Apple on Wednesday today announced a new post-quantum cryptographic protocol for iMessage called PQ3. Apple calls the new protocol “groundbreaking” and “state-of-the-art” and says it provides “extensive defenses against even highly sophisticated quantum attacks.”
Apple believes the PQ3 protocol’s protections “surpass those in all other widely deployed messaging apps”:
Today we are announcing the most significant cryptographic security upgrade in iMessage history with the introduction of PQ3, a groundbreaking post-quantum cryptographic protocol that advances the state of the art of end-to-end secure messaging. With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach what we call Level 3 security — providing protocol protections that surpass those in all other widely deployed messaging apps. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world.
Apple will be gradually rolling out PQ3 for supported iMessage conversations starting with iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4 in March. PQ3 is already in the latest beta versions of these updates, according to Apple. visionOS will not offer support for the PQ3 protocol during the initial rollout.
Apple says PQ3 will fully replace iMessage’s existing cryptography protocol within all supported conversations later this year. All devices participating in an iMessage conversation must be updated to the above operating system versions or later.
While iMessage already supports end-to-end encryption, current cryptographic protocols that are used by today’s messaging apps rely on mathematical problems that could potentially be solved in the future by quantum computers. This has led to “Harvest Now, Decrypt Later” attacks, in which the bad actors of the world collect and save large amounts of encrypted data now in the hope they will be able to decrypt it with a quantum computer in the future
Apple says PQ3 achieves what it calls “Level 3” security, meaning it secures “both the initial key establishment and the ongoing message exchange.”
For more details about the protocol, read the Apple Security Research blog post.