Who:
Apple is implementing post-quantum encryption, known as PQ3, in iMessage, marking one of the most significant deployments of this encryption technology to date.
What:
PQ3 is a post-quantum cryptographic protocol designed to protect against potential quantum computing-based attacks. Apple's iMessage will undergo a cryptographic security upgrade, replacing existing encryption protocols with PQ3, making it one of the most substantial upgrades in iMessage history.
How:
The PQ3 implementation involves rebuilding the iMessage cryptographic protocol entirely. The post-quantum protections create new encryption keys as part of the public keys exchanged between devices and Apple's servers. Apple is using the Kyber algorithm for PQ3, generating keys from the first message sent, even if the recipient is offline. The post-quantum protections are an addition to existing encryption, employing a hybrid design combining elliptic curve cryptography (ECC) with PQ3. The protocol has undergone external assessment by a third-party security company and academic scrutiny, demonstrating strong security guarantees against potential active network adversaries with quantum computing capabilities. The proactive deployment of post-quantum encryption aims to limit the impact of potential future "harvest now, decrypt later" attacks by adversaries collecting encrypted data for decryption when functional quantum computers become available.
Read the full article HERE