“Breaking through this kind of encryption is practically impossible with even the most capable classical supercomputers, unless you have a spare billion years to kill. But a major computing revolution underway today may soon change that,” the researchers wrote.
“The short‑term threat is much greater for something like Signal than for Bitcoin because of store‑and‑forward attacks,” Heilman told Decrypt. “Conceivably, someone could record communications now and then attack them later when they have a quantum computer.”
A store-and-forward attack occurs when an adversary intercepts and saves encrypted data, or in this case, messages, today with the intention of decrypting it later, once more powerful tools like a quantum computer make breaking the encryption possible.
Launched in 2012 and 2014, respectively, Threema and Signal offer end-to-end encrypted messaging, calls, and group chats, with encryption keys stored on users’ devices rather than on company servers.
Classical computers cannot break current encryption, but a sufficiently powerful quantum computer could solve the underlying cryptographic problems that protect it. Progress in the field has accelerated in recent years.
A sufficiently powerful quantum computer could theoretically use Shor’s algorithm to derive private keys from exposed public keys.
Heilman said the growing use of encrypted messaging in government underscores why long-term communication security has become a priority for researchers.
“Historically, there have been intelligence cases where communications were recorded decades earlier and only broken later,” Heilman said. “So for communication security, there’s always the risk of the future decrypting the past, which we don’t have in Bitcoin.”
Signal has begun preparing for a potential future in which those so-called “harvest now, decrypt later” attacks become a reality.
In 2023, the messaging company introduced the PQXDH upgrade to protect new sessions against such attacks. In 2025, Signal strengthened those defenses with a Sparse Post‑Quantum Ratchet (SPQR) protocol upgrade that extends post‑quantum protection to ongoing messages, calls, and media.
For its part, Threema said it is working with IBM’s cryptography researchers to explore integrating the National Institute of Standards and Technology-standardized ML-KEM algorithm into its messaging system as part of a shift toward quantum-safe encryption.
The research also focuses on protecting metadata, including information about who belongs to encrypted group chats.
“When trying to port the existing Signal protocol for protecting this metadata to quantum-safe, the team quickly realized that just replacing the current components with their quantum-safe versions would likely lead to an up to a hundredfold increase in Signal’s bandwidth,” the report reads. “This meant they would need to redesign the protocols from the ground up for speed and communication efficiency.”
Most researchers say machines capable of attacking Bitcoin remain far beyond current technology. Still, Heilman flagged that the pace of development will likely accelerate if quantum advances continue.
“As soon as the threat becomes more real, things move quicker,” he said.
