Zoom has announced that it is introducing post-quantum end-to-end encryption to Zoom Meetings within its Workplace platform.
While end-to-end encryption has been present in Zoom meetings since 2020, post-quantum E2E adds an extra layer of security safeguarding against potential bad actors as their own technology becomes ever more advanced. In the process, Zoom says it is the first UCaaS company to offer a post-quantum E2EE solution for video conferencing.
“Since we launched end-to-end encryption for Zoom Meetings in 2020 and Zoom Phone in 2022, we have seen customers increasingly use the feature, which demonstrates how important it is for us to offer our customers a secure platform that meets their unique needs,” said Michael Adams, Chief Information Security Officer at Zoom.
With the launch of post-quantum E2EE, we are doubling down on security and providing leading-edge features for users to help protect their data. At Zoom, we continuously adapt as the security threat landscape evolves, with the goal of keeping our users protected.”
Zoom says the solution originated in adversarial threats becoming more sophisticated. In certain scenarios, attackers might capture encrypted network traffic now, intending to decrypt it later when advanced quantum computers become available—a situation known as “harvest now, decrypt later”.
Although such powerful quantum computers are not yet generally available, Zoom affirms it has proactively upgraded its encryption algorithms to withstand these potential future threats.
While currently only available for Zoom Meetings, Zoom says post-quantum E2E encryption will be introduced to Zoom Phone and Zoom Rooms “soon”.
More Specifics On How Post-Quantum E2E Encryption Works
When users enable End-to-End Encryption for their meetings in the Zoom Web Portal, Zoom says its system ensures that only the participants have access to the encryption keys, both for post-quantum E2EE and standard E2EE. Since Zoom’s servers do not have the decryption keys, any encrypted data relayed through them remains indecipherable.
E2EE for meetings requires all participants to join from the Zoom desktop app, mobile app, or Zoom Rooms. Meeting hosts on free accounts can enable and use E2EE, but they must verify their phone number via an SMS code. Other participants do not need to verify their phone numbers.
To protect against “harvest now, decrypt later” attacks, Zoom’s post-quantum E2EE employs Kyber 768, an algorithm being standardized by the National Institute of Standards and Technology (NIST) as the Module Lattice-based Key Encapsulation Mechanism (ML-KEM) in FIPS 203.
Zoom’s Positive Quarter
Zoom has had a busy week so far. On Monday, it reported its Q1 FY25 earnings, with its operational milestones including surpassing two million Zoom Rooms licenses.
In Zoom’s latest earnings call, the launch of its AI-powered, unified platform, Workplace, helped catalyse prosperous quarters for several of Zoom’s products, including Zoom Rooms. The business’s year-over-year revenues saw three percent growth, above the guidance for the quarter.
Zoom’s Rooms licences milestone was among several operational successes that the vendor celebrated, including now having five customers with 100,000 or more Zoom Phone seats and 700,000 AI Companion licenses activated since its arrival eight months ago.
