Saturday, May 18, 2024
HomeAppleApple’s iMessage Is Getting Post-Quantum Encryption

Apple’s iMessage Is Getting Post-Quantum Encryption

APPLE IS INTRODUCING its initial post-quantum safeguards, marking one of the most extensive implementations of future-proof encryption technology to date.

Encryption plays a crucial role in safeguarding billions of medical records, financial transactions, and communications exchanged daily. It serves as a cornerstone in maintaining the functionality of modern life and the stability of the global economy. Nonetheless, the ongoing pursuit to develop immensely powerful quantum computers, capable of effortlessly breaking current encryption methods, introduces new vulnerabilities and challenges.

While practical quantum computing technology may still be years or even decades away, security officials, tech companies, and governments are intensifying their efforts to adopt a new generation of post-quantum cryptography. These advanced encryption algorithms are designed to fortify our current systems against potential attacks leveraging quantum computing capabilities.

Today, Cupertino is announcing the integration of PQ3—its post-quantum cryptographic protocol—into iMessage. This update will be featured in iOS and iPadOS 17.4, as well as macOS 14.4, following its earlier deployment in beta versions of the software. Apple, which shared the news on its security research blog, describes this change as the “most significant cryptographic security upgrade in iMessage history.”

“We rebuilt the iMessage cryptographic protocol from the ground up,”

According to its blog post, the upgrade will fully replace existing encryption protocols by the end of this year. Users will only need to update their operating systems for the new protections to be applied automatically.

Quantum computing is a significant area of focus for governments such as the US, China, and Russia, as well as tech giants like Google, Amazon, and IBM, who are investing billions into these still-developing technologies. If successful, quantum computers could unlock scientific breakthroughs across various fields, from drug design to developing longer-lasting batteries. Politicians are also competing to establish themselves as leaders in quantum computing. However, current quantum computing devices remain experimental and are not yet practical for general use.

Unlike traditional computers that use bits (either ones or zeroes), quantum computers utilize qubits, which can exist in multiple states simultaneously. This property allows quantum devices to store more information and perform more complex calculations, potentially including the decryption of encryption methods.

“Quantum computers, if deployed reliably and in a scalable manner, would have the potential to break most of today’s cryptography,” says Lukasz Olejnik

This includes the encryption used in messaging apps that billions of people rely on daily. Most encrypted messaging apps employing public key cryptography have traditionally relied on RSA, Elliptic Curve, or Diffie-Hellman algorithms.

In response to the long-standing potential threat, which has been recognized since the 1990s, intelligence and security agencies have become increasingly vocal about the necessity to develop and deploy quantum-resistant cryptography. The National Institute of Standards and Technology (NIST) in the US has been instrumental in driving the creation of these new encryption methods. According to Olejnik, tech companies are treating the quantum threat with great seriousness, far more so than previous changes such as transitions between hash functions. He notes that progress is happening relatively quickly considering that post-quantum cryptography is still in its infancy and there are no functional quantum computers on the immediate horizon.

Apple’s introduction of PQ3 in iMessage follows Signal’s implementation of post-quantum algorithms. Signal, the encrypted messaging app, unveiled its PQXDH specification in September, which is based on the Kyber algorithm. Similarly, Proton, the developer behind encrypted email and other apps, announced around the same time that it is developing quantum-safe PGP encryption for widespread use.

In its blog post, Apple outlines the construction and functionality of PQ3. The company explains that PQ3 incorporates a new post-quantum encryption key into the public keys generated and transmitted to Apple’s servers by devices using iMessage. Utilizing the Kyber algorithm, the same approach as Signal, Apple will generate these keys from the first message sent, even if the recipient is offline.

Apple emphasizes that its setup will implement post-quantum protections for both encryption key generation and message exchange, even in scenarios where an individual’s encryption key has been compromised by an attacker. “To ensure optimal protection of end-to-end encrypted messaging, the post-quantum keys must continuously change, imposing a limit on the extent of conversation exposure resulting from any single, momentary key compromise—both presently and with future quantum computers,” states Apple in its blog post.

These post-quantum protections complement Apple’s existing encryption methods, with the company employing a “hybrid design” that combines its current elliptic curve cryptography (ECC) with the newer post-quantum safeguards.

“Defeating PQ3 security requires defeating both the existing, classical ECC cryptography and the new post-quantum primitives,”

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

Recent Comments