Apple upgrades iMessage with PQ3 Quantum Computer-Resistant Encryption Protocol

Apple is introducing a new cryptographic protocol for iMessage that is designed to protect users from sophisticated attacks using quantum computers. The new encryption protocol could protect users from scenarios where encrypted data was stored, only to be decrypted using a quantum computer at a later date. iMessage is the second messaging platform known to introduce support for quantum-secure cryptography — Signal’s PQXDH protocol was introduced last year — while adding another layer of security to protect users if keys are compromised.

The company in detail development of the new PQ3 protocol for iMessage on Wednesday, ahead of its rollout to supported iPhone, iPad, Mac and Apple Watch models. PQ3 is a quantum-resistant cryptographic protocol designed to protect conversations from being compromised by quantum computer attackers in the future, according to Apple.

Traditional public-key cryptography—used in secure messaging services like WhatsApp, iMessage, and Signal—protects users from powerful computers running difficult math problems. However, powerful quantum computers are said to be able to solve these problems, meaning that even though they don’t currently exist, they could be used to compromise encrypted chats in the future.

Apple also highlights another challenge posed by quantum computing – “Collect now, decipher later” scenario. By storing vast amounts of encrypted data available today, capable attackers can gain access to the data at some point in the future once a sufficiently powerful quantum computer is able to break the traditional encryption used to protect those messages.

iMessage will join Signal in using quantum-resistant cryptography
Photo: Apple

iMessage is the second messaging platform to add support for quantum-secure cryptography. Last year, Signal — widely considered the gold standard in encrypted messaging — announced it was launching a new PQXDH protocol that would protect users from quantum computers. Apple says its PQ3 encryption protocol goes a step further than PQXDH by changing post-quantum keys on a permanent basis — this limits the number of messages that can be exposed if the keys are compromised.

The new post-quantum encryption protocol PQ3 is designed to protect users from existing and future adversaries and will be implemented from the start of chat, according to Apple. It will need to be combined with the company’s existing encryption, a hybrid design that means attackers will have to defeat both traditional encryption and the post-quantum primitives used to protect iMessage conversations.

To protect users in the event that the encryption key is compromised, Apple says that a new post-quantum key is transmitted periodically (rather than with each message) to keep the size of these encrypted messages under control while allowing users to have access to service even in poor network conditions.

The new PQ3 protocol was reviewed by the company’s Security and Architecture (SEAR) teams. It was also reviewed by a team led by Professor David Bassin, Head of the Information Security Group at ETH Zürich, as well as Professor Douglas Stebilla from the University of Waterloo. The company also says it contracted with a third-party security consultant who independently evaluated the PQ3 source code and found no security issues, according to the company.

Apple says that upcoming updates to iOS 17.4, iPadOS 17.4, macOS 14.4 and watchOS 10.4 will provide support for PQ3, and iMessage conversations on supported devices will automatically start using the new quantum security protocol to encrypt messages sent and received on the platform . All supported calls will be upgraded to the post-quantum encryption protocol this year, according to the company.