Apple is future-proofing iMessage with post-quantum cryptography

Apple is future-proofing iMessage with post-quantum cryptography


Article Contents

In This Article

Apple unveiled PQ3, “the most significant cryptographic security upgrade in iMessage history,” for iOS 17.4 on Feb. 21. 

With the new protocol, Apple becomes one of only a handful of providers featuring post-quantum cryptography for messages. Signal launched a “quantum resistant” encryption upgrade back in September 2023, but Apple says it’s the first to reach “level 3” encryption.

1663e773 8c44 4b8f 964b 8b64b202d79e
Image source: Apple Security blog

According to the Cupertino-based company:

“PQ3 is the first messaging protocol to reach what we call Level 3 security — providing protocol protections that surpass those in all other widely deployed messaging apps. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world.”

Post-quantum messaging

Apple’s iMessage has featured end-to-end encryption since its inception. While it initially used RSA encryption, the company switched to Elliptic Curve cryptography (ECC) in 2019.

As of current, breaking such encryption is considered infeasible due to the amount of time and computing power required. However, the threat of quantum computing looms closer every day.

Theoretically, a quantum computer of sufficient capabilities could break today’s encryption methods with relative ease. To the best of our knowledge there aren’t any current quantum computing systems capable of doing so, but the rapid pace of advancement has caused governments and organizations around the world to begin preparations.

The big idea is that by developing post-quantum cryptography methods ahead of time, good actors such as banks and hospitals can safeguard their data against malicious actors with access to cutting-edge technology.

Quantum safe encryption

There’s no current time frame for the advent of quantum computers capable of breaking standard cryptography. IBM claims it will have hit an inflection point in quantum computing by 2029, while MIT/Harvard spinout QuEra says it will have had a 10,000-qubit error-corrected system by 2026.

Unfortunately, bad actors aren’t waiting until they can get their hands on a quantum computer to start their attacks. Many are harvesting encrypted data illicitly and storing it for decryption later in what’s commonly known as a HNDL attack (harvest now, decrypt later).

Related: Oxford economist who predicted crypto going mainstream says ‘quantum economics’ is next


# Tags