New Encryption Standard Continues Apple’s Commitment to User, Data Privacy
Apple has introduced a new encryption protocol called PQ3 for iMessage in response to the threat of quantum computing attacks. This enhanced security measure aims to protect iMessage from future quantum threats and provide level 3 security, surpassing that of other widely used messaging apps.
What’s Happening & Why This Matters
The PQ3 protocol is a significant advancement that strengthens iMessage’s security. It uses cutting-edge encryption, making it the most secure cryptographic protocol in widespread use. This is the latest in a series of security enhancements by Apple, following the switch from RSA to Elliptic Curve cryptography (ECC) and the protection of encryption keys on devices with the Secure Enclave in 2019.
Quantum computing presents a risk to current public-key cryptography algorithms, as a potential breakthrough in this area could potentially threaten end-to-end encrypted (E2EE) communications. To counteract this threat, Apple has integrated PQ3 into iMessage, combining the Kyber and ECC algorithms to achieve Level 3 security.
To mitigate the impact of key compromises, PQ3 features a key rotation scheme that guarantees keys are rotated every 50 messages at most and at least once every seven days. The introduction of PQ3 is expected to begin with the release of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4 next month.
t/f Summary: What’s Next
In addition to the iMessage security upgrade, Apple has announced plans to bring Rich Communication Services (RCS) to its Messages app, with a focus on improving the security and encryption of RCS messages. While RCS messages do not implement E2EE by default, Google’s Messages app for Android uses the Signal Protocol to secure RCS conversations.
While the adoption of advanced protections is always a welcome step, it remains to be seen if this will be expanded beyond iMessage to include RCS messages. Stay updated with the latest content by following us on Twitter and LinkedIn.