Apple has announced a new cryptographic protocol for iMessage that aims to bolster user security against potential threats from quantum computing technology. This enhanced encryption could protect data that has been previously encrypted and stored, preventing unauthorized access once quantum computers become capable of breaking traditional encryption methods. iMessage now joins Signal, which implemented its own quantum-security cryptography, known as the PQXDH protocol, last year.
The technology company outlined the introduction of the PQ3 protocol for iMessage on Wednesday, revealing plans for its rollout across compatible models of iPhone, iPad, Mac, and Apple Watch. The PQ3 protocol is designed to be resistant to quantum attacks, ensuring the confidentiality of users’ conversations, as highlighted by Apple.
Current secure messaging platforms, like WhatsApp, iMessage, and Signal, rely on traditional public key cryptography. This method protects users by presenting complex mathematical challenges that even powerful classical computers struggle to solve. However, the advent of quantum computers poses a serious risk, as they could potentially crack these cryptographic challenges in the future.
Apple also addresses a particular scenario associated with quantum computing, known as the “Harvest Now, Decrypt Later” problem. This situation occurs when attackers store large amounts of today’s encrypted data, enabling them to decrypt it later once sufficiently powerful quantum systems become available.
Last year’s implementation of quantum-security measures was pioneered by Signal, which is renowned for its encryption standards. Apple claims that its PQ3 protocol enhances security further by regularly updating post-quantum keys. This dynamic approach reduces the number of messages susceptible to exposure if any keys are compromised.
The PQ3 encryption framework is intended to provide protection against both current and emerging threats and will activate at the initiation of conversations. It works in tandem with Apple’s existing encryption systems, requiring attackers to overcome both the conventional encryption and the advanced post-quantum methods in order to successfully breach iMessage communications.
To safeguard users in the event of key compromise, Apple has designed a mechanism where new post-quantum keys are transmitted periodically. This strategy maintains manageable message sizes and ensures consistent service accessibility, even under suboptimal network conditions.
The PQ3 protocol has undergone rigorous scrutiny, being evaluated by Apple’s Security Engineering and Architecture (SEAR) team. It has also been assessed by experts, including Professor David Basin from ETH Zürich and Professor Douglas Stebila of the University of Waterloo. Furthermore, an independent third-party security consulting firm reviewed the PQ3 source code and reported no security issues detected.
Support for the new PQ3 protocol is slated to be included in upcoming updates for iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. Automatic upgrades to the quantum-security protocol will be enabled for iMessage conversations across compatible devices, ensuring that all supported exchanges will benefit from this advanced encryption within this year.
