Apple takes a significant step by implementing its post-quantum cryptographic protocol, PQ3 in iMessage, marking one of the largest deployments of future-proof encryption technology to date.
In this regard, it must be said that the importance of encryption in data security is undeniable in modern life and the global economy. However, the continued pursuit of powerful quantum computers poses risks to information security, as they could easily crack current encryption. Although practical quantum computers are not yet a reality, efforts to develop post-quantum cryptography are underway.
The most important update in the history of iMessage
Importantly, the Cupertino-based company has announced that the PQ3 post-quantum cryptographic protocol will be integrated into iMessage, with the update scheduled to be released on iOS and iPad OS 17.4, as well as macOS 14.4. In this regard, Apple calls this change “the most significant cryptographic security update in the history of iMessage”.
It should be noted that the complete reconstruction of the cryptographic protocol from scratch will be carried out during the current year, completely replacing the existing encryption protocols. Users will only need to update their operating systems to benefit from these new protections.
Although quantum computing has not yet reached mainstream practice, governments, businesses and security experts recognize the need to anticipate its potential threats. Apple, in its blog post, highlights that its configuration will apply post-quantum protections to both the creation of encryption keys and the exchange of messages in iMessage. Using the Kyber algorithm, the company will generate new post-quantum encryption keys as part of the public keys transmitted to Apple’s servers.
This approach, similar to that adopted by Signal, seeks to maintain security even in situations where the encryption key has been compromised.
A “hybrid design” for increased safety
Apple emphasizes that the post-quantum protections are an addition to the existing encryption, employing a “hybrid design” that combines its existing elliptic curve cryptography (ECC) with the new post-quantum protections. The company stresses that defeating PQ3 security would require defeating both classic ECC cryptography and new post-quantum primitives. This approach seeks to provide an additional layer of security, considering that post-quantum cryptography is still in its early stages of development and no functional quantum computer is on the immediate horizon.
Finally, it is necessary to report that Apple’s release of PQ3 in iMessage reflects a proactive response to the potential threats of quantum computing. As efforts in this area intensify, the introduction of post-quantum algorithms in encrypted messaging applications becomes crucial. The combination of current technologies with post-quantum protections represents a strategic approach to safeguarding users’ privacy and security, marking a milestone in the evolution of cybersecurity in the quantum era.
