New iMessage PQ3 Encryption Protocol Protects Against Post-Quantum Attacks

Apple Security Research writes:

Today we are announcing the most significant cryptographic security upgrade in iMessage history with the introduction of PQ3, a groundbreaking post-quantum cryptographic protocol that advances the state of the art of end-to-end secure messaging.

This post is mind-bogglingly complicated, but the practical upshot is that Apple’s security team is concerned that future quantum computers could solve the difficult mathematical problems on which public key cryptography is based, enabling them to decrypt previously collected encrypted data. Apple designed iMessage’s new PQ3 encryption protocol to protect against such a scenario.

Although quantum computers with this capability don’t exist yet, extremely well-resourced attackers can already prepare for their possible arrival by taking advantage of the steep decrease in modern data storage costs. The premise is simple: such attackers can collect large amounts of today’s encrypted data and file it all away for future reference. Even though they can’t decrypt any of this data today, they can retain it until they acquire a quantum computer that can decrypt it in the future, an attack scenario known as Harvest Now, Decrypt Later.

Again, the details are primarily of interest to security researchers, engineers, and cryptographers, but the important takeaway for the rest of us is that the cryptographic community considers quantum computing a plausible threat and is working to block future attacks. PQ3 encryption will start to roll out with iOS 17.4, iPadOS 17.4, macOS 14.4 Sonoma, and watchOS 10.4, and Apple says it will fully replace the existing protocol for conversations between supported devices this year.

Read original article