Your guide to post-quantum end-to-end encryption and how Zoom can help

For many of us, quantum computing feels more like science fiction than reality. A futuristic world where computers can solve problems in minutes that might otherwise take millions of years. 

Surprisingly, the ability to accelerate and advance the work of mankind is not as far off as you might think, with several companies and countries launching prototypes to win the race to viable quantum computing. And while it’s fun to imagine the advantages and possibilities that quantum computing promises to provide, we must also acknowledge the threat to encryption that accompanies this groundbreaking technology. 

To help you prepare, Zoom is now offering post-quantum end-to-end encryption in Zoom Workplace – available now for Zoom Meetings – enabling you to add an additional layer of protection over your data and get ahead of future quantum computing breaches.

But, what does this mean exactly? 

Keep reading to learn the basics of quantum computing, end-to-end encryption, post-quantum cryptography, and how Zoom Workplace users can be better prepared to protect their communications information. 

Before we explain quantum computing, it’s helpful to know how classical computers operate. Think of them as the technology behind our laptops and smartphones, built on bits (units of information that store a zero or one). Quantum computing is instead based on qubits (which store a lot more than a single 0 or 1 value) and uses the principles of quantum mechanics to perform computation on these qubits. 

To help protect your data, cryptography comprises a variety of tools to secure digital data and the internet communications we use daily (think shopping, banking, text messaging). In particular, encryption refers to methods of encoding information so that only the intended audiences can read it, and can be defined as symmetric and asymmetric.

Symmetric encryption requires the communicating parties to agree in advance on a shared key, which can be used to both encrypt (obfuscate) and decrypt (deobfuscate or recover) the communications. 

In contrast, asymmetric encryption relies on pairs of different but related keys: one is used to encrypt and can be publicly distributed, while the other one is used to decrypt and kept private by the recipient. 

To drill down even further, end-to-end encryption can leverage a combination of symmetric and asymmetric cryptography to ensure only the communicating parties have access to the contents of the communications. In this case, communication providers like Zoom do not have access to this content, unlike with encryption “in transit.”

Certain quantum algorithms can solve specific complex problems much more efficiently than any known classical algorithm. What’s more, it’s believed that these efficient quantum algorithms can break many of the asymmetric cryptographic systems that we believe to be safe against classical computers. 

Although quantum computers that are powerful enough to run these algorithms are not known to exist, multiple companies and institutions are making progress in this space. The National Institute of Standards and Technology (NIST) held a competition and, together with the academic community, identified a set of algorithms they believe can withstand an attack from future quantum computers. The algorithms that are not known to be vulnerable to attacks from quantum computers are labeled as post-quantum secure. 

With this in mind, both public and private organizations have begun to reevaluate the security measures they currently have in place and prioritize post-quantum secure cryptography.

If you think it seems premature to safeguard your data against a threat that doesn’t yet exist, you may want to reconsider. Network attackers, internal threats, and service providers could collect your encrypted data today, only to hold onto and decrypt once quantum computers become available, potentially even decades later. This is more commonly known as “harvest now, decrypt later” attacks. So while your data may be unreadable now, quantum computing could allow decryption of your data at a later date.

To help you stay protected against post-quantum security threats, Zoom has launched a post-quantum E2EE solution for some of the core products found in our AI-powered collaboration platform, Zoom Workplace. Using the Kyber 768 algorithm (currently undergoing standardization from NIST), this security feature allows Zoom Meetings users to enable post-quantum E2EE for their meeting(s).

Note: post-quantum E2EE is coming soon for Zoom Phone and Zoom Rooms. 

E2EE is not new for Zoom users, as we previously launched end-to-end encryption for Zoom Meetings in 2020 and Zoom Phone in 2022. But as our customers continue to increase their use of this feature, we’ve seen first-hand how important it is for Zoom users to have a secure collaboration platform to meet their unique needs. We’re pleased to be the first UCaaS provider to offer post-quantum end-to-end encryption for videoconferencing.

As mentioned earlier, one advantage of E2EE is the ability to keep your information safe and decipherable only by the parties who possess the decryption keys. For example, when users enable E2EE for their meetings, Zoom’s system is designed to provide only the participants with access to the encryption keys that are used to encrypt the meeting. Zoom’s servers don’t have the necessary decryption key and, thus, can’t decipher any encrypted data relayed through our servers. What’s more, our new post-quantum E2EE helps defend against “harvest now, decrypt later” using Kyber 768 — an algorithm being standardized by NIST as the Module Lattice-based Key Encapsulation Mechanism, or ML-KEM, in FIPS 203.

At Zoom, we’re committed to helping you protect your data. While we can’t say for sure when quantum computers will become mainstream, we believe there’s no time like the present to prepare for the future. Learn more about what’s available for the latest version of Zoom Workplace in this support article and see how you can get started using Zoom’s post-quantum E2EE.