Apple is introducing a brand new cryptographic protocol for iMessage that’s designed to guard customers from refined assaults utilizing quantum computer systems. The brand new encryption protocol might safeguard customers from situations the place encrypted information has been saved, solely to be decrypted utilizing a quantum pc at a later date. iMessage is the second messaging platform identified to introduce assist for quantum-security cryptography — Sign’s PQXDH protocol was launched final yr — whereas including one other layer of safety to guard customers if keys are compromised.
The corporate detailed the event of the brand new PQ3 protocol for iMessage on Wednesday, forward of its deployment on supported iPhone, iPad, Mac, and Apple Watch fashions. PQ3 is a quantum-resistant cryptographic protocol designed to guard conversations from being compromised by attackers with quantum computer systems sooner or later, in accordance with Apple.
Conventional public key cryptography — utilized in safe messaging providers like WhatsApp, iMessage, and Sign — shield customers from highly effective computer systems utilizing tough mathematical issues. Nonetheless, highly effective quantum computer systems are stated to be able to fixing these issues, which implies that despite the fact that they do not presently exist, they can be utilized to compromise encrypted chats sooner or later.
Apple additionally highlights one other problem posed by quantum computer systems — the “Harvest Now, Decrypt Later” state of affairs. By storing huge quantities of encrypted information obtainable in the present day, succesful attackers can achieve entry to the information in some unspecified time in the future sooner or later as soon as a strong sufficient quantum pc is able to breaking the normal encryption used to guard these messages.
iMessage will be part of Sign in utilizing quantum-resistant cryptography
Picture Credit score: Apple
iMessage is the second messaging platform so as to add assist for quantum-security cryptography. Final yr, Sign — extensively thought-about the gold commonplace in encrypted messaging — introduced it was rolling out a brand new PQXDH protocol that may shield customers from quantum computer systems. Apple says that its PQ3 encryption protocol goes one step additional than PQXDH by altering post-quantum keys on an ongoing foundation — this limits the variety of messages that may be uncovered if the keys are compromised.
The brand new PQ3 post-quantum encryption protocol is designed to guard customers from present and future adversaries and will likely be launched from the beginning of a chat, in accordance with Apple. It will must be mixed with the corporate’s present encryption, with a hybrid design which means attackers would wish to defeat each the normal encryption and the post-quantum primitives used to guard iMessage conversations.
With a purpose to shield customers in case an encryption key’s compromised, Apple says {that a} new post-quantum key’s transmitted periodically (as an alternative of with each message), to maintain the dimensions of those encrypted messages in examine, whereas permitting customers to entry the service even in poor community circumstances.
The brand new PQ3 protocol has been reviewed by the corporate’s Safety Engineering and Structure (SEAR) groups. It has additionally been reviewed by a team led by Professor David Basin, head of the Info Safety Group at ETH Zürich, in addition to Professor Douglas Stebila from the College of Waterloo. The corporate additionally says that it additionally contracted a third-party safety consultancy independently assessed the PQ3 supply code, and located no safety points, in accordance with the corporate.
Apple says that the upcoming updates to iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4 will carry assist for PQ3, and iMessage conversations on supported units will routinely begin to use the brand new quantum-security protocol to encrypt messages despatched and obtained on the platform. All supported conversations will likely be upgraded to the post-quantum encryption protocol this yr, in accordance with the corporate.
