Signal Protocol and Post‑Quantum Ratchets (SPQR) Inside the Triple Ratchet Era
Signal’s new design mixes a post‑quantum SPQR with the existing Double Ratchet, deriving message keys from both ratchets via a key‑derivation function, which Signal informally calls the “Triple Ratchet.” This upgrade maintains the protocol’s core goals of forward secrecy (protecting past messages) and post‑compromise security (healing future messages) while adding quantum‑resilient cryptography to ongoing conversations.
Why it matters
Classical elliptic‑curve steps in secure messaging are vulnerable to a future quantum computer, enabling “harvest‑now, decrypt‑later” attacks against captured traffic. Signal’s 2023 PQXDH handshake mitigated HNDL for session setup, but SPQR extends post‑quantum protection into the continuing ratchet so that ongoing key evolution remains quantum‑resilient.
SPQR incorporates a post‑quantum KEM (ML‑KEM) by chunking large public keys and ciphertexts into small protocol chunks that can ride alongside normal application messages without bloating them. Concretely, ML‑KEM‑768 uses public keys of 1184 bytes and ciphertexts of 1088 bytes, so SPQR sends these in approx 42 ‑byte chunks and reassembles them, with a short header dependency ensuring ciphertext generation aligns with the corresponding public key.
The Triple Ratchet
The Triple Ratchet combines the classical ECDH public‑key ratchet, the new post‑quantum SPQR public‑key ratchet, and the symmetric ratchets, feeding both public‑key ratchet outputs into a KDF to derive message keys. This provides hybrid security, meaning an attacker must break both the elliptic‑curve and post‑quantum components to recover conversation secrets.
Signal emphasizes that SPQR achieves forward secrecy and post‑compromise security in a quantum‑safe way on its own, and the deployed design mixes it with the classical ratchet for conservative defense in depth. External researchers (PQShield, NYU, AIST) collaborated on the design and analysis, with additional formal review of the deployed Triple Ratchet to validate correctness and security.
Because post‑quantum artifacts are large, SPQR’s chunking keeps per‑message overhead near the Double Ratchet norm by spreading PQ material over multiple messages as opportunistically as possible. This approach aligns with Signal’s asynchronous messaging constraints and minimizes bandwidth and storage impact while steadily injecting PQ entropy into the ratchet.
Signal announced SPQR and the Triple Ratchet on October 1–2, 2025, marking the next step after the 2023 PQXDH upgrade that quantum‑hardens session establishment. The change targets protection of both new conversations and the evolving state of ongoing chats against future quantum breakthroughs.
https://signal.org/blog/spqr/