Zoom Video Communications, Inc. has announced its launch of post-quantum end-to-end encryption (E2EE) service on Zoom Workplace globally making it the first Unified Communications as a Service (UCaaS) company to implement this unique feature. So, starting with Zoom meetings, this encryption is effective immediately for all users while the service will come to Zoom Phone and Zoom Rooms soon.
Zoom deploys post-quantum end-to-end encryption ahead of quantum computing adoption
The idea is that despite not knowing the time to delivery for quantum computers, it is important to prepare products to be quantum compliant such that the technology will not easily break through its security protocols thereby compromising important private data of Zoom users. Also, adversarial threats may capture encrypted data now with the intent to decrypt it later with superior technology once quantum computing becomes mainstream.
Cyber threats continue to increase daily and the need to safeguard users’ data is paramount for Zoom hence this pragmatic move to future-proof sensitive data with the introduction of the E2EE technology.
According to Computerworld, Heather West, research manager for quantum computing at IDC’s Infrastructure Systems, Platforms, and Technology Group said that quantum computers could solve complex mathematical computations leading to the decryption of classical algorithms although existing systems are currently small-scale and have high error rates
“Since we launched end-to-end encryption for Zoom Meetings in 2020 and Zoom Phone in 2022, we have seen customers increasingly use the feature, which demonstrates how important it is for us to offer our customers a secure platform that meets their unique needs,” said Michael Adams, chief information security officer at Zoom. “With the launch of post-quantum E2EE, we are doubling down on security and providing leading-edge features for users to help protect their data. At Zoom, we continuously adapt as the security threat landscape evolves, with the goal of keeping our users protected.”
The way E2EE works is that users enable the technology for their meetings then Zoom through its system provides only the participants with the encryption keys that are used to encrypt the meeting. This behaviour occurs for both post-quantum E2EE and standard E2EE making sure that even Zoom’s servers do not have the necessary decryption keys so that when the information is passed through its system, it becomes indecipherable both to Zoom and to cyber threats who practice “harvest now, decrypt later”.
To further defend against this potential act, Zoom’s post-quantum E2E encryption uses Kyber 768, an algorithm being standardized by the National Institute of Standards and Technology (NIST) as the Module Lattice-based Key Encapsulation Mechanism, or ML-KEM, in FIPS 203. This is in line with the algorithm developed by NIST to prepare against the loss of sensitive data and curb the threat to national and global security.
Currently, for the post-quantum encryption to work, Zoom has stated that all participants must use the Zoom desktop or mobile app version 6.0.10 or higher. If some of the participants use a lower version, then the standard end-to-end encryption service is used instead.
Again, West points to “severe limitations” in this approach of having all participants on the same version stating that there is no guarantee that everyone will be using the most up-to-date version. This is a major step in the preparation for the adoption of quantum technology and it makes sense for organizations like Zoom to be at the forefront of it since they store lots of sensitive data daily.
It’s hard enough to keep up to date, and keep an eye on quantum trends So we do that for you, you just need to find five minutes per week. Find out more.
Monthly
Become a member to view premium content. Includes our monthly reports, weekly updates and all content access for less than a packet of chips.
7 Day Trial Period
$5
per month, charged monthly
0.16¢
Per Day