Security is a never-ending mission, and Apple today announced its latest innovation to protect iMessage. A cutting-edge post-quantum cryptographic protocol called PQ3 is now available in the beta version of iOS 17. 4. The new update provides iMessage with “the most powerful security homes of any large-scale messaging protocol in the world. “Here’s why iMessage quantum security is vital now and in the future, how PQ3 works, and more.
iMessage has a strong security record. From its launch in 2011 with end-to-end encryption, to the adoption of Elliptic Curve cryptography in 2019, BlastDoor with iOS 14, and recent innovations like touch key verification in late 2023, Apple has always championed the security of iMessage.
Apple has unveiled what it calls the “most significant” cryptographic security update for iMessage with a complete rebuild of the system’s protocol. Apple detailed the new development this morning on its Security Research blog.
Today, we’re announcing the most significant cryptographic security update in iMessage’s history with the arrival of PQ3, a revolutionary post-quantum cryptographic protocol that advances the state-of-the-art of end-to-end secure messaging. With compromise-resistant encryption and broad defenses resistant to even the most complicated quantum attacks, PQ3 is the first messaging protocol to achieve what we call Level 3 security, providing protocol protections that surpass those of all other widely deployed messaging apps. To the best of our knowledge, PQ3 has the most powerful safe houses of all the large-scale messaging protocols in the world.
Point out the first large-scale messaging platform to announce an enhanced post-quantum cryptography (PQC) security update last fall with a “key setting” mechanism.
However, Apple’s technique has two degrees of security with the key status quo of PQC, as well as with the continuous re-entry of PQC.
There is still no popular industry that compares traditional cryptography protocols to PQC protocols. So Apple has developed its own rating system. Here’s what it looks like and how PQ3 received its call from Level 3 PQC:
Apple says Signal’s resolution to include the status quo PQC (Level 2) key “is a critical and welcome step” that has put its security above all other messaging platforms. However, it can only offer quantum security if the verbal exchange key remains intact. .
At Level 2, the application of post-quantum cryptography is restricted to the initial status quo of the key, offering quantum security only if the hardware of the exreplace verbal key is never compromised. But today’s tricky adversaries are already incentivized to compromise encryption keys. as it provides them with the ability to decrypt messages through those keys as long as they are not replaced. To better protect end-to-end encrypted messaging, post-quantum keys will need to be constantly replaced to impose an upper limit on how much of a verbal exreplace can be exposed through a single, one-time key compromise, either now and with long-term quantum computers.
That’s where Apple’s PQ3 (Level 3) protocol comes in, protecting the initial key and existing re-entry. Importantly, it provides iMessage with “the ability to temporarily repair and repair the cryptographic security of a verbal exchange, even if a given key is compromised. “
As noted above, Apple envisions long-term quantum security degrees that will come with PQC authentication, as well as the status quo of the PQC key and continuous re-entry.
While many security experts estimate that it will take us a decade or more to see the full functions of quantum computers (such as hacking into classical cryptography), vital steps need to be taken now to oppose long-term attacks on existing data.
Apple is implementing a malicious tactic called “Harvest Now, Decrypt Later” which PQ3 will help against.
A sufficiently resilient quantum computer can solve those classical mathematical disorders with fundamentally different tactics, and thus, in theory, fast enough to threaten the security of end-to-end encrypted communications.
Although these quantum computers don’t exist yet, attackers with incredibly gigantic resources can already prepare for their eventual arrival by taking advantage of the sharp drop in the costs of modern data storage. The premise is simple: those attackers can collect gigantic amounts of existing encrypted data. and archiving it as a long-term reference. Even if they can’t decrypt any of that data today, they can keep it until they get a quantum computer that can decrypt it in the future, an attack scenario called Harvest Now, Decrypt Later.
And of course, as quantum computers develop, having complex security in place will save you from existing quantum attacks in the long run, as well as efforts to decipher stolen knowledge from the past.
Apple claims that “iMessage conversations between PQ3 devices are automatically transferred to the post-quantum encryption protocol. “
And PQ3 will “fully update the protocol across all supported conversations this year. “
When creating PQ3, Apple claims to have requirements:
Here are more main points about PQC public keys used through Apple:
PQ3 introduces a new post-quantum encryption key to the set of public keys that each device generates and transmits to Apple’s servers as a component of the iMessage registry. For this application, we chose to use post-quantum Kyber public keys, a set of rules. which has been thoroughly reviewed across the global cryptographic network and has been chosen through NIST as the popular key-encapsulation mechanism based on module latticework, or ML-KEM. This makes it possible to send devices to download a recipient’s public keys and generate post-quantum encryption. keys for the first message, even if the recipient is offline. We call this the initial status quo of the key.
PQ3 won two formal verifications from Professor David Basin, who heads the data security organization at ETH Zürich and is one of the inventors of Tamarin, “a leading security protocol verification tool that is also used to compare PQ3. “
Professor Douglas Stebila of the University of Waterloo, who has extensive experience in studies on the post-quantum security of Internet protocols, has also officially verified PQ3.
Check out the full Apple PQ3 Quantum Security for iMessage article for more technical highlights on PQC key mechanisms, PQC key recoding, padding and encryption, authentication, and more.
Top Symbol via 9to5Mac
Check out 9to5Mac on YouTube for Apple news:
Since joining in 2016, Michael has written over 3000 articles, breaking news, reviews, detailed comparisons, and tutorials.