Apple

iOS 17.4 will bring PQ3 security for iMessage against advanced attacks

Published

on

Apple today announced a new post-quantum cryptography PQ3 security protocol for iMessage and its support will roll out with iOS 17.4. PQ3 aims to improve the security of iMessage against advanced quantum attacks.

The company has been developing a solution to mitigate risks from quantum computer-originated attacks. The new algorithms designed to protect messages under PQ3 don’t require running on a quantum computer.

Advertisement

It can run classical, non-quantum computers to secure them from known threats posed by future of the quantum computers. Its new Level 3 security covers Level 1 and Level 2 level security and secure ongoing message exchange.

The combination has the capability for automatic restoration of the cryptographic security for a conversation even if the conversation key is compromised.

Advertisement

Apple says that the PQ3 protocol continues to use classical cryptographic algorithms to authenticate the sender and verify the Contact Key Verification account key. This is because classical cryptography can’t be attacked retroactively with future quantum computers.

To participate in an iMessage conversation, the attacker would require a quantum computer capable of breaking one of the authentication keys before or at the time of the conversation. This will result that the conversation cannot be encrypted in a later scenario.

Advertisement

Quantum-Security Cryptography in Messaging Apps (Credit: Apple)

PQ3’s Backend:

The company said it has rebuilt the existing iMessage cryptographic protocol from scratch to improve the end-to-end encryption. It has new post-quantum cryptography from the start of a conversation to protection communication.

It limits how many past and future messages can be decrypted with a single compromised key. It uses a hybrid design with a combination of new post-quantum algorithms and existing elliptic curve algorithms. This provides enhanced security for the end user.

PQ3 also equips formal verification methods to provide security for the new protocol. Other than iOS 17.4, PQ3 is coming with iPadOS 17.4, macOS 14.4, and watchOS 10.4 earlier next month.

Advertisement

(source – Apple)

Advertisement
Exit mobile version