"Apple Adds Post-Quantum Encryption to iMessage"
Apple recently unveiled PQ3, a new post-quantum cryptographic protocol for iMessage that is designed to protect encrypted communications even against future quantum computing attacks. End-to-end encryption is present by default in many popular messaging applications, but the actual level of protection depends on the cryptographic protocols they use and how they are implemented. Apple describes three levels of encryption in messaging apps: level 0, which includes apps that don't provide end-to-end encryption by default; Level 1, apps that provide end-to-end encryption by default via traditional cryptography; level 2, apps that provide post-quantum security in the initial encryption key establishment; and level 3, apps that provide post-quantum security in both key establishment and ongoing message exchanges. Apple says that the PQ3 protocol puts iMessage in "level 3," ensuring that communications are protected even if an encryption key is compromised. Apple says iMessage will be the only messaging application that limits the number of past and future messages that can be decrypted by an attacker who has obtained a single encryption key. Apple noted that this is done by automatically changing post-quantum keys on an ongoing basis. Apple says PQ3 has been designed to combine post-quantum algorithms with classic Elliptic Curve cryptography, requiring an attacker to defeat both the classic and the post-quantum cryptography in order to gain access to communications. PQ3 is currently in beta, and it will be rolled out with the upcoming release of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. The new protocol will be enabled by default for communications between devices that support PQ3.
SecurityWeek reports: "Apple Adds Post-Quantum Encryption to iMessage"