Apple is adding a new post-quantum encryption protocol to its iMessage instant messaging service called PQ3, designed to protect encryption from quantum attacks.
iMessage is the default communication platform for iOS and macOS operating systems, with a user base of nearly 1 billion.
One of the main features of iMessage is its support for end-to-end encryption (E2EE), which ensures that communications between senders and recipients remain private even if a third party intercepts the traffic. .
Quantum computing threatens existing encryption schemes by being cracked almost instantly. Messaging apps like Signal are taking steps to strengthen their defenses by adding NIST-approved quantum-proof algorithms that are considered secure for decades into the future.
This measure protects not only current communication exchanges, but also intercepts that third parties may have stored for years waiting for a decryption solution, a so-called “collect now, decrypt later” scenario. Both are protected.
Apple says the new PQ3 protocol provides protection against quantum computing threats, which the company calls Level 3 security.
“With its breach-resistant encryption and extensive protection against even the most sophisticated quantum attacks, PQ3 is the first messaging protocol to reach so-called Level 3 security, and surpasses other widely deployed It offers more protocol protections than any messaging app,” Apple’s announcement reads.
“To our knowledge, PQ3 has the strongest security properties of any large-scale messaging protocol in the world.”
Rather than replacing elliptic curve cryptography (ECC) with PQ3, Apple is instead implementing a hybrid model that combines the two protocols, which is also employed in Signal.
This ensures that PQ3 remains robust not only against existing attacks for which the ECC algorithm has proven reliable, but also against future attackers using quantum computing. .
PQ3 integrates the Kyber algorithm, supported by the global crypto community and recognized as a solid choice by NIST, to address post-quantum cryptographic needs.
A new mechanism creates an encryption key for secure messaging at the beginning of a conversation, even when the recipient is offline. This is an approach known as initial key establishment.
PQ3’s key innovation is its periodic post-quantum rekeying mechanism, the first of its kind for a large-scale cryptographic messaging protocol.
This mechanism frequently regenerates new quantum-resistant keys, ensuring a balance of maximum security with minimal impact to the user experience.
This feature enables recovery from key compromises and ensures that ongoing conversations are safe again by generating new cryptographic keys that cannot be derived from previously compromised keys. .
Meredith Whittaker, president of Signal, said her company considered similar functionality but decided not to implement it until a more mature solution was devised.
Apple’s introduction of PQ3 brings a higher level of communication security to many people and sets an industry standard for others to follow, so this is undoubtedly a significant advancement.
