Apple is rebooting iMessage with a post-quantum cryptographic protocol called PQ3, aimed at enhancing the security of the platform against potential threats from quantum computing.
According to Apple, this move hopes to preserve user privacy and data integrity, preemptively addressing future risks posed by advancements in quantum decryption technology.
According to iPhone maker, PQ3 (post-quantum cryptography level 3) achieves the highest level of security among widely deployed messaging apps, so far.
READ:
NVIDIA builds Eos supercomputer to optimize AI workload
Alliance seeks to advance post-quantum cryptography
“To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world,” Apple said.
Level 3
To illustrate PQ3’s security level, Apple explained that while most messaging apps fall under Level 0, lacking end-to-end encryption, those with end-to-end encryption are classified as Level 1, but are not quantum-safe. Prior to implementing PQ3, Apple transitioned from RSA to Elliptic Curve cryptography (ECC) in 2019, enhancing device security against sophisticated adversaries.
Apple emphasized the importance of preparing for quantum decryption threats, even though quantum computers capable of such feats are not yet realized. This move hopes to mitigate risks such as “harvest now, decrypt later” (HNDL) attacks where hackers collect data — even encrypted data — now and when the technology is available, they will decrypt them.
“iMessage now meets this goal with PQ3, offering the strongest protection against quantum attacks and becoming the only widely available messaging service to reach Level 3 security,” Apple said.
Building PQ3 from the ground up
PQ3 support on iMessage will roll out during the release of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. Interactions between devices supporting PQ3 will automatically transition to the post-quantum encryption protocol. Apple plans to replace existing security protocols with PQ3 once fully integrated.
Apple engineered its iMessage cryptographic protocol meticulously from scratch, ensuring robust security within its ecosystem. PQ3 introduces a new post-quantum encryption key in the set of locally generated public keys transmitted to Apple servers during iMessage registration. Leveraging Kyber post-quantum public keys, selected by NIST as the ML-KEM standard, PQ3 enables sender devices to establish encryption keys for the initial message, even with offline recipients.
The PQ3 cryptographic protocol for iMessage combines post-quantum initial key establishment with three ongoing ratchets for self-healing against key compromise, setting the global standard for safeguarding messages against “Harvest Now, Decrypt Later” attacks and future quantum computers.