Apple announced Wednesday that iMessage’s end-to-end encryption is being upgraded with a new post-quantum cryptography (PQC) protocol.
Apple’s PQC protocol, which it calls PQ3, is designed to protect against “harvest now, decrypt later” attacks in which threat actors steal and store encrypted messages to decode one day using quantum computers.
The PQ3 protocol includes both establishment of PQC keys at the start of an iMessage conversation, and periodic rekeying to limit how much of a conversation can be decrypted if one of these keys were to be compromised.
iMessage will be the first widely available messaging protocol to offer PQC end-to-end encryption with ongoing rekeying for added protection, according to Apple.
The new security feature will roll out with iOS 17.4, iPadOS 17.4, macOS 14.4 and watchOS 10.4, which are expected to see public release in March and are already available in beta releases.
Apple expects PQ3 to fully replace its existing protocol, which is based on Elliptic Curve cryptography (ECC), by the end of 2024.
However, iMessage will continue to be protected by ECC after the adoption of PQ3 in a hybrid approach that ensures the new protocol “can never be less safe than the existing classical protocol,” Apple said in its announcement.
PQ3 will use Kyber post-quantum public keys and generate new keys periodically based on a system that takes into account message wire size, user experience and global message volume within the capacity of Apple’s server infrastructure.
