“First” there were apps like Telegram and Signal, springing up to address people’s fear that their private communications taking place online are being randomly and unlawfully accessed and spied on by governments.
This was something that went from niche to mainstream, mostly thanks to the Snowden revelations.
But over time, these chat apps themselves revealed a number of “imperfections” – leaving privacy enthusiasts wanting for more, and better.
There has been no shortage of attempts to perfect the existing apps relying on encryption – but also people’s phone numbers, etc. And for the last couple of years there has been one called SimpleX Chat, that just rolled out a new version.
The app is end-to-end encrypted, open source, but also refrains from using any type of user ID (such as phone numbers, usernames, or even, apparently, random numbers in this context).
While full (E2E) encryption is generally treated as the best we can get these days, security and privacy-wise – day after day, information emerges about a flurry of ways either governments or private tech giants trying (via regulation) or by straight-up developing what would otherwise be considered hacker tools – to break those protections.
Now, SimpleX Chat introduces a beta (in free source “release canon” – that’s one step above initial alpha testing, one below RC – release candidate) version of “quantum resistant encryption.”
But what exactly would that be? Its developers say that “post-quantum cryptography” has been their interest for the last two years, that is, since the app’s initial release, but that they essentially held back on implementing it before there was some standardization.
NIST (National Institute of Standards and Technology), however, failed to deliver on that front for multiple reasons, says a blog post, and now SimpleX, in the best tradition of free and open source, is trying to solve its own problem, instead of waiting for somebody else to write that code for them.
SimpleX apparently took some pointers from Signal and Tuta encryption schemes, to now come up with what it believes is the better version of “the design of quantum resistant double ratchet algorithm.”
The explanation of what that is plays off of the Signal protocol – to state that SimpleX developers “could make break-in recovery property of Signal algorithm quantum-resistant” – and, “why, probably, Signal didn’t, is because irrespective of the message size SimpleX Chat uses a fixed block size of 16kb to provide security and privacy against any traffic observers and against messaging relays.”
And – “In case the message is larger than the remaining block size, e.g. when the message contains image or link preview, or a large text, we used zstd compression (lossless data compression algorithm) to provide additional space for the required keys without reducing image preview quality or creating additional traffic.”
This feature is currently opt-in.
If you're tired of censorship and dystopian threats against civil liberties, subscribe to Reclaim The Net.
