Apple Adds PQ3 post-quantum encryption for iMessage

Apple has released its new PQ3 (post-quantum) cryptographic protocol, claimed to be the first-ever messaging protocol to reach Level 3 security.

Apple announced its cryptographic protocol change in 2019 when it shifted from RSA to Elliptic Curve Cryptography (ECC), and several upgrades were made.

“PQ3 introduces a new post-quantum encryption key in the set of public keys each device generates locally and transmits to Apple servers as part of iMessage registration,” reads the whitepaper by Apple.

However, Apple announced that PQ3 support would start to roll out in the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4.

This new protocol has been discovered to mitigate the risk of threat actors using quantum computers for attacking purposes. The retaining of this data now and decrypting it later is an attack scenario named “Harvest Now, Decrypt Later“.

PQ3 post-quantum Encryptioncal Analysis

According to the reports, shared Messaging platforms have been using classic public key cryptography such as RSA, ECC, and Diffie-Hellman key exchange for establishing end-to-end encryption.

Additionally, the messaging platforms are categorized into three levels: Level 0, Level 1, and Level 2.

Level 0 messaging platforms have no end-to-end encryption by default and do not have quantum security. Level 1 messaging platforms will have end-to-end encryption by default but no quantum security.

However, starting from Level 2, the messaging platforms are designed to have post-quantum cryptography protocols (PQC). 

At this level, post-quantum cryptography applies only to the initial critical establishment. Quantum security is only applicable if the conversation key material is not compromised.

However, Apple stated that this groundbreaking Level 3 Post-quantum cryptography applies to the initial critical establishment and the ongoing message exchange.

Additionally, it can swiftly and automatically restore the cryptographic security of a conversation even when the threat actors compromise a key.

This Level 3 security is now available in iMessage, which offers the most vital protection against quantum attacks.

Designing of PQ3

Apple claimed that instead of just replacing an existing algorithm with a new one, “we rebuilt the iMessage cryptographic protocol from the ground up to advance the state of the art in end-to-end encryption”. This rebuilding has the following advantages:

• From the start of the conversation, all communications are protected from current and future adversaries.
• Mitigating the impact of crucial compromise by limiting the capability of a single compromised key.
• Using a hybrid design that combines the new post-quantum algorithms with current Elliptic Curve algorithms to ensure that PQ3 is never unsafe.
• Avoiding excessive message size by reducing it.
• Formal verification methods provide strong security assurances for the new protocol.

Padding, Encryption and Authentication

PQ3 adds padding to the message before encryption is implemented via the Padme heuristic to avoid the leak of information about the message size.

Additionally, the encryption is done with AES-CTR using a 256-bit encryption key and initialization vector derived from the message key.

The Authentication for this protocol is done by individually signing each message with ECDSA using the elliptic curve P-256 device authentication key.

The receiving device verifies the mapping between the sender’s identifier and the public key used for signature verification. If both have Contact Key verification enabled and verified, the device confirms the authentication.

Apple’s security blog can be verified for detailed information about this new PQ3 protocol.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.