Apple today announced that it is upgrading the security level of iMessage to post-quantum cryptography, starting with iOS and iPadOS 17.4, macOS 14.4, and watchOS 10.4.
The tech giant said that in the coming years, quantum computers will be able to break current cryptography standards. That’s why Apple said it’s changing the way end-to-end encryption works with iMessage without the need for quantum-level processing power.
Today’s messaging applications use encryption typically through a pair of public and private keys. The public key is used to encrypt messages sent, and the private key is used by the recipient to decrypt a message, although much of this happens automatically and seamlessly. The cryptography used to recycle user messages today works by applying different mathematical functions. The ability of malicious hackers to decrypt messages relies on the strength of the cryptographic cipher in use today, combined with the raw computing power aimed at calculating each mathematical combination or permutation of the cipher.
Apple and other companies believe that future quantum computers – capable of exponentially faster calculations – could break today’s encryption standards.
“A sufficiently powerful quantum computer could solve these classical mathematical problems in fundamentally different ways and therefore — in theory — do so fast enough to threaten the security of end-to-end encrypted communications,” Apple said. in his blog post.
How does Apple do this?
Apple said adversaries can start collecting encrypted data today and decrypt it later when quantum computers are more widely available – a technique called “recursive decryption”.
In its blog, Apple says that to protect against future quantum cryptography attacks, encryption keys must be changed “on an ongoing basis.”
Apple says its new custom protocol combines Elliptic-Curve encryption — the existing encryption algorithm for iMessage — and post-quantum cryptography. This forms what Apple calls the PQ3 protocol. When the new PQ3 cryptographic standard is released, Apple said it will be applied to all new iMessage conversations and older messages by renewing session keys for previous conversations.
Apple asked two academic research groups to evaluate the PQ3 standard. Since this system is new and we are years away from the general availability of quantum computing power, there is no practical way to measure the effectiveness of Apple’s post-quantum protocol.
The tech giant’s announcement comes as lawmakers try to introduce internet security rules that risk undermining encryption in messaging services. At the same time, companies like Meta are working to implement end-to-end encryption protection in products like Messenger and Instagram.
The end-to-end messaging app Signal last year of upgrading to post-quantum encryption algorithms to prevent future quantum-based decryption attacks.
