How does Apple’s PQ3 protocol enhance data security for users?
Apple’s PQ3 postquantum cryptographic protocol seeks to protect messages on iMessage from hackers using quantum computers. The protocol can protects communications against current and future decryptions
The story so far: n February 21, Apple announced PQ3, a postquantum cryptographic protocol, to encrypt conversations in iMessage. The company called it the “first messaging protocol to reach Level 3 security” and claimed it can defend “highly sophisticated quantum attacks.” As per Apple, this protocol’s security layer will surpass those available in all widely used messaging apps.
OWhat is the PQ3 protocol, and how does it work?
Currently, most messaging apps have standard encryption methods which use public and private keys to securely deliver messages. There are two encryption methods. In the public key encryption method, a user’s message is encrypted by the public key before transmission and then the private key is used to decrypt messages. In the private key method, while both keys are required, they are basically the same, and both the sender and the recipient are allowed to encrypt or decrypt the message.
Apple’s PQ3 protocol uses a hybrid design combining traditional encryption methods with postquantum encryption both during the initial key establishment between devices and during rekeying, which essentially rechecks the cryptographic keys between devices to ensure continued protection.
Under the PQ3 protocol each device generates public keys locally and then transmits them to Apple servers as part of the iMessage registration process using the Module Latticebased Key Encapsulation Mechanism or MLKEM. This enables the sender device to get the receiver device’s public keys and generate postquantum encryption keys for the first message. Apple has also included a periodic postquantum rekeying mechanism within the conversation which is capable of selfhealing from key compromise and safeguarding future messages.
Why is Apple shifting to PQ3 protocol?
Currently, Apple’s iMessage supports endtoend encryption by default. This mode of protection relies on mathematical problems that could potentially be solved by powerful quantum computers.
Over the years, Apple has made improvements to encryption, enhancing its platform’s overall protection against hackers. However, current cryptographic problems can be solved by quantum computers, though such computers are still in the works. Apple says extremely wellresourced attackers can mount attacks by taking advantage of the drop in data storage costs.
Essentially, attackers can store large amounts of today’s encrypted data and file it for future reference. And though attackers may not be able to decrypt this data today, they can retain it until it can be decrypted at a later date by making use of a quantum computer.
What are PQ3’s strengths and limitations?
The PQ3 protocol protects communications on iMessage against current and future decryptions. It also limits how many past and future messages can be decrypted with a single compromised key, reducing the impact of key compromises.
But, despite its enhanced protection, the PQ3 protocol, because of its intended application scenario, does not address group messaging, authentication against quantum adversaries, or cryptographic deniability. Also, messages stored in iCloud may not be protected by this protocol.
Will the PQ3 protocol impact Apple users?
The new protocol offers protection against adversaries capable of compromising the transport layer between devices. However, the protocol does protect against attacks mounted on messages delivered to a device, which remains the same and can be extracted after unlocking a device or by using advanced attackers such as Pegasus, TirangleDB, and other spyware.
Additionally, since PQ3 relies on traditional signature algorithms for message authentication, a maninmiddle attacker with a powerful quantum computer may still have a chance of hacking it, Kaspersky said in a blog post.
Therefore, while the new protocol from Apple enhances security on iMessage and provides protection against future attacks using quantum computers, it is not a onestop solution. And users concerned about the protection of their data should not rely only on postquantum cryptographic protocols.
Are other messaging services also using methods like PQ3?
Currently in beta, PQ3 will start to roll out with the public release of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. However, this is not the first time a tech company has announced postquantum encryption protocols.
Earlier in September 2023, Signal announced advancements in quantum resistance for the Signal Protocol.
The upgrade called PQXDH added a layer of protection against the threat of quantum computers being built for the future. The upgrade used a new postquantum cryptosystem that implemented oneway functions that cannot be advantageously reversed by a quantum computer.