Q-Day is upon us: Apple upgrades iMessage with PQ3 for quantum-proof messaging with iOS 17.4
As said before, it doesn’t matter where you position yourself on the paranoid spectrum: encrypted messaging is getting more and more popular.
Here’s another fact: Q-Day is coming. It may not be today or tomorrow but it’s coming. And this, as any tech-paranoid aficionado will tell you, is the day when a breakthrough in quantum computing will occur. This means passwords and other public encryption systems could become useless, as cracking passwords will be a walk in the park for quantum computers.
On a side note: maybe now’s a good time to sort those old files and folders. Or maybe it’s time to bid farewell to the Internet?
That’s why Apple is rolling out an upgrade to its iMessage texting platform to defend against future encryption-breaking technologies (via Reuters).
The new protocol is known as PQ3 and it serves as a big neon sign that reads: the tech world is bracing for a potential future breakthrough in quantum computing that could make current methods of protecting users’ communications obsolete.
Since its inception in 2011, the blog post says, iMessage has stood out as the pioneering messaging application to offer end-to-end encryption as a standard feature. Over the years, Apple has continuously enhanced the cryptographic underpinnings of iMessage to bolster its security credentials. The most notable upgrade came in 2019 when Apple transitioned from RSA to the more secure Elliptic Curve Cryptography (ECC) for its cryptographic protocol.
Further solidifying its commitment to user privacy and security, Apple introduced an innovative update to the iMessage protocol. This update featured a periodic rekeying mechanism, adding an extra layer of security. This mechanism ensures cryptographic resilience by enabling the system to 'self-heal' in the highly unlikely scenario of a key compromise.
This is great, but…
Things become way funnier when we take into account the Harvest Now, Decrypt Later scenario – which means that even though right now attackers can’t use quantum computers for decrypting our secrets, conversations, and private files – sorry, private lives – they can prepare for Q-Day. “The premise is simple: such attackers can collect large amounts of today’s encrypted data and file it all away for future reference. Even though they can’t decrypt any of this data today, they can retain it until they acquire a quantum computer that can decrypt it in the future, an attack scenario known as Harvest Now, Decrypt Later”.
Last year, a Reuters investigation explored how the US and China are racing to prepare for Q-Day by pouring money into quantum research and investing in new encryption standards known as post-quantum cryptography.
Apple’s blog says PQ3 uses a new and overlapping series of technical safeguards aimed at closing that window of opportunity:
Here’s another fact: Q-Day is coming. It may not be today or tomorrow but it’s coming. And this, as any tech-paranoid aficionado will tell you, is the day when a breakthrough in quantum computing will occur. This means passwords and other public encryption systems could become useless, as cracking passwords will be a walk in the park for quantum computers.
That’s why Apple is rolling out an upgrade to its iMessage texting platform to defend against future encryption-breaking technologies (via Reuters).
The new protocol is known as PQ3 and it serves as a big neon sign that reads: the tech world is bracing for a potential future breakthrough in quantum computing that could make current methods of protecting users’ communications obsolete.
Apple announced rebuilding the iMessage cryptographic protocol – and potentially making it quantum-proof – in an official blog post, stating that the new PQ3 will “fully replace the existing protocol within all supported conversations this year”:
Today we are announcing the most significant cryptographic security upgrade in iMessage history with the introduction of PQ3, a groundbreaking post-quantum cryptographic protocol that advances the state of the art of end-to-end secure messaging. With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach what we call Level 3 security — providing protocol protections that surpass those in all other widely deployed messaging apps. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world.
Since its inception in 2011, the blog post says, iMessage has stood out as the pioneering messaging application to offer end-to-end encryption as a standard feature. Over the years, Apple has continuously enhanced the cryptographic underpinnings of iMessage to bolster its security credentials. The most notable upgrade came in 2019 when Apple transitioned from RSA to the more secure Elliptic Curve Cryptography (ECC) for its cryptographic protocol.
This is great, but…
Harvest Now, Decrypt Later
Things become way funnier when we take into account the Harvest Now, Decrypt Later scenario – which means that even though right now attackers can’t use quantum computers for decrypting our secrets, conversations, and private files – sorry, private lives – they can prepare for Q-Day. “The premise is simple: such attackers can collect large amounts of today’s encrypted data and file it all away for future reference. Even though they can’t decrypt any of this data today, they can retain it until they acquire a quantum computer that can decrypt it in the future, an attack scenario known as Harvest Now, Decrypt Later”.
“Everybody was Q-fu fighting”
Last year, a Reuters investigation explored how the US and China are racing to prepare for Q-Day by pouring money into quantum research and investing in new encryption standards known as post-quantum cryptography.
Apple’s blog says PQ3 uses a new and overlapping series of technical safeguards aimed at closing that window of opportunity:
- Introduce post-quantum cryptography from the start of a conversation, so that all communication is protected from current and future adversaries.
- Mitigate the impact of key compromises by limiting how many past and future messages can be decrypted with a single compromised key.
- Use a hybrid design to combine new post-quantum algorithms with current Elliptic Curve algorithms, ensuring that PQ3 can never be less safe than the existing classical protocol.
- Amortize message size to avoid excessive additional overhead from the added security.
- Use formal verification methods to provide strong security assurances for the new protocol.
Support for PQ3 will start to roll out with the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4, and is already in the corresponding developer preview and beta releases. iMessage conversations between devices that support PQ3 are automatically ramping up to the post-quantum encryption protocol. As we gain operational experience with PQ3 at the massive global scale of iMessage, it will fully replace the existing protocol within all supported conversations this year.
Things that are NOT allowed: