Q-Day is upon us: Apple upgrades iMessage with PQ3 for quantum-proof messaging with iOS 17.4

Q-Day is upon us: Apple upgrades iMessage with PQ3 for quantum-proof messaging with iOS 17.4
As said before, it doesn’t matter where you position yourself on the paranoid spectrum: encrypted messaging is getting more and more popular.

Here’s another fact: Q-Day is coming. It may not be today or tomorrow but it’s coming. And this, as any tech-paranoid aficionado will tell you, is the day when a breakthrough in quantum computing will occur. This means passwords and other public encryption systems could become useless, as cracking passwords will be a walk in the park for quantum computers.

On a side note: maybe now’s a good time to sort those old files and folders. Or maybe it’s time to bid farewell to the Internet?

That’s why Apple is rolling out an upgrade to its iMessage texting platform to defend against future encryption-breaking technologies (via Reuters).

The new protocol is known as PQ3 and it serves as a big neon sign that reads: the tech world is bracing for a potential future breakthrough in quantum computing that could make current methods of protecting users’ communications obsolete.

Apple announced rebuilding the iMessage cryptographic protocol – and potentially making it quantum-proof – in an official blog post, stating that the new PQ3 will “fully replace the existing protocol within all supported conversations this year”:

Recommended Stories
Since its inception in 2011, the blog post says, iMessage has stood out as the pioneering messaging application to offer end-to-end encryption as a standard feature. Over the years, Apple has continuously enhanced the cryptographic underpinnings of iMessage to bolster its security credentials. The most notable upgrade came in 2019 when Apple transitioned from RSA to the more secure Elliptic Curve Cryptography (ECC) for its cryptographic protocol.

Further solidifying its commitment to user privacy and security, Apple introduced an innovative update to the iMessage protocol. This update featured a periodic rekeying mechanism, adding an extra layer of security. This mechanism ensures cryptographic resilience by enabling the system to 'self-heal' in the highly unlikely scenario of a key compromise.

This is great, but…

Harvest Now, Decrypt Later

Things become way funnier when we take into account the Harvest Now, Decrypt Later scenario – which means that even though right now attackers can’t use quantum computers for decrypting our secrets, conversations, and private files – sorry, private lives – they can prepare for Q-Day. “The premise is simple: such attackers can collect large amounts of today’s encrypted data and file it all away for future reference. Even though they can’t decrypt any of this data today, they can retain it until they acquire a quantum computer that can decrypt it in the future, an attack scenario known as Harvest Now, Decrypt Later”.

“Everybody was Q-fu fighting”

Last year, a Reuters investigation explored how the US and China are racing to prepare for Q-Day by pouring money into quantum research and investing in new encryption standards known as post-quantum cryptography.

Apple’s blog says PQ3 uses a new and overlapping series of technical safeguards aimed at closing that window of opportunity:

  • Introduce post-quantum cryptography from the start of a conversation, so that all communication is protected from current and future adversaries.
  • Mitigate the impact of key compromises by limiting how many past and future messages can be decrypted with a single compromised key.
  • Use a hybrid design to combine new post-quantum algorithms with current Elliptic Curve algorithms, ensuring that PQ3 can never be less safe than the existing classical protocol.
  • Amortize message size to avoid excessive additional overhead from the added security.
  • Use formal verification methods to provide strong security assurances for the new protocol.

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless