- PQ3 is the new post-quantum cryptographic protocol for iMessage.
- PQ3 is the first messaging protocol that qualifies to reach what Apple calls "Level 3 security".
- The new iMessage security protocol provides extensive defenses against even highly sophisticated quantum attacks.
Apple has announced PQ3, a new post-quantum cryptographic protocol for iMessage. The Cupertino tech giant says that this groundbreaking and state-of-the-art protocol has “the strongest security properties of any at-scale messaging protocol in the world.” Apple believes the PQ3 provides “extensive defenses against even highly sophisticated quantum attacks”.
Let’s understand how iMessage’s PQ3 protocol works and how differs from other messaging security protocols.
What is PQ3 Protocol?
At the moment, communication security is measured by three security levels.
- Level 0: In this level, the messages remain unencrypted.
- Level 1: Here messages are end-to-end encrypted but there’s no additional identity authentication or quantum security.
- Level 2: This includes identity authentication and quantum security but they are limited to the initial key establishment. This means quantum security is offered only if the conversation key material is never compromised.
The new iMessage security protocol, PQ3 is the first messaging protocol that qualifies to reach what Apple calls “Level 3 security”. This uses post-quantum cryptography to secure both the initial key establishment and the ongoing message exchange. In addition, the Level 3 PQC can automatically restore the security of a conversation even when the key is compromised. Therefore, PQ3 is claimed to surpass protocols in all other widely deployed messaging apps.
Why is Apple Shifting to PQ3 Protocol for iMessage?
Apple’s iMessage has always supported end-to-end encryption. When launched back in 2011, iMessage was the first widely available messaging app to support end-to-end encryption by default. Over the years, Apple has significantly improved its cryptography. However, the existing common cryptographic algorithms used by messaging apps rely on mathematical problems that could potentially be solved by sufficiently powerful quantum computers.
Such quantum computers don’t exist today. However, resourced attackers can do the homework before future arrival. Such attackers can manage to collect large amounts of encrypted data and store it for future reference. Although they can’t decrypt any of this collected data today, they can do it in the future using a quantum computer. This attack scenario is known as Harvest Now, Decrypt Later.
The iMessage’s new security protocol, PQ3 is designed to protect users against “Harvest Now, Decrypt Later” attacks. Apple says that since PQ3 achieved “Level 3” security, it secures “both the initial key establishment and the ongoing message exchange.”
How Does PQ3 Protocol Work?
The new PQ3 protocol brings a new post-quantum encryption key to the set of public keys. Each device generates these public keys locally and then transmits them to Apple servers as part of the iMessage registration process. For this, Apple uses the Module Lattice-based Key Encapsulation Mechanism standard or ML-KEM which enables the sender devices to get a receiver’s public keys and generate post-quantum encryption keys for the very first message. This works even if the receiver is offline.
Then Apple includes a periodic post-quantum rekeying mechanism within the conversation. This mechanism can self-heal from key compromise and safeguard future messages.
“In PQ3, the new keys sent along with the conversation are used to create fresh message encryption keys that can’t be computed from past ones, thereby bringing the conversation back to a secure state even if previous keys were extracted or compromised by an adversary.” – Apple
Impressively, PQ3 is the first large-scale cryptographic messaging protocol that deploys this post-quantum rekeying property.
Benefits of PQ3 Protocol
For PQ3, Apple didn’t replace or modify the existing algorithms. Rather, it has rebuilt the iMessage cryptographic protocol from scratch, to deliver the following benefits:
- Protects the entire communication from current and future adversaries.
- It limits how many past and future messages can be decrypted with a single compromised key. This mitigates the impact of key compromises.
- Amortize message size to prevent any excessive additional overheads.
- PQ3 is based on a hybrid design that combines new post-quantum algorithms with current Elliptic Curve algorithms. This ensures that PQ3 is never less safe than existing protocols.
- Formal verification methods to advanced security assurances.
PQ3 Protocol Availability in iMessage
Apple will gradually start rolling PQ3 for supported iMessage conversations with iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. The giant says that the latest beta versions of these software updates already have this security protocol. Apple also confirmed that visionOS won’t have the PQ3 protocol during the initial rollout.
Later this year, PQ3 is expected to fully replace the existing iMessage’s cryptography protocol within all supported conversations. Bear in mind, that the devices must be running the latest software versions.
Sagnik Das Gupta
Anshuman Jain
Kanika Gogia
Abubakar Mohammed
Anshuman Jain
Abubakar Mohammed
Anmol Sachdeva
Arjun Sha
