Apple is preparing for future threats to iMessage by introducing upgraded encryption for its messaging service by using quantum computers.
Think of it as state-of-the-art quantum security for messaging at scale, the company says, resulting in Apple's messaging system being more secure against both current and future foes.
What is the protection?
Announced on Apple’s Security Research blog, the new iMessage protection is called PQ3 and promises the “strongest security properties of any at-scale messaging protocol in the world.”
The rationale behind this protection is “What if?”
In this case, Apple’s security teams asked themselves what might happen if hackers, criminals, or state-backed rogue surveillance firms gathered vast quantities of encrypted iMessage data today in order to break that encryption using quantum computers tomorrow.
Apple calls this a Harvest Now, Decrypt Later attack. The new security protocol is designed to help protect against this.
How likely are such attacks?
These attacks are less likely today than they might become. It is widely accepted that quantum computers will be capable of cracking the classical public key cryptography such as RSA, Elliptic Curve signatures, and Diffie-Hellman key exchange in use today.
Apple explains:
“All these algorithms are based on difficult mathematical problems that have long been considered too computationally intensive for computers to solve, even when accounting for Moore’s law. However, the rise of quantum computing threatens to change the equation. A sufficiently powerful quantum computer could solve these classical mathematical problems in fundamentally different ways, and therefore — in theory — do so fast enough to threaten the security of end-to-end encrypted communications.”
In truth, quantum computers are expensive, which means their use is largely limited to only the world’s most powerful entities. But as more are made and costs decline, they will proliferate — and if Apple is considering the potential threat, then threat actors of various stripes will also be exploring the possibility.
The security industry is getting ready
Apple isn’t alone. The cryptographic community is also exploring Post-Quantum Cryptography (PQC), aiming to develop new public key algorithms that run on the devices we use today while protecting against the forms of attack we believe quantum computers will be able to deliver tomorrow.
Signal, for example, introduced its own take on PQC security a few months ago.
iMessage takes this protection further.
PQC is not only used to secure the “initial key establishment” (when a shared algorithm is defined), but with the capability to restore security rapidly and automatically if that initial key becomes compromised.
Apple has submitted PQ3 to two leading security researchers who have verified the technology — Professor David Basin of the Information Security Group at ETH in Zurich, Switzerland, and Douglas Stebila, a University of Waterloo Professor.
Basin wrote: “We have used Tamarin to formally verify the device-to-device messaging protocol PQ3. From our analysis, we conclude that this protocol achieves strong security guarantees against an active network adversary who can selectively compromise parties and has quantum computing capabilities.”
Tamarin is a leading security verification tool.
Stabila said: “The analysis shows that PQ3 provides confidentiality with forward secrecy and post-compromise security against both classical and quantum adversaries, in both the initial key exchange as well as the continuous rekeying phase of the protocol.”
Research papers describing the academic research conducted by both professors are available via Apple’s security website, where you will also find a far more in-depth analysis of how PQ3 works and the protections it provides.
What can we read into this?
The signal Apple is sending with the introduction of this protection in iMessage should not be ignored. It should be seen as both a promise and a warning.
- The promise is that Apple’s security teams are working to get ahead of both current and future threats.
- The warning is that if Apple believes it necessary to protect millions of iMessage users against such threats today, tomorrow is looming fast.
Enterprise tech leaders and IT should, therefore, also work toward protecting their own data against potential quantum computing-led attacks.
At the very least, this will involve staying abreast of new research in the field from the likes of the US Department of Commerce’s National Institute of Standards and Technology (NIST), which announced some preliminary encryption tools for the post-quantum era in 2022. A response might also involve insisting on such protection in new purchasing relationships.
When is iMessage quantum security launching?
- Apple says support for PQ3 will start to roll out with the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4.
- That means the support should already be available in the betas.
It explains that iMessage conversations between devices that support PQ3 are automatically ramping up to the post-quantum encryption protocol. “As we gain operational experience with PQ3 at the massive global scale of iMessage, it will fully replace the existing protocol within all supported conversations this year.”
For Apple, the protection reflects the extent to which privacy and security enhancements have been integral to its iMessage service since it was first introduced. It builds, for example, on robust protections such as Lockdown Mode and Contact Key Verification that already exist.
Please follow me on Mastodon, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.