Apple is introducing a brand new cryptographic protocol for iMessage that’s designed to guard customers from refined assaults utilizing quantum computer systems. The new encryption protocol might safeguard customers from eventualities the place encrypted knowledge has been saved, solely to be decrypted utilizing a quantum laptop at a later date. iMessage is the second messaging platform identified to introduce assist for quantum-security cryptography — Signal’s PQXDH protocol was launched final yr — whereas including one other layer of safety to guard customers if keys are compromised.
The firm detailed the event of the brand new PQ3 protocol for iMessage on Wednesday, forward of its deployment on supported iPhone, iPad, Mac, and Apple Watch fashions. PQ3 is a quantum-resistant cryptographic protocol designed to guard conversations from being compromised by attackers with quantum computer systems sooner or later, based on Apple.
Traditional public key cryptography — utilized in safe messaging providers like WhatsApp, iMessage, and Signal — defend customers from highly effective computer systems utilizing troublesome mathematical issues. However, highly effective quantum computer systems are stated to be able to fixing these issues, which signifies that despite the fact that they do not presently exist, they can be utilized to compromise encrypted chats sooner or later.
Apple additionally highlights one other problem posed by quantum computer systems — the “Harvest Now, Decrypt Later” state of affairs. By storing huge quantities of encrypted knowledge accessible immediately, succesful attackers can achieve entry to the information in some unspecified time in the future sooner or later as soon as a robust sufficient quantum laptop is able to breaking the normal encryption used to guard these messages.
iMessage will be part of Signal in utilizing quantum-resistant cryptography
Photo Credit: Apple
iMessage is the second messaging platform so as to add assist for quantum-security cryptography. Last yr, Signal — extensively thought of the gold normal in encrypted messaging — introduced it was rolling out a brand new PQXDH protocol that might defend customers from quantum computer systems. Apple says that its PQ3 encryption protocol goes one step additional than PQXDH by altering post-quantum keys on an ongoing foundation — this limits the variety of messages that may be uncovered if the keys are compromised.
The new PQ3 post-quantum encryption protocol is designed to guard customers from present and future adversaries and will probably be launched from the beginning of a chat, based on Apple. It would must be mixed with the corporate’s present encryption, with a hybrid design which means attackers would want to defeat each the normal encryption and the post-quantum primitives used to guard iMessage conversations.
In order to guard customers in case an encryption secret’s compromised, Apple says {that a} new post-quantum secret’s transmitted periodically (as a substitute of with each message), to maintain the scale of those encrypted messages in examine, whereas permitting customers to entry the service even in poor community situations.
The new PQ3 protocol has been reviewed by the corporate’s Security Engineering and Architecture (SEAR) groups. It has additionally been reviewed by a workforce led by Professor David Basin, head of the Information Security Group at ETH Zürich, in addition to Professor Douglas Stebila from the University of Waterloo. The firm additionally says that it additionally contracted a third-party safety consultancy independently assessed the PQ3 supply code, and located no safety points, based on the corporate.
Apple says that the upcoming updates to iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4 will convey assist for PQ3, and iMessage conversations on supported gadgets will mechanically begin to use the brand new quantum-security protocol to encrypt messages despatched and acquired on the platform. All supported conversations will probably be upgraded to the post-quantum encryption protocol this yr, based on the corporate.
