Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings



Zoom, a popular enterprise services provider, has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms expected in the future.

“As adversarial threats become more sophisticated, so does the need to safeguard user data,” the company stated. “With the launch of post-quantum E2EE, we are doubling down on security and providing leading-edge features for users to help protect their data.”

Zoom’s post-quantum E2EE uses Kyber-768, which aims at security roughly equivalent to AES-192. Kyber was chosen by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) in July 2022 as the quantum-resistant cryptographic algorithm for general encryption.

However, for post-quantum E2EE to be enabled by default, all meeting participants need to be on Zoom desktop or mobile app version 6.0.10 or higher. If some participants do not meet this minimum version requirement, standard E2EE will be used.

While quantum computers are still in their experimental stages, they pose a future threat of trivially solving classical mathematical problems considered computationally intensive, making cryptanalysis much easier.

Adding to this is a type of attack called harvest now, decrypt later (HNDL), or retrospective decryption, where sophisticated threat actors steal and store encrypted network traffic now, intending to decrypt it later when quantum computers become more advanced.

Post-quantum cryptography is designed to thwart such risks, prompting several companies, such as Amazon Web Services (AWS), Apple, Cloudflare, Google, HP, Signal, and Tuta, to integrate the new standard into their products.

Earlier this February, the Linux Foundation announced the launch of a Post-Quantum Cryptography Alliance (PQCA) to address cryptographic security challenges posed by quantum computing.

While quantum computers strong enough to break cryptography are currently only theoretical, government-backed efforts are already underway to help organizations transition to quantum-resistant cryptography.

Other news

Dutch government says it may stop using Facebook over privacy concerns

The Dutch government announced on Friday that it might have to discontinue its use of Facebook following a cautionary note from the Netherlands’ privacy watchdog regarding the privacy risks associated with the Meta-owned social media platform.

Read More

New Stealthy “RustDoor” Backdoor Targeting Apple macOS Devices

Since November 2023, a new backdoor targeting Apple macOS users, named RustDoor by Bitdefender, has been operating discreetly.

Read More