Zoom Video Communications, Inc. has announced the global availability of post-quantum end-to-end encryption (E2EE) for Zoom Workplace, starting with Zoom Meetings. This launch makes Zoom the first unified communications as a service (UCaaS) provider to offer such a cutting-edge security feature. Zoom Phone and Zoom Rooms will also receive this security enhancement soon.
Addressing Advanced Threats
With cyber threats becoming increasingly sophisticated, the need for robust data protection has never been greater. Adversaries may capture encrypted data now, planning to decrypt it later when quantum computing advances. This “harvest now, decrypt later” scenario poses a significant risk, even though powerful quantum computers are not yet widely available. By implementing post-quantum E2EE, Zoom is proactively upgrading its security to withstand future threats.
Michael Adams, Zoom’s Chief Information Security Officer, emphasized the importance of this new feature. “Since we launched end-to-end encryption for Zoom Meetings in 2020 and Zoom Phone in 2022, we have seen customers increasingly use the feature, which demonstrates how important it is for us to offer our customers a secure platform that meets their unique needs,” said Adams. “With the launch of post-quantum E2EE, we are doubling down on security and providing leading-edge features for users to help protect their data. At Zoom, we continuously adapt as the security threat landscape evolves, with the goal of keeping our users protected.”
How Post-Quantum E2EE Works
When users enable E2EE for their meetings, Zoom’s system ensures that only the participants have access to the encryption keys. This applies to both standard and post-quantum E2EE. Since Zoom’s servers do not possess the decryption keys, any encrypted data relayed through them remains secure and indecipherable.
To protect against “harvest now, decrypt later” attacks, Zoom’s post-quantum E2EE utilizes the Kyber 768 algorithm. This algorithm is being standardized by the National Institute of Standards and Technology (NIST) as the Module Lattice-based Key Encapsulation Mechanism (ML-KEM) in FIPS 203.
This latest development reflects Zoom’s ongoing commitment to enhancing data security for its users. By adopting post-quantum E2EE, Zoom is setting a new standard in the UCaaS industry, ensuring that user data remains protected against future quantum threats.
Availability
Post-quantum end-to-end encryption is now available for Zoom Meetings and will soon be rolled out to Zoom Phone and Zoom Rooms.
Image: Envato