Share this article on:
The iPhone maker talks up state-of-the-art “compromise-resilient encryption” with a new iMessage update.
Apple has long prided itself on the security and privacy of its message app, iMessage, but the Cupertino company is making the app even more secure – by adding a new “groundbreaking post-quantum cryptographic protocol”.
Apple’s new PQ3 protocol is designed to keep iMessage secure from the rise of quantum computers – machines powerful enough to break the heretofore “unbreakable” encryption methods traditionally used in most messaging apps.
Previously, iMessage has used Elliptic Curve cryptography, which replaced RSA encryption in 2019. But as secure as that protocol is, a quantum computer could make short work of it. No such machines exist yet, but they’re certainly on the horizon, and Apple’s move to PQ3 is effectively a future-proofing effort.
However, Apple is pushing the technology out now not just to handle future quantum-powered decryption methods but also to keep messages sent now safe from future attempts.
What Apple is worried about are “harvest now, decrypt later” attacks, where a threat actor stores massive amounts of messages for later decryption when new tools become available.
“Although quantum computers with this capability don’t exist yet, extremely well-resourced attackers can already prepare for their possible arrival by taking advantage of the steep decrease in modern data storage costs,” Apple said in a blog post.
“The premise is simple: such attackers can collect large amounts of today’s encrypted data and file it all away for future reference.”
The protocol’s name – PQ3 – stands for post-quantum and the level of security it boasts. Level 0 is no end-to-end encryption at all, level 1 is basic end-to-end encryption, and level 2 – which highly secure message app Signal uses – is PQZDH or post-quantum extended Diffie-Hellman.
Diffie-Hellman key exchange dates back to 1976 and was one of the first public key protocols, using both a publicly known key and a private key to keep communications secure.
What makes PQ3 particularly secure is the ability to “self-heal from key compromise”. Each conversation using the PQ3 protocol can be rekeyed, creating new keys that cannot be linked back to the previous one. This means that even if a key is compromised, the conversation can be made secure again.
PQ3 is currently in the beta versions of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4 and will be rolled out more widely when those operating systems move into full release.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.