Apple has announced a new post-quantum cryptographic protocol called PQ3, which he said will be integrated into iMessage to protect the messaging platform against future attacks arising from the threat of a practical quantum computer.
How PQ3 works, the new post-quantum protocol according to Apple
“With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to achieve what we call Layer 3 security – providing protocol protections that surpass those of all other widely used messaging apps“, has declared Apple.
The iPhone maker described the protocol as “innovative”, “cutting edge” and with the “strongest security properties” of any large-scale implemented cryptographic protocol.
PQ3 is the latest security barrier Apple erected in iMessage after switching from encryption RSA to elliptic curve cryptography (ETC) and after protecting encryption keys on devices with the Secure Enclave in 2019.
While the current algorithms underlying public key cryptography (or asymmetric cryptography) are based on mathematical problems easy to solve in one direction but difficult in the opposite direction, a potential future breakthrough in quantum computers means that classical mathematical problems considered computationally intensive can be solved triviallyeffectively threatening end-to-end encrypted communications (E2EE).
The risk is compounded by the fact that threat actors could carry out what is known as a harvest now, decrypt later (HNDL) attack, where encrypted messages are stolen today with the hope of later deciphering them using a quantum computer once that becomes a reality.
In July 2022, the US Department of Commerce's National Institute of Standards and Technology (NIST) selected Kyber as the post-quantum cryptographic algorithm for general encryption; over the last year, Amazon Web Services (AWS), Cloudflare, Google And Signal have announced support for quantum-resistant encryption in their products.
Apple is the latest company to join the post-quantum cryptography (PQC) bandwagon with PQ3, which combines Kyber and ECC and aims to achieve Level 3 security; in contrast, Signal, which introduced its own protocol PQXDHoffers Level 2 security, which establishes a PQC key for encryption.
This refers to an approach in which PQC is “used to protect both the initial establishment of the key and the continuous exchange of messages, with the ability to quickly and automatically restore the cryptographic security of a conversation even if a given key is compromised.”
The protocol, according to Apple, it is also designed to mitigate the impact of key compromises by limiting how many past and future messages can be decrypted with a single compromised key; in particular, its key rotation scheme ensures that keys are changed every 50 messages at most and at least once every seven days.
Support for PQ3 is expected to begin rolling out with the general availability of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4 next month; Cupertino's iMessage security improvement follows surprising decision of the tech giant to bring the Rich Communication Services (RCS) in its Messages app later this year, marking a much-needed shift from the insecure SMS standard.
It also announced that it will work to improve the security and encryption of RCS messages; It's important to note that while RCS does not implement E2EE by default, Google's Messages app for Android uses Signal protocol to protect RCS conversations.
While adopting advanced protections is always a welcome step, Whether this will extend beyond iMessage to include RCS messages remains to be seen.
#PQ3 #arrives #cryptographic #protocol #Apple
