traditional encryption methods like RSA and elliptic curve cryptography vulnerable to quantum attacks.

Although not there yet, this growing potential threat posed by quantum computing has not gone unnoticed by industry. 

Industry interest in quantum

Tech giant Microsoft is advising organisations to begin preparing for potential cyberattacks based on quantum technology. 

Honeywell, a company involved in the securing of critical infrastructure like utilities, has recognised the threat and become the first to integrate quantum-computing-hardened encryption keys into smart meters for gas, water, and electric utilities.

This vulnerability extends beyond just data encryption; it also threatens the security of digital signatures, being able to potentially forge digital signatures and compromise the integrity of critical systems and enable mass-scale identity theft and financial fraud.

Although, like AI in cybersecurity, quantum is not all doom and gloom. The computational power of quantum computers has the very same Microsoft, who warned about its dangers, make plays to expand its presence in the field as a way to fuel their AI ambitions.

While the full realisation of a "cryptographically relevant" quantum computer capable of breaking current encryption methods is still years away, Zoom’s move highlights, and others believe, that the time to prepare is now.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

QuantumEncryptionZoom
Share
Share
Author
Kristian McCann

Featured Articles

Microsoft Giving Cybersecurity Boost to Rural US Hospitals

Microsoft is giving rural hospitals a hand to help them get their cybersecurity up to snuff to keep them running amid the rising attacks on healthcare

Outpost24 Webinar to Show How CTEM Can Enhance Cybersecurity

Outpost24's webinar will provide actionable insights for attendees looking to implement Continuous Threat Exposure Management into their security strategy

Why Cato Networks' MSASE Gives Channel Partners Vendor Power

SASE has become a critical component for enterprises, driven by increasingly complex network environments, but it has its its own issues to content with

ManageEngine’s Arun Kumar Talks the Threat of Mobile Malware

Hacking & Malware

SpiceRAT: Cisco Talos Sound Alarm Over New Trojan

Hacking & Malware

CrowdStrike & HPE: Unifying IT and Security for Secure AI

Technology & AI