![](\"https:\/\/images.idgesg.net\/images\/idge\/imported\/imageapi\/2023\/08\/23\/11\/microsoft-quantum-computer-source-ms-quantum-100832328-small-100945095-small.jpg\"\/)
<\/p>\n
Apple is preparing for future threats to iMessage by introducing upgraded encryption for its messaging service by using quantum computers.<\/p>\n
Think of it as state-of-the-art quantum security for messaging at scale, the company says, resulting in Apple’s messaging system being more secure against both current and future foes.<\/p>\n
Announced on Apple\u2019s Security Research blog<\/a>, the new iMessage protection is called PQ3 and promises the \u201cstrongest security properties of any at-scale messaging protocol in the world.\u201d<\/p>\n The rationale behind this protection is \u201cWhat if?<\/em>\u201d<\/p>\n In this case, Apple\u2019s security teams asked themselves what might happen if hackers, criminals, or state-backed rogue surveillance firms<\/a> gathered vast quantities of encrypted iMessage data today in order to break that encryption using quantum computers tomorrow.<\/p>\n Apple calls this a Harvest Now, Decrypt Later<\/em> attack. The new security protocol is designed to help protect against this.<\/p>\n These attacks are less likely today than they might become. It is widely accepted<\/a> that quantum computers will be capable of cracking the classical public key cryptography \u00a0such as RSA, Elliptic Curve signatures, and Diffie-Hellman key exchange in use today.<\/p>\n Apple explains:<\/p>\n \u201cAll these algorithms are based on difficult mathematical problems that have long been considered too computationally intensive for computers to solve, even when accounting for Moore\u2019s law. However, the rise of quantum computing threatens to change the equation. A sufficiently powerful quantum computer could solve these classical mathematical problems in fundamentally different ways, and therefore \u2014 in theory \u2014 do so fast enough to threaten the security of end-to-end encrypted communications.\u201d<\/p>\n In truth, quantum computers are expensive, which means their use is largely limited to only the world\u2019s most powerful entities. But as more are made and costs decline, they will proliferate \u2014 and if Apple is considering the potential threat, then threat actors of various stripes will also be exploring the possibility.<\/p>\n Apple isn\u2019t alone. The cryptographic community is also exploring Post-Quantum Cryptography (PQC), aiming to develop new public key algorithms that run on the devices we use today while protecting against the forms of attack we believe quantum computers will be able to deliver tomorrow.<\/p>\n Signal, for example, introduced its own take on PQC security a few months ago<\/a>.<\/p>\n iMessage takes this protection further.<\/p>\n PQC is not only used to secure the \u201cinitial key establishment\u201d (when a shared algorithm is defined), but with the capability to restore security rapidly and automatically if that initial key becomes compromised.<\/p>\n Apple has submitted PQ3 to two leading security researchers who have verified the technology \u2014 Professor David Basin of the Information Security Group at ETH in Zurich, Switzerland, and Douglas Stebila, a University of Waterloo Professor.<\/p>\n Basin wrote<\/a>: \u201cWe have used Tamarin to formally verify the device-to-device messaging protocol PQ3. From our analysis, we conclude that this protocol achieves strong security guarantees against an active network adversary who can selectively compromise parties and has quantum computing capabilities.\u201d<\/p>\n Tamarin<\/a> is a leading security verification tool.<\/p>\n Stabila said<\/a>: \u201cThe analysis shows that PQ3 provides confidentiality with forward secrecy and post-compromise security against both classical and quantum adversaries, in both the initial key exchange as well as the continuous rekeying phase of the protocol.\u201d<\/p>\n Research papers describing the academic research conducted by both professors are available via Apple\u2019s security website, where you will also find a far more in-depth analysis of how PQ3 works and the protections it provides<\/a>.<\/p>\n The signal Apple is sending with the introduction of this protection in iMessage should not be ignored. It should be seen as both a promise and a warning.<\/p>\n Enterprise tech leaders and IT should, therefore, also work toward protecting their own data against potential quantum computing-led attacks.<\/p>\n At the very least, this will involve staying abreast of new research in the field from the likes of the US Department of Commerce\u2019s National Institute of Standards and Technology (NIST), which announced\u00a0some preliminary encryption tools<\/a>\u00a0for the post-quantum era in 2022. A response might also involve insisting on such protection in new purchasing relationships.<\/p>\n It explains that iMessage conversations between devices that support PQ3 are automatically ramping up to the post-quantum encryption protocol. \u201cAs we gain operational experience with PQ3 at the massive global scale of iMessage, it will fully replace the existing protocol within all supported conversations this year.\u201d<\/p>\n For Apple, the protection reflects the extent to which privacy and security enhancements have been integral to its iMessage service since it was first introduced. It builds, for example, on robust protections such as Lockdown Mode<\/a> and Contact Key Verification<\/a> that already exist.<\/p>\n Please follow me on\u00a0Mastodon<\/a>, or join me in the\u00a0AppleHolic\u2019s bar & grill<\/a>\u00a0and\u00a0Apple Discussions<\/a>\u00a0groups on MeWe.<\/em><\/p>\n http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Apple is preparing for future threats to iMessage by introducing upgraded encryption for its messaging service by using quantum computers.<\/p>\n Think of it as state-of-the-art quantum security for messaging at scale, the company says, resulting in Apple’s messaging system being more secure against both current and future foes.<\/p>\n<\/p>\nWhat is the protection?<\/strong><\/h2>\n