What is PQ3, Apple's new iMessage security protocol?

What is the PQ3 protocol?

Currently, communication security is measured by three security levels.

• Level 0: In this level, messages remain unencrypted.
• Level 1: Here messages are end-to-end encrypted, but there is no additional authentication or quantum security.
• Level 2: This includes authentication and quantum security, but they are limited to initial key establishment. This means that quantum security can only be provided if the conversation key material can never be compromised.

Image courtesy: Apple

The new iMessage security protocol PQ3 is the first to be deemed to achieve what Apple calls “Level 3 Security” Messaging protocol. The protocol uses quantum encryption technology to secure key generation and message exchange. Level 3 PQC automatically restores the confidentiality of conversations even if keys are compromised. Therefore, PQ3 is claimed to surpass other widely used protocols in messaging applications.

Why is Apple moving to PQ3 protocol for iMessage?

Since its launch in 2011, Apple’s iMessage has supported end-to-end encryption and is enabled by default. Over the years, Apple has continuously improved its cryptography technology to ensure the security of user data. Although existing encryption algorithms are considered secure in the current environment, increased quantum computing capabilities may pose challenges to these algorithms as the technology develops. Therefore, in order to deal with potential threats in the future, the field of cryptography continues to conduct research and innovation to ensure the reliability and security of encryption technology.

Such a quantum computer does not exist today. However, a resourceful attacker can do their homework before arriving in the future. Such attackers can manage to collect large amounts of encrypted data and store it for future reference. While they can't decrypt any of the collected data today, they could use quantum computers to do so in the future. This attack scheme is called "Harvest now, decrypt later".

iMessage’s new security protocol, PQ3, is designed to protect users from “harvest now, decrypt later” attacks. Apple says that because PQ3 implements "Level 3" security, it ensures "initial key establishment and ongoing message exchange."

How does the PQ3 protocol work?

The new PQ3 protocol brings new post-quantum encryption keys to the public key set. Each device generates these public keys locally and then transmits them to Apple servers as part of the iMessage registration process. To do this, Apple uses the Modular Lattice-based Key Encapsulation Mechanism standard, or ML-KEM, which enables the sender device to obtain the recipient's public key and generate a post-quantum encryption key for the first message. This works even if the receiver is offline.

Apple then includes a periodic post-quantum rekeying mechanism in the conversation. This mechanism can self-heal from key compromise and protect future messages.

"In PQ3, the new key sent with the conversation is used to create a new message encryption key that cannot be calculated from past message encryption keys, thereby returning the conversation to a secure state , even if the previous key is extracted or compromised by an adversary."

Impressively, PQ3 is the first large-scale cryptographic messaging protocol to deploy this post-quantum rekeying property .

Advantages of the PQ3 protocol

For PQ3, Apple has not replaced or modified the existing algorithm. Instead, it rebuilt the iMessage encryption protocol from the ground up to provide the following benefits:

• Protect the entire communication from current and future adversaries.
• It limits the number of past and future messages that can be decrypted using a single compromised key. This mitigates the impact of critical intrusions.
• Amortize the message size to prevent any excessive overhead.
• PQ3 is based on a hybrid design that combines new post-quantum algorithms with current elliptic curve algorithms. This ensures that PQ3 will never be less secure than existing protocols.
• Formal verification methods to high-level security assurance.

PQ3 Protocol Availability in iMessage

Apple will gradually begin rolling out PQ3 for support of iMessage conversations with iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. The giant said the latest beta versions of these software updates already feature this security protocol. Apple also confirmed that visionOS will not have a PQ3 protocol when it initially launches.

The above is the detailed content of What is PQ3, Apple's new iMessage security protocol?. For more information, please follow other related articles on the PHP Chinese website!