Apple has announced an upgrade to iMessage’s security layer to utilize post-quantum cryptography. This security enhancement will be available in iOS and iPadOS 17.4, macOS 14.4, and watchOS 10.4.
The move comes in anticipation of the future capabilities of quantum computers which could potentially compromise today’s cryptography standards. Apple aims to change the end-to-end encryption used in iMessage to counteract this threat without requiring quantum-level processing power.
Currently, messaging apps use encryption based on public and private keys. The public key encrypts messages, while the private key decrypts them. The encryption relies on mathematical functions and the strength of the cipher used, which could be vulnerable to the computational power of quantum computers.
Apple and other companies believe that quantum computers would be capable of breaking today’s encryption standards due to their exponentially faster computational abilities.
Apple stated in its blog post, “A sufficiently powerful quantum computer could solve these classical mathematical problems in fundamentally different ways, and therefore — in theory — do so fast enough to threaten the security of end-to-end encrypted communications.”
How is Apple implementing this?
Apple acknowledges the potential for adversaries to collect encrypted data today and decrypt it in the future using quantum computers. To counteract this, Apple’s new protocol involves changing encryption keys on an ongoing basis.
The company’s custom built protocol combines Elliptic-Curve cryptography with post-quantum cryptography, forming what Apple refers to as the PQ3 protocol. This new standard will apply to all iMessage conversations, refreshing session keys for older messages.
Apple has enlisted two academic research teams to evaluate its PQ3 standard. However, due to the novelty of the system and the lack of general availability of quantum computing power, the efficacy of Apple’s post-quantum protocol cannot currently be measured practically.
This announcement comes at a time when lawmakers are considering online safety regulations that could potentially weaken encryption on messaging services. Meanwhile, other companies like Meta are also working on implementing end-to-end encryption for their products.
Signal, an end-to-end messaging app, upgraded to post-quantum encryption algorithms last year in order to safeguard against future quantum-based decryption attacks.
