Meta and Zoom deploy post-quantum TLS solutions

Following Apple’s recent announcement to upgrade iMessages to a post-quantum secure protocol, it’s perhaps not surprising to see further PQC development from well-known platforms. In fact, even before Apple, both Google Chrome and Cloudflare deployed PQC-protected TLS, and back in 2023, Signal deployed PQC based on PQShield’s research, in their end-to-end encryption. As this year of PQC acceleration continues, we’re likely to see further updates from high profile names. Last week, both Meta and Zoom announced new approaches to migrating towards, and deploying PQC.

Meta 

Meta have focused on identifying everything at risk from the quantum threat – from their internal infrastructure to their user-facing apps. With billions of worldwide users, plus a heightened focus on integrity, privacy and security, the owners of Facebook and Instagram recognise that migration to PQC is a careful ‘multi-year effort’ that will be best achieved with a hybrid approach.

Interestingly, they also point out that within that focus, their two highest priorities are to protect components against store-now-decrypt-later (SNDL) attacks, and to update their internal comms infrastructure. 

This has led to Meta beginning the transition to a hybrid key exchange for TLS, using ML-KEM (Kyber) with X25519. By expanding Fizz, their current protocol library, to include a specific PQC library, they can now make use of quantum key exchange alongside existing classical mechanisms.

It is interesting to note Meta’s deliberate focus on protecting against SNDL. Although quantum computers are not yet sophisticated enough to break classical encryption, the threat from store-now-decrypt-later is a pertinent one, especially to an organization that deals with a vast amount of personal, historical and private information.

Zoom

Meanwhile, communications giant, Zoom, announced that Zoom Workplace will now support post-quantum end-to-end encryption. It claims to be the first communications-as-a-service company to offer a post-quantum end-to-end solution for video conferencing.

It’s hard to overstate the importance of Zoom in the post-pandemic world. With over 300 million daily users, it has become central to the way in which many of us work and socialize, and it’s encouraging to see them take a proactive stance towards information security.

Having launched classical end-to-end encryption for Zoom Meetings in 2020 and Zoom Phone in 2022, this step shows a commitment to the future of data protection, and a further recognition of the importance of post-quantum cryptography. As with Meta, the threat for Zoom is SNDL, and they also are leveraging ML-KEM 768 for quantum key exchange. Post-quantum end-to-end encryption is deployed for meetings where all participants use Zoom 6.0.10 or higher, and functions on the Zoom web portal as well as mobile devices.

Our View

At PQShield, we specialize in post-quantum resilience, so for us, it’s exciting to see the momentum building. Even in the anticipation of the coming NIST standards, companies such as Zoom and Meta are realising the critical importance of PQC in their systems, and are taking steps towards quantum security.

In the communications sector, data is certainly the most valuable commodity, and organizations whether large or small, need to be steps ahead in order to keep it secure from the threat of quantum computers. 

That’s why we believe PQC should be a mainline discussion, and something that every industry talks about, not just as a future consideration, but as a critical part of the way we all work now, to keep our world safe.