February 21, 2024 at 09:45AM
Apple introduced PQ3, a post-quantum cryptographic protocol for iMessage. This protocol aims to provide enhanced protection against future quantum computing attacks through end-to-end encryption and advanced key establishment. PQ3 will be integrated into upcoming Apple OS releases and is designed to combat potential “Harvest Now, Decrypt Later” threats.
From the meeting notes, the key takeaways are:
1. Apple unveiled the PQ3 protocol for iMessage, providing post-quantum cryptographic protection against potential future quantum computing attacks.
2. The PQ3 protocol will be implemented in upcoming releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4, and will be enabled by default for communications between devices that support PQ3.
3. PQ3 combines post-quantum algorithms with classic Elliptic Curve cryptography, making it more secure by requiring attackers to defeat both types of cryptography for access to communications.
4. It limits the number of past and future messages that can be decrypted by an attacker who has obtained a single encryption key, and automatically changes post-quantum keys on an ongoing basis.
5. The protocol is designed to be efficient and maintain confidentiality even in the presence of key compromises and strong adversaries, with detailed security analysis by researchers at the University of Waterloo and ETH Zurich.
6. Apple plans for the new protocol to fully replace the existing protocol within all supported conversations this year as it gains operational experience at the global scale of iMessage.
These are the key points distilled from the meeting notes regarding Apple’s PQ3 protocol and its impact on iMessage and the broader encryption landscape.