Apple plans to update iMessage with a new encryption component, dubbed as PQ3, that can block cyberattacks launched by quantum computers.
Since its launch in 2021, the iMessage app was the first widely-available communications service with end-to-end encryption enabled by default.
Texts sent via a messaging app can be represented as a series of numbers. To perform encryption, iMessage transforms those numbers into a different set of values using a complex mathematical operation. Decrypting a user message requires reversing that mathematical operation, which in turn can only be done with the corresponding decryption key.
Theoretically, hackers could guess the correct way to reverse the mathematical operation through repeated trial and error. In practice, however, doing so would require millions of years with even a supercomputer. As a result, modern encryption algorithms like those used by iMessage are practically impossible to crack.
A Quantum computer with a sufficiently high qubit count could go through all the possible ways to crack an encryption algorithm in just a few seconds. If such a machine is developed in the future, hackers may gain the ability to bypass today’s most advanced cryptography defenses.
The PQ3 protocol is designed to address that potential risk. It will encrypt users’ texts using what’s known as a post-quantum cryptography algorithm that safeguards from quantum computer related breaches.
Post-quantum cryptography algorithms use those mathematical operations to protect user data. One such algorithm, Kyber, forms the basis of Apple’s new PQ3 protocol for iMessage.
Kyber is partly based on a traditional cryptography method known as learning with errors. Using that method, an application can represent the user’s data as a set of erroneously written equations. The errors introduced into the equations make them particularly difficult to solve, which is one reason why the technology lends itself well to post-quantum encryption.
PQ3 combines Kyber with a conventional encryption approach known as elliptic curve cryptography. The fact that PQ3 incorporates multiple encryption algorithms should enable it to block breach attempts carried out by not only quantum computers but also standard servers.
Apple said that it validated the protocol’s reliability using a technique called formal verification. With this technique, researchers simulate all the potential ways that a program can be used and identify scenarios in which it may malfunction.
PQ3 will roll out to iMessage users with the upcoming public releases of iOS 17.4, iPadOS 17.4, macOS 14.4. The update is already available to developers.
