Apple upgrades iMessage with PQ3 quantum computer-resistant encryption protocol


Apple is introducing a new cryptographic protocol for iMessage that is designed to protect users from sophisticated attacks using quantum computers. The new encryption protocol could protect users from scenarios where encrypted data is stored, which can be decrypted using a quantum computer at a later date. iMessage is the second messaging platform known to introduce support for quantum-safe cryptography – Signal's PQXDH protocol was introduced last year – while adding another layer of security to protect users if keys are compromised. Was.

The company detailed the development of the new PQ3 protocol for iMessage on Wednesday, ahead of its deployment on supported iPhone, iPad, Mac and Apple Watch models. According to Apple, PQ3 is a quantum-resistant cryptographic protocol designed to protect future conversations from being compromised by attackers with quantum computers.

Traditional public key cryptography – used in secure messaging services like WhatsApp, iMessage and Signal – protects users from powerful computers using difficult mathematical problems. However, powerful quantum computers are thought to be able to solve these problems, meaning that even though they do not currently exist, they could be used to compromise encrypted chats in the future.

Apple also highlights another challenge posed by quantum computers – the “harvest now, decrypt later” scenario. By storing the large amounts of encrypted data available today, capable attackers could gain access to the data at some point in the future when a powerful quantum computer becomes able to break the traditional encryption used to protect those messages. .

Comparison of Image PQ3 with Apple Image PQ3

iMessage will join Signal in using quantum-resistant cryptography
Photo Credit: Apple

iMessage is the second messaging platform to add support for quantum-safe cryptography. Last year, Signal – widely considered the gold standard in encrypted messaging – announced it was rolling out a new PQXDH protocol that would protect users from quantum computers. Apple says its PQ3 encryption protocol goes a step further than PQXDH by changing post-quantum keys on an ongoing basis – this limits the number of messages that can be exposed if the keys are tampered.

According to Apple, the new PQ3 post-quantum encryption protocol is designed to protect users from existing and future adversaries and will be introduced starting with Chat. It would need to be combined with the company's existing encryption with a hybrid design, meaning attackers would have to defeat both traditional encryption and post-quantum primitives used to protect iMessage conversations.

To protect users in the event the encryption key is compromised, Apple says it will periodically release a new post-quantum key to keep the size of these encrypted messages under control, while still allowing users to access them. (instead of every message) is transmitted. Service even in poor network conditions.

The new PQ3 protocol has been reviewed by the company's security engineering and architecture (SEAR) teams. It has also been reviewed by a team led by Professor David Basin, head of the Information Security Group at ETH Zurich, and Professor Douglas Stabila of the University of Waterloo. The company also says it has contracted a third-party security consultant, who independently evaluated the PQ3 source code, and found no security issues, according to the company.

Apple says upcoming updates to iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4 will bring support for PQ3, and that iMessage conversations on supported devices will automatically encrypt sent and received messages using the new quantum-security protocol. Will start using. platform. According to the company, all supported conversations will be upgraded to post-quantum encryption protocols this year.

Affiliate links may be automatically generated – see our ethics statement for details.