Zoom rolls out post-quantum end-to-end encryption to bolster security
Zoom has introduced post-quantum end-to-end encryption for its Meetings platform, with future support planned for Zoom Phone and Zoom Rooms.
This new security measure leverages Kyber-768, a quantum-resistant algorithm selected by NIST in 2022, providing security comparable to AES-192. Zoom’s adoption of post-quantum E2EE underscores the growing need to safeguard user data against increasingly sophisticated cyber threats. This enhancement is a proactive measure against potential risks posed by quantum computing, which could eventually break current cryptographic methods.
To enable post-quantum end-to-end encryption by default, all participants must use Zoom app version 6.0.10 or higher; otherwise, standard E2EE is applied. The motivation behind this upgrade is the potential threat of quantum computers, which, despite being in an experimental phase, could eventually solve complex mathematical problems that underpin current cryptographic systems. One significant concern is the “harvest now, decrypt later” (HNDL) strategy, where encrypted data is collected now with the aim of decrypting it once quantum computers become powerful enough.
Post-quantum cryptography aims to counter these risks, prompting companies like AWS, Apple, Cloudflare, Google, HP, Signal, and Tuta to adopt the new standard. The Linux Foundation has also established the Post-Quantum Cryptography Alliance (PQCA) to address these emerging security challenges.
While fully capable quantum computers remain theoretical, the urgency for organizations, especially those involved in critical infrastructure, to transition to quantum-resistant cryptography is evident, as emphasized by HP Wolf Security. This proactive shift is essential to ensure long-term data security in the face of advancing quantum computing capabilities.
