Fly On Wall Street

Apple Updates iMessage With a New ‘Post-Quantum’ Encryption Protocol

Apple has rolled out an update to iMessage encryption, the likes of which includes post-quantum protections that the company calls the “most significant cryptographic security upgrade” in the messenger’s history.

In a blog post published Wednesday, Apple announced the arrival of PQ3, a new encryption protocol designed to seriously enhance the app’s security. Since its launch in 2011, iMessage has offered end-to-end encryption—which is a nice thing to have if you want to keep your chats private. It’s also not something every web messenger provides. That said, Apple’s encryption hasn’t always been as unshakeable as you’d want it to be. Researchers have cracked (or, at the very least, challenged) the app’s encryption multiple times, meaning it’d be wise to take its past (and, potentially, current) assurances with a grain of salt.

With its latest update, Apple claims your messages will now be more secure than ever been. So secure, in fact, that the company has invented a whole new level of security—what it calls “Level 3”—to distinguish the unparalleled protections your iPhone conversations will now, supposedly, enjoy.

The blog states:

With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach what we call Level 3 security — providing protocol protections that surpass those in all other widely deployed messaging apps. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world.

Apple apparently feels so confident about this assessment of unparalleled protection that it’s provided a diagram showing how iMessage now outranks other messengers, including the popular privacy app Signal:

Screenshot: Apple

In short: This is good news, overall. Any additional layer of protection you can add to your digital life is a win. That said, it’s easy to find Apple’s new “post-quantum” protections sorta funny since quantum computers don’t really exist yet. Indeed, while governments and large companies like Google are currently racing to develop them, fully functional quantum machines have not materialized yet. Scientists seem confident that they will, eventually, arrive. When they do, experts contend they’ll totally upend our way of life, leading to breakthroughs in everything from science and medicine to mathematics.

Notably, quantum computers will likely be able to break current public-key encryption algorithms, thus unlocking much of the internet—which is currently protected by public-key systems. There is some speculation that quantum-related attacks are already occurring—so-called “harvest now, decrypt later” attacks, in which a sophisticated hacker may hoover up vast amounts of encrypted data in the hopes of later using a quantum machine to decrypt it.

Apple’s new protocol is designed to protect against these kinds of attacks. It’s fueled by a “post quantum secure” algorithm known as Kyber, which was developed by researchers associated with the National Institute for Technology and Standards (NIST), the organization that has been at the forefront of encrypted protocol development for years. It’s worth noting that not all of NIST’s post-quantum algorithms have been found to be secure; that said, in general, they’re thought to be much more secure than current public-key systems which are, themselves, pretty damn secure.

Apple isn’t the only one rolling out post-encryption protections. Last summer it was reported that Google was working on post-quantum encryption standards to protect Chrome users from the same hypothetical hackers of the future. A list of other notable companies have agreed to foster the development of similar protections in their products and platforms.

Security experts have complimented Apple for its iMessage update. Matthew Green, a noted cryptography professor at John Hopkins University, called PQ3 “very good” and said that it was a nice improvement over Apple’s previous messenger defenses. “You might point out that this is overkill. Quantum computers are years away, and key compromise is rare. So why should I care about this?” Green wrote on X. “The answer is you probably don’t. It *is* overkill. But sometimes overkill sends a useful message, one that should be heard by people who aren’t technical at all.”

Exit mobile version