Apple is adding to the iMessage instant messaging service a new post-quantum cryptographic protocol named PQ3, designed to defend encryption from quantum attacks.
iMessage is the default communication platform on iOS and macOS operating systems, with a user base of nearly one billion.
One of iMessage's key features is support for end-to-end encryption (E2EE) to ensure that the communication remains private between between the sender and the recipient even if a third-party intercepts the traffic.
Quantum computing threatens the existing encryption schemas with nearly instant cracking. Messaging apps like Signal have taken steps to strengthen their defenses by adding NIST-approved quantum-resistant algorithms that are believed will be secure for several decades into the future.
This measure protects both current communication exchange as well as interceptions that a third party may have stored over the years waiting for decryption solution - the so-called "harvest now, decrypt later" scenario.
Apple says that its new PQ3 protocol achieves protection against quantum computing threats, which the company calls Level 3 security.
"With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach what we call Level 3 security — providing protocol protections that surpass those in all other widely deployed messaging apps," reads Apple's announcement.
"To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world."
Apple does not trade Elliptic Curve Cryptography (ECC) for PQ3 but instead implements a hybrid model that combines the two protocols, also adopted by Signal.
This ensures that PQ3 remains robust against existing attacks for which ECC algorithms have proven reliable, as well as against future adversaries employing quantum computing.
PQ3 integrates for its post-quantum cryptographic needs the Kyber algorithm, which is backed by the global cryptography community and recognized by NIST as a solid choice.
The new mechanism creates encryption keys for secure messaging at the start of a conversation, even if the receiver is offline, an approach known as the initial key establishment.
A significant innovation within PQ3 is its periodic post-quantum rekeying mechanism, a first of its kind for large-scale cryptographic messaging protocols.
This mechanism frequently regenerates new quantum-resistant keys, ensuring maximum security balanced with low impact on user experience.
This feature makes it possible to recover from key compromises, ensuring ongoing conversations regain their secure status by generating new encryption keys that cannot be derived from compromised past keys.
Signal's president Meredith Whittaker stated that they too considered a similar feature, but decided against implementing it until a more mature solution is devised.
Apple's introduction of the PQ3 brings high levels of communications security to a large number of people and sets an industry standard for others to follow, so it's undoubtedly a significant development.
Comments
mikebutash - 4 months ago
Quantum encryption is good, but this doesn't fix the fact that every other day there is a new no-touch and no user involved exploit in the IMessage application itself that allows these malware as a service vendors to exploit anyone they want trivially just knowing their phone number.
IMessage and Safari are the new Internet Explorer 6, giving it a run for the best malware delivery engine in 20 years.
wpontius - 4 months ago
The threat of quantum computers decryption is purely hypothetical, with having barely ventured into full scale quantum computer systems that are a fraction of their ultimate size and capabilities. It is naive and arrogant to think we can begin to protect our current systems and data from an unknown quantity. Like the unexpected behaviors and capabilities that show up in complex AI programs. How do we predict the unknown behaviors and capabilities of large and complex quantum systems we can barely imagine? As I understand it these quantum systems have the same complex algorithms and fuzzy logic\learning as AI. Plus the unknowns of a quantum zoo we don't understand.
b1k3rdude - 4 months ago
Also all the enryption in the world is pointless if Apple just role over for the various authorities.
Dmonder - 4 months ago
"To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world."
Love the "To our knowledge" disclaimer. Perhaps even Apple knows they need to tread lightly here?
NoneRain - 4 months ago
A lot of buzz for nothing. Who in h3ll can utilize quantum computers to break tradicional encryption? NISQ is the promising, but "useless" era.
I guess the goal is make we all feel a lil bit more secure against things that doesn't quite exist yet lol