Post-quantum iMessage: the next step in privacy protection

Apple has released a new encryption protocol – PQ3 – for iMessage, which provides post-quantum security for instant messaging.

Apple has released a new way to protect instant messaging in iMessage

The widespread use of quantum computers in the near future may allow hackers to decrypt messages that were encrypted with classical cryptography methods at astonishing speed. Apple has proposed a solution to this potential problem: after the next update of their OSes, conversations in iMessage will be protected by a new post-quantum cryptographic protocol called PQ3. This technology allows you to change the algorithms of end-to-end encryption with a public key so that they can work on classical non-quantum computers, but will provide protection against potential hacking coming from using future quantum computers.

Today we’ll go over how this new encryption protocol works, and why it’s needed.

How PQ3 works

All popular instant messaging applications and services today implement standard asymmetric encryption methods using a public and private key pair. The public key is used to encrypt sent messages and can be transmitted over insecure channels. The private key is most commonly used to create symmetric session keys that are then used to encrypt messages.

This level of security is sufficient for now, but Apple is playing it safe – fearing that hackers may be preparing for quantum computers ahead of time. Due to the low cost of data storage, attackers can collect huge amounts of encrypted data and store it until it can be decrypted using quantum computers.

To prevent this, Apple has developed a new cryptographic protection protocol called PQ3. The key exchange is now protected with an additional post-quantum component. It also minimizes the number of messages that could potentially be decrypted.

Types of cryptography used in messengers

Types of cryptography used in messengers. Source

The PQ3 protocol will be available in iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. The transition to the new protocol will be gradual: firstly, all user conversations on PQ3-enabled devices will be automatically switched to this protocol; then, later in 2024, Apple plans to completely replace the previously used protocol of end-to-end encryption.

Generally, credit is due to Apple for this imminent security boost; however, the company isn’t the first to provide post-quantum cybersecurity of instant messaging services and applications. In the fall of 2023, Signal’s developers added support for a similar protocol – PQXDH, which provides post-quantum instant messaging security for users of updated versions of Signal when creating new secure chats.

How the advent of PQ3 will affect the security of Apple users

In essence, Apple is adding a post-quantum component to iMessage’s overall message encryption scheme. In fact, PQ3 will only be one element in its security approach along with traditional ECDSA asymmetric encryption.

However, relying solely on post-quantum protection technologies isn’t advised. Igor Kuznetsov, Director of Kaspersky’s Global Research and Analysis Team (GReAT), commented on Apple’s innovations as follows:

“Since PQ3 still relies on traditional signature algorithms for message authentication, a man-in-middle attacker with a powerful quantum computer (yet to be created) may still have a chance of hacking it.

Does it offer protection against adversaries capable of compromising the device or unlocking it? No, PQ3 only protects the transport layer. Once a message is delivered to an iDevice, there’s no difference – it can be read from the screen, extracted by law enforcement after unlocking the phone, or exfiltrated by advanced attackers using Pegasus, TriangleDB or similar software.”

Thus, those concerned about the protection of their data should not rely only on modern post-quantum cryptographic protocols. It’s important to ensure full protection of your device to make sure third-parties can’t reach your instant messages.