Apple to upgrade iMessage with measures against future quantum computing hacking

Classical encryption methods like RSA and Elliptic Curve Cryptography (ECC) may be particularly susceptible to the quantum computers threat. While current computers can’t crack these, a large-scale quantum computer could potentially break their underlying mathematical problems with relative ease.

This raises the specter of an attack model called “Harvest Now, Decrypt Later,” where adversaries harvest today’s encrypted communications to decrypt later with a future quantum computer.

To mitigate this risk, PQ3 integrates post-quantum cryptography – new algorithms designed to withstand attacks from quantum computers. However, Apple went far beyond simply integrating post-quantum primitives. PQ3 is a ground-up overhaul providing unprecedented protections.

(Image: Apple)

Key innovations in PQ3 include post-quantum encryption from the very start of every iMessage conversation, mitigating key compromises by automatically restoring security, and combining post-quantum with classical ECC encryption in a hybrid design. This ensures PQ3 can never be less secure than the existing classical protocol.

Perhaps PQ3’s most remarkable property is its ability to rapidly and automatically re-secure conversations in the rare chance that encryption keys are compromised, a feature Apple calls “cryptographic self-healing.”

To validate PQ3’s design, Apple subjected it to rigorous third-party analysis using cutting-edge formal verification techniques. In its research paper for the same, leading cryptography experts like Professor Douglas Stebila and Professor David Basin independently proved that as long as the underlying crypto algorithms remain secure, so does PQ3’s confidentiality.

“The iMessage PQ3 protocol is a well-designed cryptographic protocol for secure messaging that uses state-of-the-art techniques for end-to-end encrypted communication. In my analysis using the reductionist security methodology, I confirmed that the PQ3 protocol provides post-quantum confidentiality, which can give users confidence in the privacy of their communication even in the face of potential improvements in quantum computing technology,” assessed Stebila.

On the implementation front, PQ3 integrates transparently into iMessage’s existing architecture. Conversations automatically ramp up to PQ3 as devices upgrade, with no customer action required. Apple will enable it by default across iOS, macOS, watchOS starting with version updates this year.

Apple suggests that while other apps like Signal have dabbled in post-quantum primitives, PQ3 takes the technology to new heights – achieving what the company deems “Level 3” quantum-secure messaging by protecting every stage of conversations. This, Apple says, provides “protocol protections that surpass those in all other widely deployed messaging apps.”