## What is end-to-end encryption?

A typical mobile telephone conversation is encrypted only between the handset and the nearest cell phone mast and travels unencrypted on the landlines just like any other telephone call.

An end-to-end encryption solution guarantees that only the two communicating parties know how to decipher the contents of the communications between them — there is no need to trust the telephone operators or the server in case of messaging apps (Whatsapp, Signal, etc.).

End-to-end encryption solutions allow users to communicate securely across international boundaries and even in hostile security environments.

## Forward Security and Quantum Attacks

Public key cryptography can be used in a way that allows the parties to easily set up temporary shared communication keys. These keys are only known to the two parties and can be instantaneously forgotten when no longer in use, providing forward security. This means that even if an end-to- end encryption device is lost or compromised that does not mean that previous communications can be deciphered as previous keys cannot be derived from current keys. The continuous key management and re-negotiation process is an automatic, invisible part of the protocol itself and does not require active user participation.

Current solutions rely almost exclusively on mathematical group properties of (Elliptic Curve) Diffie-Hellman key exchange, which is unfortunately one of cryptographic algorithms that can be easily attacked with quantum computers. This also breaks forward security of current solutions; currently intercepted communications can be deciphered at a future time when quantum computers become available.

## Designing a Quantum-Secure End-to-End Communication Protocol

We wanted to take the ease-of-use of current protocols such as OTR and the Signal protocol (as also used by WhatsApp, Wire, and others) and replace their Diffie-Hellman key exchange with a quantum secure alternative. This requires deeper modifications to the protocol than might be initially expected, since these protocols use the relatively simple mathematical equations of the vulnerable Diffie-Hellman key exchange directly rather and rely on specific properties of the equations such as commutativity. We used mathematical formalism and abstractions in our alternative protocol design. These abstractions allow asymmetric primitives based on a different type of a (post-quantum) hard mathematical problem to be used instead, and also allow formal mathematical proofs of the security of resulting protocols to be created.

PQShield has developed a post-quantum end-to-end protocol that uses quantum-secure cryptographic primitives while maintaining the ease of use and various security properties of current high-end secure messaging solutions. Additionally we provide forward security against quantum adversaries. We worked with leading academic experts in the field to create a solid theoretical groundwork that allowed us to create a formal proof of security for the protocol. This is a world-first for quantum-secure protocols of this type.