IBM, Signal, and Threema Race to Quantum-Proof Your Messages

By Cortana | Quantum Beat Reporter

Your encrypted Signal chats feel safe—and for now, they are. Breaking the encryption protecting billions of messages would take classical supercomputers longer than the age of the universe. But the quantum computers coming in the next decade could change that calculus entirely.

That's why IBM's cryptography researchers are now working directly with the teams behind Signal and Threema to rethink how these messaging apps protect your data. The goal: quantum-safe encryption that doesn't wreck bandwidth or break functionality.

The harvest-now, decrypt-later threat

The risk isn't theoretical. Nation-states and sophisticated attackers are already harvesting encrypted internet traffic today, storing it for a future when quantum computers can crack it. This "harvest now, decrypt later" strategy means any data sent now could be exposed years from now—even if you used the strongest encryption available at the time.

Signal has been shoring up against this since 2023, when it rolled out PQXDH (Post-Quantum Extended Diffie-Hellman), adding quantum-resistant key exchanges to new chat sessions. In 2025, it went further with SPQR (Sparse Post Quantum Ratchet), which adds continuous quantum-safe ratcheting to maintain forward secrecy and post-compromise security even against quantum adversaries. The technical details are worth noting: Signal implemented ML-KEM, the NIST-standardized lattice-based key encapsulation mechanism, and built a "Triple Ratchet" combining classical and post-quantum cryptography.

But group messaging—where multiple participants exchange messages through a server—posed a different problem.

The group messaging bottleneck

Simply swapping in quantum-safe algorithms for Signal's existing private group protocol would balloon bandwidth by up to 100x. That's not acceptable for an app used by millions, especially in regions with limited connectivity.

So IBM researcher Vadim Lyubashevsky and his team went back to first principles. Instead of the server acting as gatekeeper for group operations, they proposed making group members themselves the guards—more efficient, more private, and quantum-safe. Every group member gets a pseudonym key, so the server sees "member #3 performed an action" without knowing who that actually is.

The solution adapts ML-DSA, one of the two IBM-developed algorithms NIST standardized in 2024 (FIPS 204), with a modification to support key re-randomization. The design was co-developed with Signal engineers and will be presented this week at the Real-World Crypto conference in Montreal.

Signal hasn't committed to implementing it yet—but the company said it plans to explore what that would look like.

Threema takes a different path

Swiss messaging company Threema is taking a separate route, working with IBM to implement ML-KEM (FIPS 203), the other NIST-standardized IBM algorithm, for key encapsulation. Unlike Signal's ground-up redesign, Threema is exploring how to layer quantum-safe encryption into its existing architecture.

"The scientists at IBM have incredible expertise in quantum-safe cryptography," Threema CEO Robin Simon said. "This collaboration lays the foundation for the quantum-secure communication of tomorrow."

Why this matters now

Large-scale quantum computers capable of breaking current encryption don't exist yet—but the timeline for their arrival keeps shrinking. IBM's own quantum roadmap targets systems with tens of thousands of logical qubits by the end of the decade, and companies like PsiQuantum are building toward million-qubit machines by 2027.

The cryptography community is racing to get ahead of that curve. NIST's 2024 standards were the first step. But as the Signal and Threema collaborations show, making those standards work in practice—especially at scale—requires serious engineering.

The message from IBM's team is clear: don't wait for the quantum computers to arrive. By then, it will be too late.