Zoom Prepares for Quantum World with Post-Quantum Encryption

Zoom is preparing for the advent of the quantum-computing world with post-quantum end-to-end encryption that can resist hacks trying to decrypt its data

Leading video conferencing platform Zoom has announced its plans to implement post-quantum encryption to its suite of offerings, becoming the first UCaaS company to offer a post-quantum end-to-end encryption (E2EE) solution for video conferencing.

Post-quantum E2EE is now available worldwide for Zoom Workplace, specifically Zoom Meetings, and Zoom Phone and Zoom Rooms due to get it soon. 

When users enable E2EE for their meetings, Zoom’s system is designed to provide only the participants with access to the encryption keys that are used to encrypt the meeting; this is the behaviour for both post-quantum E2EE and standard E2EE. 

“Since we launched end-to-end encryption for Zoom Meetings in 2020 and Zoom Phone in 2022, we have seen customers increasingly use the feature, which demonstrates how important it is for us to offer our customers a secure platform that meets their unique needs,”  Michael Adams, Chief Information Security Officer at Zoom said following the announcement.

"With the launch of post-quantum E2EE,  we are doubling down on security and providing leading-edge features for users to help protect their data. At Zoom, we continuously adapt as the security threat landscape evolves, with the goal of keeping our users protected.”

Zoom’s servers do not have the necessary decryption key, encrypted data relayed through Zoom’s servers is therefore indecipherable.

Equally, to defend against any “harvest now, decrypt later” attacks, post-quantum E2E encryption that Zoom employs uses Kyber 768, an algorithm being standardised by the National Institute of Standards and Technology as the Module Lattice-based Key Encapsulation Mechanism, or ML-KEM, in FIPS 203.

This move comes as the cybersecurity landscape faces an unprecedented challenge from the rapidly advancing field of quantum technology.

What the worry is

Post-quantum encryption is a proactive approach to safeguarding digital communications from the potential of quantum computers to break traditional encryption methods. 

Unlike classical computers, which process information in binary bits (0s and 1s), quantum computers harness the principles of quantum mechanics to perform calculations using quantum bits or "qubits." These qubits can exist in multiple states simultaneously, allowing quantum computers to perform certain calculations exponentially faster than classical computers.

The power of quantum computing therefore poses a significant risk to current encryption protocols, which rely on the computational difficulty of factoring large numbers or solving complex mathematical problems. Quantum computers, with their ability to perform parallel computations and leveraging quantum algorithms, such as Shor's algorithm, allow it to efficiently factor large numbers and solve these problems, effectively breaking the encryption. 

Post-quantum cryptography algorithms, such as lattice-based and hash-based cryptography, are designed to be resistant to attacks from both classical and quantum computers, by relying on mathematical problems believed to be intractable for quantum computers, differing from traditional encryption methods like RSA and elliptic curve cryptography vulnerable to quantum attacks.

Although not there yet, this growing potential threat posed by quantum computing has not gone unnoticed by industry. 

Industry interest in quantum

Tech giant Microsoft is advising organisations to begin preparing for potential cyberattacks based on quantum technology. 

Honeywell, a company involved in the securing of critical infrastructure like utilities, has recognised the threat and become the first to integrate quantum-computing-hardened encryption keys into smart meters for gas, water, and electric utilities.

This vulnerability extends beyond just data encryption; it also threatens the security of digital signatures, being able to potentially forge digital signatures and compromise the integrity of critical systems and enable mass-scale identity theft and financial fraud.

Although, like AI in cybersecurity, quantum is not all doom and gloom. The computational power of quantum computers has the very same Microsoft, who warned about its dangers, make plays to expand its presence in the field as a way to fuel their AI ambitions.

While the full realisation of a "cryptographically relevant" quantum computer capable of breaking current encryption methods is still years away, Zoom’s move highlights, and others believe, that the time to prepare is now.

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

SolarWinds: IT Staff Dubious on Organisation's AI Readiness

A recent trends report by SolarWinds reveals that very few IT professionals are confident in their organisation's readiness to integrate AI

Is Stress a Driving Force Behind the Cyber Skills Shortage?

A SenseOn study has showed 95% of IT leaders in the UK and Ireland say stress impacts their ability to retain staff

Rapid7 AI Engine Update Sees Gen AI Supporting SOC With MDR

Rapid7's enhanced AI Engine will now use machine learning models and new Gen AI models to separate real attacks from false alarms

Google Securing WFH with Zscaler and Netskope Partnership

Network Security

Why Have Cybersecurity Budgets Soared for TMT Companies?

Operational Security

Mandiant's Analysis Unveils Cause of Snowflake Data Theft

Operational Security