Quantum Computing Isn't Just Coming for Bitcoin—It Threatens Messaging Apps Too
TL;DR
Quantum computing threatens encrypted messaging apps like Signal and Threema through 'harvest now, decrypt later' attacks. Researchers are working on post-quantum encryption upgrades to protect communications. While Bitcoin faces long-term quantum risks, messaging platforms may be more immediately vulnerable.
Key Takeaways
- •Quantum computers could break current encryption used by messaging apps like Signal and Threema, enabling 'store-and-forward' attacks where encrypted messages are intercepted now and decrypted later.
- •Signal has already implemented PQXDH and SPQR protocol upgrades for post-quantum protection, while Threema is exploring integration of NIST-standardized ML-KEM algorithm.
- •Encrypted messaging faces more immediate quantum threats than Bitcoin due to the nature of communications being recorded and stored for future decryption.
- •Transitioning to quantum-safe encryption requires complete protocol redesigns to maintain efficiency, as simple component replacements could increase bandwidth requirements dramatically.
- •Government and sensitive communications using encrypted messaging highlight the urgency of developing long-term quantum-resistant security solutions.
Tags
Quantum computing has long been discussed as a future threat to Bitcoin. Now, researchers say the same technology could undermine encrypted messaging systems used by governments, journalists, and millions of users worldwide.
In a new report released on Monday, IBM described its work with communications developers from Signal and Threema to redesign messaging protocols for a future in which quantum computers may be able to break the encryption underlying secure communications.
“Breaking through this kind of encryption is practically impossible with even the most capable classical supercomputers, unless you have a spare billion years to kill. But a major computing revolution underway today may soon change that,” the researchers wrote.
While much has been written about the quantum threat to cryptocurrency, cryptography researcher Ethan Heilman said encrypted messaging platforms may face a more immediate quantum risk than Bitcoin.
“The short‑term threat is much greater for something like Signal than for Bitcoin because of store‑and‑forward attacks,” Heilman told Decrypt. “Conceivably, someone could record communications now and then attack them later when they have a quantum computer.”
A store-and-forward attack occurs when an adversary intercepts and saves encrypted data, or in this case, messages, today with the intention of decrypting it later, once more powerful tools like a quantum computer make breaking the encryption possible.
Launched in 2012 and 2014, respectively, Threema and Signal offer end-to-end encrypted messaging, calls, and group chats, with encryption keys stored on users’ devices rather than on company servers.
Classical computers cannot break current encryption, but a sufficiently powerful quantum computer could solve the underlying cryptographic problems that protect it. Progress in the field has accelerated in recent years.
Recent experiments from IBM, Google, and Caltech have improved stability, scaling, and error correction, narrowing the time for when a practical quantum machine will come online, intensifying debate about the threat to cryptocurrencies like Bitcoin, which use elliptic-curve cryptography to secure transactions.
A sufficiently powerful quantum computer could theoretically use Shor’s algorithm to derive private keys from exposed public keys.
Heilman said the growing use of encrypted messaging in government underscores why long-term communication security has become a priority for researchers.
“We’ve seen a lot of people in the White House use Signal,” he said, referring to the 2025 incident known as “Signalgate,” where it was revealed that senior U.S. national security officials, including Defense Secretary Pete Hegseth, used disappearing Signal messages on personal devices to discuss sensitive government matters, after adding a journalist to a groupchat.
“Historically, there have been intelligence cases where communications were recorded decades earlier and only broken later,” Heilman said. “So for communication security, there’s always the risk of the future decrypting the past, which we don’t have in Bitcoin.”
Future proofing
Signal has begun preparing for a potential future in which those so-called “harvest now, decrypt later” attacks become a reality.
In 2023, the messaging company introduced the PQXDH upgrade to protect new sessions against such attacks. In 2025, Signal strengthened those defenses with a Sparse Post‑Quantum Ratchet (SPQR) protocol upgrade that extends post‑quantum protection to ongoing messages, calls, and media.
For its part, Threema said it is working with IBM’s cryptography researchers to explore integrating the National Institute of Standards and Technology-standardized ML-KEM algorithm into its messaging system as part of a shift toward quantum-safe encryption.
The research also focuses on protecting metadata, including information about who belongs to encrypted group chats.
“When trying to port the existing Signal protocol for protecting this metadata to quantum-safe, the team quickly realized that just replacing the current components with their quantum-safe versions would likely lead to an up to a hundredfold increase in Signal’s bandwidth,” the report reads. “This meant they would need to redesign the protocols from the ground up for speed and communication efficiency.”
Most researchers say machines capable of attacking Bitcoin remain far beyond current technology. Still, Heilman flagged that the pace of development will likely accelerate if quantum advances continue.
“As soon as the threat becomes more real, things move quicker,” he said.