Apple Adds Post-Quantum Encryption to iMessage
Apple on Wednesday unveiled PQ3, a new post-quantum cryptographic protocol for iMessage that is designed to protect encrypted communications even against future quantum computing attacks. End-to-end encryption is present by default in many popular messaging applications, but the actual level of protection depends on the cryptographic protocols they use and how they are implemented.
Apple describes three levels of encryption in messaging apps: level 0, apps that don’t provide end-to-end encryption by default; level 1, apps that provide end-to-end encryption by default via traditional cryptography; level 2, apps that provide post-quantum security in the initial encryption key establishment; and level 3, apps that provide post-quantum security in both key establishment and ongoing message exchanges. The privacy-focused application Signal recently reached ‘level 2’, when it announced support for the Post-Quantum Extended Diffie-Hellman (PQXDH) protocol, but Apple says the PQ3 protocol puts iMessage in ‘level 3’, ensuring that communications are protected even if an encryption key is compromised.
The tech giant says iMessage will be the only messaging application that limits the number of past and future messages that can be decrypted by an attacker who has obtained a single encryption key. This is done by automatically changing post-quantum keys on an ongoing basis. Apple says PQ3 has been designed to combine post-quantum algorithms with classic Elliptic Curve cryptography, requiring an attacker to defeat both the classic and the post-quantum cryptography in order to gain access to communications. The company notes that PQ3 has been designed to amortize the message size to avoid excessive overhead.
While we may be many years away from practical quantum computing attacks, Apple says the introduction of PQ3 is useful now against so-called ‘Harvest Now, Decrypt Later’ attacks. This refers to threat actors collecting and storing encrypted communications now with the goal of decrypting them in the future when quantum computers become available.
Security Week 02/21/2024