![](\"https:\/\/media.wired.com\/photos\/65d60252f14794bc53bece50\/master\/pass\/Apple%E2%80%99s-iMessage-Is-Getting-Post-Quantum-Encryption--Security-GettyImages-1978192381.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Matt Burgess| Date: Wed, 21 Feb 2024 14:00:00 +0000<\/strong><\/p>\n Matt Burgess<\/a><\/span><\/span><\/p>\n Apple is launching<\/span> its first post-quantum protections, one of the biggest deployments of the future-resistant encryption technology to date.<\/p>\n Billions of medical records, financial transactions, and messages we send to each other are protected by encryption<\/a>. It\u2019s fundamental to keeping modern life and the global economy running relatively smoothly. However, the decades-long race to create vastly powerful quantum computers<\/a>, which could easily crack current encryption, creates new risks.<\/p>\n While practical quantum computing technology may still be years or decades away, security officials, tech companies, and governments are ramping up their efforts to start using a new generation of post-quantum cryptography. These new encryption algorithms will, in short, protect our current systems against any potential quantum computing-based attacks.<\/p>\n Today Cupertino is announcing that PQ3\u2014its post-quantum cryptographic protocol\u2014will be included in iMessage. The update will launch in iOS and iPad OS 17.4 and macOS 14.4 after previously being deployed in the beta versions of the software. Apple, which published the news on its security research blog<\/a>, says the change is the \u201cmost significant cryptographic security upgrade in iMessage history.\u201d<\/p>\n \u201cWe rebuilt the iMessage cryptographic protocol from the ground up,\u201d its blog post says, adding that the upgrade will fully replace its existing encryption protocols by the end of this year. You don\u2019t need to do anything other than update your operating system for the new protections to be applied.<\/p>\n Quantum computing is serious business. Governments in the US, China, and Russia as well as tech companies such as Google<\/a>, Amazon<\/a>, and IBM are plowing billions into the (still) relatively nascent efforts to create quantum computers. If successful, the technologies could help unlock scientific breakthroughs in everything from drug design to creating longer-lasting batteries. Politicians are also vying to become quantum superpowers<\/a>. The current quantum computing devices are still experimental and not practical<\/a> for general use.<\/p>\n Unlike the computers we use today, quantum computers use qubits, which can exist in more than one state. (Current bits are either ones or zeroes). It means that quantum devices can store more information than traditional computers and perform more complex calculations, including potentially cracking encryption.<\/p>\n \u201cQuantum computers, if deployed reliably and in a scalable manner, would have the potential to break most of today\u2019s cryptography,\u201d says Lukasz Olejnik, an independent cybersecurity and privacy researcher and consultant. This includes the encryption in the messaging apps that billions of people use every day. Most encrypted messaging apps using public key cryptography<\/a> have used RSA, Elliptic Curve, or Diffie-Hellman algorithms.<\/p>\n Responding to the potential threat\u2014which has been known about since the 1990s\u2014intelligence and security agencies have become increasingly vocal<\/a> about developing and deploying quantum-resistant cryptography. The National Institute of Standards and Technology in the US has been a driving force behind the creation of these new encryption types<\/a>. Olejnik says tech companies are taking the quantum threat \u201cvery\u201d seriously. \u201cMuch more serious than some older changes like switches between hash functions,\u201d Olejnik says, adding that things are moving relatively fast given that post-quantum cryptography is still \u201cvery young\u201d and there\u2019s \u201cno functional quantum computer on the horizon.\u201d<\/p>\n Byron Tau<\/span><\/span><\/p>\n Julian Chokkattu<\/span><\/span><\/p>\n David Nield<\/span><\/span><\/p>\n Kate Knibbs<\/span><\/span><\/p>\n Apple\u2019s rollout of PQ3 in iMessage follows Signal<\/a> in introducing post-quantum algorithms\u2014the encrypted messaging app introduced its PQXDH specification in September<\/a>, saying it is built on the Kyber algorithm. Proton, the creator of encrypted email and other apps, said around the same time that it is building quantum-safe PGP encryption for everyone to use<\/a>.<\/p>\n In its blog post, Apple details how PQ3 has been built and how it operates. The company says PQ3 creates a new post-quantum encryption key as part of the public keys that phones and computers using iMessage create and transmit to Apple\u2019s servers. The company is using the Kyber algorithm\u2014the same approach as Signal\u2014to do this and will generate the keys from the first message that is sent, even if the person receiving the message is offline.<\/p>\n Apple says its setup will apply its post-quantum protections to the creation of encryption keys and the exchange of messages, including if someone\u2019s encryption key has been compromised by an attacker. \u201cTo best protect end-to-end encrypted messaging, the post-quantum keys need to change on an ongoing basis to place an upper bound on how much of a conversation can be exposed by any single, point-in-time key compromise\u2014both now and with future quantum computers,\u201d the company says in its blog post.<\/p>\n The post-quantum protections are an addition to its existing encryption, Apple says. It is using a \u201chybrid design\u201d that combines its current elliptic curve cryptography (ECC) with the newer post-quantum protections. \u201cDefeating PQ3 security requires defeating both the existing, classical ECC cryptography and the new post-quantum primitives,\u201d Apple writes.<\/p>\n Apple says PQ3 has been externally assessed by a third-party security company, which it has not named, and also two groups of academics who have written papers analyzing the system. The company argues that its approach\u2014as it is able to issue new quantum keys\u2014has stronger protections than Signal\u2019s current deployment. \u201cWe conclude that this protocol achieves strong security guarantees against an active network adversary who can selectively compromise parties and has quantum computing capabilities,\u201d a research paper led by David Basin, a computer science professor at ETH Zurich, says of PQ3.<\/p>\n While there\u2019s no guarantee that quantum technologies will ever develop enough to become useful, it\u2019s likely that the next few years will see a steady drip of companies deploying and enhancing their post-quantum protocols. In part, this is to combat one of the biggest current fears around quantum computing: that countries and threat actors are gathering and hoarding encrypted data today with the plan to unlock its secrets if quantum technologies evolve.<\/p>\n Starting to deploy post-quantum encryption now\u2014before functional quantum computers exist\u2014has the potential to limit the impact of these so-called \u201charvest now, decrypt later\u201d attacks. \u201cWe are seeing our adversaries do this\u2014copying down our encrypted data and just holding on to it,\u201d Dustin Moody, who leads post-quantum encryption standards in the US told The New Yorker<\/em> in 2022<\/a>. \u201cIt\u2019s definitely a real threat.\u201d<\/p>\n