There's not a lot of information given here. The blog post is better [1].<p>Long story short, they decided to augment Wire with experimental post-quantum security using the NewHope key exchange scheme.<p>You can read more about NewHope here [2]. It's a lattice-based cryptosystem using the Ring-Learning With Errors (R-LWE) problem. It's also the same post-quantum key exchange scheme Google experimented with in Google Chrome [3]. R-LWE is pretty common in state of the art lattice-based cryptosystems (there are several such, including NewHope, in Round 1 of the NIST PQCrypto CFP [4]).<p>Among the mathematical "tribes" of post-quantum cryptography, lattice-based (and code-based) problems are particularly good for speed. On the other hand, their key sizes are significantly larger (this phenomenon is somewhat inverted in supersingular isogenies, which offer fantastic key sizes but much slower key exchange). For those interested in learning more about the learning with errors problem (and its ring-augmented cousin), the first few pages of the NewHope specification (and most lattice-based specs from NIST PQCrypto) are a good brief [5]. And while it's not related to NewHope specifically, Peikert's survey on lattice-based cryptography is relatively recent and accessible [6].<p>I'm interested in what impact this will have on latency in Wire. In the context of the Google Chrome TLS experiment, the median connection latency increased by 1ms, the slowest 5% increased by 20ms and the slowest 1% increased by 150ms [7]. The increased connection latency was attributed to the increase in message size, which in my opinion is pretty interesting in consideration of the fact that we (generally) consider key size and operation speed separately.<p>______________<p>1. <a href="https://blog.wire.com/blog/post-quantum-resistance-wire" rel="nofollow">https://blog.wire.com/blog/post-quantum-resistance-wire</a><p>2. <a href="https://newhopecrypto.org" rel="nofollow">https://newhopecrypto.org</a><p>3. <a href="https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html?m=1" rel="nofollow">https://security.googleblog.com/2016/07/experimenting-with-p...</a><p>4. <a href="https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions" rel="nofollow">https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Rou...</a><p>5. <a href="https://newhopecrypto.org/data/NewHope_2017_12_21.pdf" rel="nofollow">https://newhopecrypto.org/data/NewHope_2017_12_21.pdf</a><p>6. <a href="https://web.eecs.umich.edu/~cpeikert/pubs/lattice-survey.pdf" rel="nofollow">https://web.eecs.umich.edu/~cpeikert/pubs/lattice-survey.pdf</a><p>7. <a href="https://www.imperialviolet.org/2016/11/28/cecpq1.html" rel="nofollow">https://www.imperialviolet.org/2016/11/28/cecpq1.html</a>