Apple will soon equip iMessage with post-quantum encryption – Computer

Apple will soon provide iMessage with a cryptographic protocol called PQ3. According to the tech giant, it offers post-quantum encryption for its messaging service. PQ3 will be introduced as part of iOS 17.4 and macOS 14.4, due out in the coming weeks.

Apple claims in a post on his security blog that PQ3 is the “largest cryptographic security upgrade” since iMessage’s introduction in 2011. “We’ve rebuilt iMessage’s cryptographic protocol from the ground up,” the company wrote. PQ3 has been in the company’s beta software for some time and will be generally available in iOS and iPadOS 17.4, macOS 14.4 and watchOS 10.4. The protocol will completely replace existing protocols in ‘all supported conversations’ within iMessage this year.

According to Apple, PQ3 works by generating a new post-quantum encryption key using the Kyber algorithm. That post-quantum key becomes part of the set of ‘public keys’ that Apple devices generate to use iMessage. Such keys are exchanged when two iMessage users start a conversation. According to Apple, the sender of an iMessage message can always obtain the recipient’s public key, even when the recipient is offline.

IMessage will also have a recovery mechanism that will periodically replace post-quantum keys. New encryption keys are also generated, which according to Apple cannot be traced back to previous keys. For example, the tech giant claims that conversations remain secure, even if previous encryption keys or conversations were compromised.

Apple’s new security system follows messaging service Signal, which previously added post-quantum encryption, also based on the Kyber algorithm. However, Apple claims that its PQ3 system is more secure than Signal’s because PQ3 periodically refreshes the keys. That is currently not the case with Signal, the tech giant says. According to Apple, the PQ3 system has been assessed by a third-party security company, but the company is not disclosing which one it is. PQ3 has also been looked at by two groups of academics.

Post-quantum encryption must protect users against quantum computers, which may eventually be able to crack existing encryption protocols. However, such attacks are still years away, although more companies are adding such protections to their services. Signal already did that before, and Proton also says to work on PGP encryption with post-quantum security.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.