Apple Beefs Up iMessage With Quantum-Proof PQ3 Protocol

Apple has responded to the increasing power offered by quantum computers, with a new protocol designed to secure private messaging in the future.

In a blog post Apple said PQ3 is “a groundbreaking post-quantum cryptographic protocol,” and is “the most significant cryptographic security upgrade in iMessage history.”
https://security.apple.com/blog/imessage-pq3/

Apple’s upgrade of its iMessage texting platform comes amid the push towards quantum computing, and the need to protect against encryption-breaking technologies.

PQ3 Protocol

Last month Chinese authorities claimed it had been able to crack Apple’s AirDrop encryption.

Beijing’s Justice Bureau alleged that a Chinese company called Wangshendongjian Technology, had been able to help police track down people who used Apple’s Airdrop file-sharing function to send “inappropriate information” to passersby in the Beijing subway.

Against this backdrop of concerns about the future safety of encryption protocols, comes Apple’s announced of PQ3, which it touts as offering quantum-secure cryptography for its messaging app.

“With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach what we call Level 3 security – providing protocol protections that surpass those in all other widely deployed messaging apps,” wrote Apple. “To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world.”

“Messaging apps are placed on a spectrum starting with classical cryptography and progressing towards quantum security,” it added. “Most apps fall into Level 0, with no end-to-end encryption by default and no quantum security, or Level 1, with end-to-end encryption by default, but with no quantum security.”

Apple said that Signal’s PQXDH protocol introduces post-quantum security in the initial key establishment at Level 2 and iMessage with PQ3 attains Level 3, where post-quantum cryptography is used to secure both the initial key establishment and the ongoing message exchange.

Apple said that when iMessage launched in 2011, it was the first widely available messaging app to provide end-to-end encryption by default, and it has significantly upgraded its cryptography over the years.

“We most recently strengthened the iMessage cryptographic protocol in 2019 by switching from RSA to Elliptic Curve cryptography (ECC), and by protecting encryption keys on device with the Secure Enclave, making them significantly harder to extract from a device even for the most sophisticated adversaries,2 wrote Apple.

“That protocol update went even further with an additional layer of defense: a periodic rekey mechanism to provide cryptographic self-healing even in the extremely unlikely case that a key ever became compromised.”

Quantum concerns

Apple said that historically encryption algorithms are based on difficult mathematical problems that have long been considered too computationally intensive for computers to solve, even when accounting for Moore’s law.

“However, the rise of quantum computing threatens to change the equation,” Apple noted. “A sufficiently powerful quantum computer could solve these classical mathematical problems in fundamentally different ways, and therefore – in theory – do so fast enough to threaten the security of end-to-end encrypted communications.”

Apple noted that quantum computers with this capability don’t exist yet, but extremely well-resourced attackers could already prepare for their possible arrival by taking advantage of the steep decrease in modern data storage costs, which would allow them to “collect large amounts of today’s encrypted data and file it all away for future reference.”

“Even though they can’t decrypt any of this data today, they can retain it until they acquire a quantum computer that can decrypt it in the future, an attack scenario known as Harvest Now, Decrypt Later,” said Apple.

To mitigate risks from future quantum computers, the cryptographic community has been working on post-quantum cryptography (PQC): new public key algorithms that provide the building blocks for quantum-secure protocols but don’t require a quantum computer to run – that is, protocols that can run on the classical, non-quantum computers currently being using today, but that will remain secure from known threats posed by future quantum computers.

Level 3

Apple said that messaging protocols should attain Level 3 security, where post-quantum cryptography is used to secure both the initial key establishment and the ongoing message exchange, with the ability to rapidly and automatically restore the cryptographic security of a conversation even if a given key becomes compromised.

“iMessage now meets this goal with a new cryptographic protocol that we call PQ3, offering the strongest protection against quantum attacks and becoming the only widely available messaging service to reach Level 3 security,” said Apple.

It said that support for PQ3 will start to roll out with the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4, and is already in the corresponding developer preview and beta releases.

It added that iMessage conversations between devices that support PQ3 are automatically ramping up to the post-quantum encryption protocol.

Apple said that as it gains operational experience with PQ3 at the massive global scale of iMessage, it will fully replace the existing protocol within all supported conversations this year.

Security upgrades

Apple has been beefing up its security for a number of years now.

In December 2022 Apple said it was ramping up its icloud security, including locking down photos and notes stored on its iCloud service.

This included the arrival of iMessage Contact Key Verification, for users who face extraordinary digital threats – such as journalists, human rights activists, and members of government. These people can choose to further verify that they are messaging only with the people they intend.

Apple had also introduced two-factor authentication for Apple ID, FaceTime, and iMessage in 2015.

Before that Apple had actually added the option of two-factor authentication for its iCloud in 2013, after journalist Mat Honan had his iCloud account compromised and all of his devices wiped in 2012.