Zoom claims to be first videoconferencing software vendor to use post-quantum cryptography to protect users once quantum computers are able to decode encrypted data. Credit: Michael Vi / Shutterstock Zoom is adding “post-quantum” end-to-end encryption to its video and voice meeting software. The aim is to protect communication data sent between its apps once quantum computers are sufficiently power to compromise existing encryption methods. Right now, it’s difficult for current or “classical” computers to break the modern encryption algorithms that protect internet communications — that means anything from text messages to online banking or shopping. But security experts are concerned cybercriminals can collect encrypted data now and decrypt it once quantum computers become sufficiently capable, a strategy referred to as “harvest now, decrypt later.” To secure communications on its meetings apps in the long term, Zoom on Tuesday said it will enhance existing EE2E capabilities available in its Zoom Workplace apps with “post-quantum cryptography.” It’s the first unified communication software vendor to do so, Zoom claimed in a blog post. For Zoom, this means the use of Kyber 768, a key encapsulation mechanism (KEM) algorithm that’s being standardized by the National Institute of Standards and Technology (NIST). NIST has been working to identify a set of “post-quantum” algorithms that can withstand attacks from future quantum computers. Although quantum computers are adept at solving complex mathematical equations, meaning they could decrypt classical algorithms, existing systems are small scale and plagued with high error rates, said Heather West, research manager for quantum computing at IDC’s Infrastructure Systems, Platforms, and Technology Group. As a result, modern classical algorithms are not yet at risk; that could change as quantum computing advances, enabling systems that can run Shor’s algorithm —a quantum algorithm that, according to one definition, is able to “efficiently factorize large composite numbers” and therefore reduce the time taken to break classical encryption. “Due to this advantage, there is concern that some entities — specifically state-sponsored actors — are breaching and stealing data with a long-shelf life value now (think financial, government, DOD, etc.) with the intent of using future quantum systems to decrypt it and use it later,” said West. Several initiatives are now under way to identify and develop post-quantum cryptographic algorithms organizations can deploy to become quantum-resilient. For example, NIST launched a global initiative in 2016 and is expected to release its final recommendations later this year. In 2022, US President Joseph R. Biden Jr. issued two security memorandums (NSM-8 and NSM10) to provide government agencies with the guidance and timeframes to begin implementing post-quantum cryptography. As for Zoom’s post-quantum EE2E feature, West said the amount of information transferred via text messages and in virtual meetings “is a rather unexplored territory for post-quantum cryptography [PQC],” but is an important area of focus. “Compromised information using these technologies could lead to national security breaches, the accidental exposure of company trade secrets, and more,” she said. “Zoom has taken this opportunity to identify a current area of data security weakness and develop an industry disruptive PQC solution.” Even so, West points to “severe limitations” in Zoom’s approach. For example, to be secure, all meeting participants are required to use the Zoom desktop or mobile app version 6.0.10 or higher. “So there is no guarantee that everyone will be using the most up-to-date version…,” she said. In addition, using Zoom’s post-quantum encryption means participants loseaccess to some key features, such as cloud recording. “For PQC to be effective, not only must it be secure against potential quantum cyber security breaches, but it should also allow for the same performance and utility of the applications and infrastructure than if it weren’t being used. This doesn’t seem to be the case with Zoom’s implementation,” West said. In general, West said all businesses should be considering how to keep encrypted data safe in future. “Organizations should be taking this risk seriously,” she said. “There seems to be a misconception that if an organization is not investing in quantum computing there isn’t a need to invest in post-quantum cryptography.” Cyberattacks using quantum algorithms have the potential to affect all businesses and organizations, she said. Some understand the importance of post-quantum cryptography and are waiting for final standards from NIST to be released, but updating to post-quantum cryptography can be a “laborious process,” so organizations should get started now by inventorying and identifying at-risk data and infrastructure. “Partnering with a PQC vendor or consultant can help guide the transition. PQC vendors and consultants can also help to determine what solution is most suitable for the organization,” said West. Related content news analysis EU commissioner slams Apple Intelligence delay Margrethe Vestager, Europe's chief gatekeeper, takes a shot at Apple's decision to delay rolling out the company's AI. By Jonny Evans Jun 28, 2024 7 mins Regulation Apple Generative AI how-to Download our unified communications as a service (UCaaS) enterprise buyer’s guide Does your phone system date back to the last century? If so, you’re missing out on new technologies that can increase productivity and support a more distributed workforce. That’s where unified communications as a service, or UCaaS, comes By Andy Patrizio Jun 28, 2024 1 min Unified Communications Enterprise Buyer’s Guides Cloud Computing feature Enterprise buyer’s guide: Android smartphones for business Security is the biggest — but not only — factor when deciding what Android devices to support in your enterprise. See how Google, Honor, Huawei, Infinix, Itel, Motorola, Nokia, OnePlus, Oppo, Realme, Samsung, Tecno, Vivo, and Xiaomi stack By Galen Gruman Jun 28, 2024 23 mins Google Samsung Electronics Smartphones news Box announces upgrade to Box AI, integration with GPT-4o Box needed its own generative AI function to retain market share, says analyst. By Paul Barker Jun 27, 2024 4 mins Box Generative AI Collaboration Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe