I wasn't aware of this, but they have an early pull request on working on #PQXDH and they also stated that they are working on:
"Ongoing futureproofing work includes Post Quantum resilience via Kyber post-quantum KEM and PQXDH key exchange, as well as support for Messaging Layer Security (MLS, RFC9420) for improved scalability for group encryption."
@neurovagrant Just looked into this because you pointed it out and seemed interesting. Bernstein is pointing out a math error that overestimated the strength of Kyber-512 when it is in fact weaker than AES-128, but with the corrected math Kyber-768 and Kyber-1024 are still stronger than AES-128, they just come with key size trade-offs that are much worse than Kyber alternatives
Signal has listed Kyber-1024 in their white paper, meaning they’ve already accepted the size-security trade-off to maximize security, so this shouldn’t directly effect their plans (I even checked the Wayback Machine & they listed Kyber-1024 from the start)
Regardless, this does pour cold water on PQ in general & diminishes trust in the NIST standards process, which could effect long-term support for Kyber now
La plus qu’excellente #messagerie chiffrée #Signal annonce le protocole #PQXDH ! Première étape de la résistance post-quantique pour Signal, PQXDH protège vos appels et discussions Signal contre les menaces futures potentielles de percées dans l'#InformatiqueQuantique. Et il est déjà déployé auprès des clients Signal du monde entier. N’hésitez surtout pas à l’utiliser. Et à leur faire un don 😉