PQC stands for Post-Quantum Cryptography. It isn’t a specific standard or technology but rather a notion that once quantum computing becomes a reality, the current security and privacy mechanisms we use will need to be updated.
Current day security and privacy is based on the notion that some problems are hard to solve on computers. So hard that solving them for 256 bit values (or whatever other arbitrary but realistically small enough number) will take too many machines, time and electricity.
Quantum computing is about making hard to solve problems easy enough to solve quickly. Once that happens, all the math behind current day cryptography collapses and the security and privacy we enjoy stops to exist.
PQC simply means cryptographic algorithms and mechanisms that can hold against quantum computing techniques. It is about keeping hard problems hard to solve using quantum computers.
Today, with the understanding that quantum computing will become a reality in a few years, we see a growing trend of hardening existing applications and protocols with PQC.
WebRTC and PQC
WebRTC is a highly secure protocol for real time communications. It has built-in mandatory encryption and security mechanisms and as such offers a great starting point for the security and privacy of WebRTC applications.
When it comes to PCQ protection, the main part where WebRTC is directly in charge of is the DTLS key exchange that is used for establishing the SRTP encryption keys. These are used to encrypt and decrypt the media between the users.
At its heart, to enable PQC in WebRTC, there is a need to move forward and rely on DTLS 1.3. This requires browser implementations to switch towards DTLS 1.3 and all media servers used by a specific application to enforce and use only DTLS 1.3.
Other parts of WebRTC are assumed to be secure from PQC by other means: signaling via the transport and signaling protocols of web browsers (which are also getting a PQC update of their own), and the media itself by using AES.
While quantum computing still isn’t here, it is important to add support for PQC in WebRTC today. There is a real worry that quantum computing can and will be used to retroactively attack WebRTC network traffic that was captured and then later decrypted using quantum computing. Our goal is to protect WebRTC users from this eventuality as well.
