Signal said it has introduced a new post‑quantum ratchet called the Sparse Post Quantum Ratchet, or SPQR, that it will combine with the existing Double Ratchet to form a “Triple Ratchet” aimed at protecting messages against future quantum computing threats, according to the article.
The company said users should not notice any change in the app and that the new ratchet is being mixed with existing encryption so conversations will eventually move to the new protocol without user action, while preserving forward secrecy and post‑compromise security.
Why is the change necessary? Elliptic‑curve Diffie‑Hellman (ECDH), a core part of the current ratchet, is not quantum resistant and could allow so‑called harvest‑now‑decrypt‑later attacks if a sufficiently powerful quantum computer appears; it also linked to background material on Diffie‑Hellman and ECDH to explain the existing key‑agreement mechanisms.
To add quantum resistance, Signal is using a Key Encapsulation Mechanism (KEM), specifically a standardized ML‑KEM process, and described an incremental design that splits and overlaps parts of the encapsulation and ciphertext to reduce idle sending capacity.
Signal mitigated bandwidth and reliability concerns by using chunking and erasure codes to allow large encapsulation keys and ciphertexts to be reconstructed from subsets of chunks, and the team implemented an “ML‑KEM Braid” to organize the incremental exchange. Signal also acknowledged work with the authors of the libcrux-ml-kem Rust library to expose necessary APIs for the approach.
Signal said the design and implementation were driven by academic collaboration and formal methods: a paper at Eurocrypt 25, a USENIX follow‑up (follow up paper at USENIX 25), and formal verification tools including ProVerif, the hax translator and F*. The project integrates formal verification into its continuous integration process and that the Rust implementation is structured to match the verified models.