Apple’s iMessage Secured with Post-Quantum Cryptography

On February 21, Apple announced the launch of PQ3, an upgrade to iMessage that boasts the most significant cryptographic security enhancement in its history. This new protocol makes Apple one of the few providers to offer post-quantum cryptography for messages. While another messaging app called Signal introduced quantum-resistant encryption in September 2023, Apple claims that it is the first one to achieve “level 3” encryption. According to Apple, PQ3 is the first messaging protocol to reach this level of security, surpassing all other widely used messaging apps in terms of protocol protections. Apple believes that PQ3 has the strongest security features of any widely deployed messaging protocol in the world.

Since its inception, Apple’s iMessage has included end-to-end encryption. Initially, the encryption used was RSA, but in 2019, the company switched to Elliptic Curve cryptography (ECC). Currently, breaking this encryption is considered impractical due to the time and computing power required. The risks associated with quantum computing are increasing. Theoretically, a powerful enough quantum computer could easily break today’s encryption methods. While there are currently no known quantum computing systems capable of doing so, the rapid advancement in the field has prompted governments and organizations to start preparing. Developing post-quantum cryptography methods in advance allows entities such as banks and hospitals to protect their data from malicious actors who may gain access to cutting-edge technology.

It is difficult to predict exactly when quantum computers capable of breaking standard cryptography will emerge. IBM speculates that a turning point in quantum computing will occur by 2029, while QuEra, a spinoff of MIT and Harvard, claims it will have a 10,000-qubit error-corrected system by 2026. Cybercriminals are not waiting for the arrival of quantum computers to initiate their attacks. Many are unlawfully collecting encrypted data and storing it with the intention of decrypting it later, a technique commonly known as a HNDL attack (harvest now, decrypt later). This highlights the urgency for organizations to implement quantum-safe encryption methods to protect their sensitive information.

Apple’s introduction of PQ3 demonstrates its commitment to staying ahead of the curve in terms of cryptographic security. By becoming one of the early providers of post-quantum cryptography, Apple aims to ensure the protection of user data even in the face of future advancements in quantum computing. This development not only provides reassurance to users of iMessage but also sets a precedent for other messaging apps to consider implementing similar security upgrades. As the threat of quantum computing looms, it is crucial for the industry as a whole to prioritize encryption methods that can withstand the power of quantum computers.