Apple has announced a significant security upgrade for its iMessage service with the introduction of PQ3, a post-quantum cryptographic protocol. This new protocol enhances the security of end-to-end messaging, providing extensive defenses against potential quantum attacks. PQ3 is the first messaging protocol to achieve Level 3 security, surpassing the protections offered by other widely used messaging apps.
The upgrade will be rolled out with the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. The PQ3 protocol was reviewed by Apple’s Security Engineering and Architecture team and external experts in cryptography.
Introduction to PQ3: A Quantum-Secure Messaging Protocol
Apple’s Security Engineering and Architecture (SEAR) team has announced the introduction of PQ3, a post-quantum cryptographic protocol for iMessage. This protocol is a significant upgrade in cryptographic security, offering robust encryption and defenses against potential quantum attacks. PQ3 is the first messaging protocol to achieve Level 3 security, surpassing the protocol protections of all other widely deployed messaging apps. To the best of our knowledge, PQ3 offers the strongest security properties of any large-scale messaging protocol globally.
The Evolution of Messaging Security
Messaging apps can be categorized on a spectrum that begins with classical cryptography and progresses towards quantum security. Most apps fall into Level 0, offering no end-to-end encryption by default and no quantum security, or Level 1, providing end-to-end encryption by default but lacking quantum security. Signal’s PQXDH protocol introduced post-quantum security in the initial key establishment, reaching Level 2. iMessage with PQ3 achieves Level 3, where post-quantum cryptography secures both the initial key establishment and the ongoing message exchange.
The Threat of Quantum Computing
Historically, messaging platforms have used classical public key cryptography, such as RSA, Elliptic Curve signatures, and Diffie-Hellman key exchange, to establish secure end-to-end encrypted connections between devices. These algorithms are based on complex mathematical problems that have long been considered too computationally intensive for computers to solve. However, the rise of quantum computing threatens to change this equation. A sufficiently powerful quantum computer could solve these classical mathematical problems in fundamentally different ways, potentially threatening the security of end-to-end encrypted communications.
Mitigating Risks from Future Quantum Computers
To mitigate risks from future quantum computers, the cryptographic community has been working on post-quantum cryptography (PQC). These new public key algorithms provide the building blocks for quantum-secure protocols but don’t require a quantum computer to run. These protocols can run on the classical, non-quantum computers we’re all using today, but will remain secure from known threats posed by future quantum computers.
The Design of PQ3
The design of PQ3 involved more than simply replacing an existing algorithm with a new one. The iMessage cryptographic protocol was rebuilt from the ground up to advance the state of the art in end-to-end encryption. The protocol introduces post-quantum cryptography from the start of a conversation, mitigates the impact of key compromises, uses a hybrid design to combine new post-quantum algorithms with current Elliptic Curve algorithms, and uses formal verification methods to provide strong security assurances for the new protocol.
Formal Verification of PQ3
The final requirement for iMessage PQ3 is formal verification, a mathematical proof of the intended security properties of the protocol. PQ3 received extensive review from Apple’s own multi-disciplinary teams in Security Engineering and Architecture (SEAR) as well as from some of the world’s foremost experts in cryptography. This includes a team led by Professor David Basin, head of the Information Security Group at ETH Zürich and one of the inventors of Tamarin, a leading security protocol verification tool that was also used to evaluate PQ3, as well as Professor Douglas Stebila from the University of Waterloo, who has performed extensive research on post-quantum security for internet protocols.
Conclusion
End-to-end encrypted messaging has seen tremendous innovation in recent years, including significant advances in post-quantum cryptography from Signal’s PQXDH protocol and key transparency from WhatsApp’s Auditable Key Directory. Building on its pioneering legacy as the first widely available messaging app to provide end-to-end encryption by default, iMessage has continued to deliver advanced protections that surpass existing systems. iMessage Contact Key Verification is the most sophisticated key transparency system for messaging deployed at scale, and is the current global state of the art for automatic key verification. And the new PQ3 cryptographic protocol for iMessage combines post-quantum initial key establishment with three ongoing ratchets for self-healing against key compromise, defining the global state of the art for protecting messages against Harvest Now, Decrypt Later attacks and future quantum computers.