Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings

Cyber Security

May 22, 2024NewsroomEncryption / Quantum Computing

Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future.

“As adversarial threats become more sophisticated, so does the need to safeguard user data,” the company said in a statement. “With the launch of post-quantum E2EE, we are doubling down on security and providing leading-edge features for users to help protect their data.”

Zoom’s post-quantum E2EE uses Kyber-768, which aims at security roughly equivalent to AES-192. Kyber was chosen by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) in July 2022 as the quantum-resistant cryptographic algorithm for general encryption.

However, for post-quantum E2EE to be enabled by default, it requires all meeting participants to be on Zoom desktop or mobile app version 6.0.10 or higher. In the event some of the participants don’t meet this minimum version requirement, standard E2EE will be used.

While quantum computers are still in their experimental stages, the threat posed by such computers in the coming years is that they could trivially crack classical mathematical problems that are considered computationally intensive, thus making cryptanalysis much easier.

Compounding this aspect is a type of attack called harvest now, decrypt later (HNDL), or retrospective decryption, where sophisticated threat actors steal and store encrypted network traffic now, with an intent to decrypt it later when quantum computers become more advanced.

Post-quantum cryptography is designed to thwart such risks, prompting several companies such as Amazon Web Services (AWS), Apple, Cloudflare, Google, HP, Signal, and Tuta to integrate the new standard into their products.

Earlier this February, the Linux Foundation announced the launch of a Post-Quantum Cryptography Alliance (PQCA) that seeks to address cryptographic security challenges posed by quantum computing.

While quantum computers strong enough to break cryptography are currently only theoretical, government-backed efforts are already underway to help organizations transition to quantum-resistant cryptography.

“For organizations that support critical infrastructures or are depended upon by large sections of society, the need to migrate is particularly urgent,” HP Wolf Security noted earlier this year.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.