Insider Brief
- Post-quantum end-to-end encryption (E2EE) is now globally available for Zoom Workplace.
- The move makes Zoom a pioneer as a communications as a service — UCaaS — company to offer a post-quantum E2EE solution for video conferencing.
- Zoom’s post-quantum E2E encryption uses Kyber 768, an algorithm being standardized by the National Institute of Standards and Technology (NIST).
Now being secure on Zoom means more than just making sure the camera doesn’t show you’re wearing pajama bottoms to the remote impromptu business meeting.
Zoom Video Communications, Inc. announced in a company statement that post-quantum end-to-end encryption (E2EE) is now globally available for Zoom Workplace — specifically Zoom Meetings — with Zoom Phone and Zoom Rooms coming soon.with Zoom Phone and Zoom Rooms coming soon.
This development positions Zoom as the first unified communications as a service — UCaaS — company to offer a post-quantum E2EE solution for video conferencing, according to the statement.
As adversarial threats become more sophisticated, so does the need to safeguard user data. In certain circumstances, attackers may have the ability to capture encrypted network traffic now, with the intent to decrypt it later when quantum computers become more advanced — a scenario often referred to as “harvest now, decrypt later.” While powerful quantum computers with this capability are not yet generally available, Zoom officials write that it has taken a proactive stance by upgrading the algorithms designed to withstand these potential future threats.
Michael Adams, Chief Information Security Officer at Zoom, said: “Since we launched end-to-end encryption for Zoom Meetings in 2020 and Zoom Phone in 2022, we have seen customers increasingly use the feature, which demonstrates how important it is for us to offer our customers a secure platform that meets their unique needs. With the launch of post-quantum E2EE, we are doubling down on security and providing leading-edge features for users to help protect their data. At Zoom, we continuously adapt as the security threat landscape evolves, with the goal of keeping our users protected.”
So, how will post-quantum E2EE work for Zoom meetings?
When users enable E2EE for their meetings, Zoom’s system is designed to provide only the participants with access to the encryption keys that are used to encrypt the meeting; this is the behavior for both post-quantum E2EE and standard E2EE. Because Zoom’s servers do not have the necessary decryption key, encrypted data relayed through Zoom’s servers is indecipherable.
To defend against “harvest now, decrypt later” attacks, Zoom’s post-quantum E2E encryption uses Kyber 768, an algorithm being standardized by the National Institute of Standards and Technology (NIST) as the Module Lattice-based Key Encapsulation Mechanism, or ML-KEM, in FIPS 203. This ensures that Zoom’s encryption remains robust and capable of protecting user data against the advancements in quantum computing technology.