Apple announced PQ3, a post-quantum cryptographic protocol, to encrypt conversations in iMessage.
| Photo Credit: AP
Story so far: On February 21, Apple announced PQ3, a post-quantum cryptographic protocol, to encrypt conversations in iMessage. The company called it the âfirst messaging protocol to reach Level 3 securityâ and claimed it can defend âeven highly sophisticated quantum attacks.â Per Apple, this protocolâs security layer will surpass those available in all widely used messaging apps.
What is the PQ3 protocol, and how does it work?
Currently, most messaging apps use standard encryption methods using public and private keys to securely deliver messages. There are two encryption methods. In the public key encryption method, a userâs message is encrypted by the public key before transmission and then the private key is used to decrypt messages.
In the private key method, while both keys are required, they are basically the same, and both the sender and the recipient are allowed to encrypt or decrypt the message.
Appleâs PQ3 protocol uses a hybrid design combining the traditional encryption methods with post-quantum encryption both during the initial key establishment between devices and during rekeying, which essentially rechecks the cryptographic keys between devices to ensure continued protection.
Under PQ3 protocol each device generates public keys locally and then transmits them to Apple servers as part of the iMessage registration process using the Module Lattice-based Key Encapsulation Mechanism or ML-KEM. This enables the sender device to get the receiver deviceâs public keys and generate post-quantum encryption keys for the first message. Apple has also included a periodic post-quantum rekeying mechanism within the conversation which is capable of self-healing from key compromise and safeguarding future messages.
Why is Apple shifting to PQ3 protocol?
Currently, Appleâs iMessage supports end-to-end encryption by default. This mode of protection relies on mathematical problems that could potentially be solved by powerful quantum computers.
Over the years, Apple has made improvements to encryption, enhancing its platformâs overall protection against hackers. However, current cryptographic problems can be solved by quantum computers, though such computers are still in the works. Apple says extremely well-resourced attackers can mount attacks by taking advantage of the drop in data storage costs.
Essentially, attackers can store large amounts of todayâs encrypted data and file it for future reference. And though attackers may not be able to decrypt this data today, they can retain it until it can be decrypted at a later date by making use of a quantum computer.
(For top technology news of the day, subscribe to our tech newsletter Todayâs Cache)
What are PQ3âs strengths and limitations?
The PQ3 protocol protects communications on iMessage against current and future decryptions. It also limits how many past and future messages can be decrypted with a single compromised key, reducing the impact of key compromises.
But, despite its enhanced protection, the PQ3 protocol, because of its intended application scenario, does not address group messaging, authentication against quantum adversaries, or cryptographic deniability.
Also, messages stored in iCloud may not be protected by this protocol.
Will the PQ3 protocol impact Apple users?
The new protocol offers protection against adversaries capable of compromising the transport layer between devices. However, the protocol does protect against attacks mounted on messages delivered to a device, which remains the same and can be extracted after unlocking a device or by using advanced attackers using Pegasus, TirangleDB, and other spyware.
Additionally, since PQ3 relies on traditional signature algorithms for message authentication, a man-in-middle attacker with a powerful quantum computer may still have a chance of hacking it, Kaspersky said in a blog post.
Therefore, while the new protocol from Apple enhances security on iMessage and provides protection against future attacks using quantum computers, it is not a one-stop solution. And users concerned about the protection of their data should not rely only on post-quantum cryptographic protocols.
Are other messaging services also using methods like PQ3?
Currently in beta, PQ3 will start to roll out with the public release of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. However, this is not the first time a tech company has announced post-quantum encryption protocols.
Earlier in September 2023, Signal announced advancements in quantum resistance for the Signal Protocol. The upgrade called PQXDH added a layer of protection against the threat of quantum computers being built for the future. The upgrade used a new post-quantum cryptosystem that implemented one-way functions that cannot be advantageously reversed by a quantum computer.
