How IBM is working today to secure communication from tomorrow’s quantum risks

Every day, millions of people across the globe rely on messaging services to connect with family, friends, and businesses. As the mobile revolution took place, these apps became the backbone for modern communication.

Over the years, powerful and secure messaging services have sprung up. Launched in 2014, Signal has become one of the most popular secure messaging apps in the world. And it takes its promise to offer cross-platform communication that can’t be snooped on by Signal, or anyone else, very seriously. Users can create group chats and even video calls that are end-to-end encrypted, meaning the encryption keys to unlock the information in the chats are generated and stored on user’s devices — not on Signal’s servers.

Breaking through this kind of encryption is practically impossible with even the most capable classical supercomputers, unless you have a spare billion years to kill. But a major computing revolution underway today may soon change that.

Quantum computing has moved from theoretical physics to practical engineering in the last few decades, with IBM leading the charge. While classical computers process information using bits (discrete 1s or 0s), quantum computers use qubits. Through a property called superposition, qubits can represent a complex combination of states (all the probabilities of 1s and 0s), and the property of entanglement, which essentially links the qubits together, allowing the machine to explore vast computational possibilities. This gives quantum machines the potential to be exponentially faster at specific tasks, such as factoring incredibly large numbers that would allow them to crack the mathematical encryption problems that keep data safe online today.

As powerful quantum computers that could break through the security that everything from the internet to health records rely upon become closer to a reality, security researchers have worked to create new algorithms that these systems can’t crack. In 2024, the US National Institute of Standards and Technology (NIST) published its first set of three “post-quantum” (as in, after large-scale quantum systems are available) cryptography standards. Two of them were developed by IBM Research scientists, and the third was co-developed by a scientist who has since joined IBM Research.

While these standards are a crucial step toward helping businesses and organizations prepare for our post-quantum future, they won’t be applicable in every situation. Some applications require more advanced cryptography that doesn’t yet have, and in some cases may never have, an efficient quantum-safe version. The less efficient schemes produce a lot more communication than classical schemes, the transmission of which would cost companies a significant sum. “Nobody wants to use more cryptography than they really need,” said Vadim Lyubashevsky, principal research scientist at IBM Research working on quantum-safe cryptography.

The applicability challenge led a team of researchers to think about what comes after the initial standards. “Now we’re working on more advanced cryptographic primitives that are used within interesting technology systems where they don’t have nice quantum-safe equivalents that you can just plug in,” Lyubashevsky said. Through the team’s connection to Signal’s developers, the researchers started thinking about how they could make group messaging on the platform quantum safe.

Signal’s team has built a robust security platform that tells them as little as possible about its users. This includes metadata linked to who originated messages, or who is joining or leaving groups, and controls to ensure that malicious actors can’t join groups and grab data. One of the biggest security risks organizations are facing right now is called “harvest now, decrypt later,” where an attacker gains access to a system and grabs whatever data they can, and stores it until they can crack it in the future with advanced technologies, including a powerful enough quantum system. Signal has been protecting user data, including messages, media, and calls, from these attacks since 2023, and strengthened its defense with another protocol upgrade (called SPQR) in 2025.

But for a future where more powerful quantum computers exist, the threat of malicious actors who could attempt to break through Signal’s encryption for metadata like group membership still exists. When trying to port the existing Signal protocol for protecting this metadata to quantum-safe, the team quickly realized that just replacing the current components with their quantum-safe versions would likely lead to an up to a hundredfold increase in Signal’s bandwidth. This meant they would need to redesign the protocols from the ground up for speed and communication efficiency.

In the existing private group protocol, Signal’s server acts as the gatekeeper, but the team at IBM had the idea to make group members themselves guards, which can be more efficient for both classically secure and quantum-safe systems. In their design, the server’s job is to store encrypted group data and enforce who can write to a group in what position. Every group would get its own pseudonym key for each member, meaning the server can see if “member #3 of this group” performed an operation, but it can’t link that pseudonym to the user’s real identity. Other group members can link actions to the right member for accountability.

To implement this design, ML-DSA (a lattice-based algorithm chosen for general-purpose digital signature protocols), one of the two IBM-developed algorithms that NIST standardized, was modified to support key re-randomization.

The team also created a new security model that captures whether users are admins or just members of a group, and whether servers or members have been compromised. In short, in collaboration with the Signal engineers, they proposed a ground-up redesign that would make Signal’s private group system efficient, quantum-safe, more modular, auditable, and easier to maintain, while keeping the same privacy guarantees against Signal’s own servers.

The team behind the work is presenting their research this week at the Real-World Crypto (RWC) conference, and Signal plans to explore what potentially implementing their suggestions would look like.

Threema’s path to quantum safe

Much like with any major transition, there’s rarely a one-size-fits-all approach for securing systems for our post-quantum future. Many organizations will likely take similar approaches as the reality of quantum systems that will be able to break encryption looms larger.

Threema, another major secure messaging service, recently announced that it’s working with IBM to implement quantum-safe cryptography into its messaging system. The Swiss company is working with the same cryptography research team that worked with Signal to figure out the best path forward. Together, they’re exploring how ML-KEM (a key encapsulation mechanism selected for general encryption, such as for accessing secured websites), the second of the two IBM-developed algorithms standardized by NIST, can be implemented into their messaging system.

“The scientists at IBM have incredible expertise in quantum-safe cryptography,” Threema CEO Robin Simon said recently. “This collaboration and the pooling of our expertise lay the foundation for the quantum-secure communication of tomorrow.”

Signal and Threema are just two of the latest examples of organizations and industries tackling the need to update their technologies’ cryptography to get quantum safe. With proactive work like this, we can keep everything we do — including communicating online — secure.