Apple today announced that it will upgrade the security layer of iMessage to post-quantum encryption starting with iOS and iPadOS 17.4, macOS 14.4, and watchOS 10.4.
The tech giant said quantum computers will be able to break through current encryption standards in the coming years. Because of this, Apple said it is changing the way it does end-to-end encryption in iMessage without requiring quantum-level processing power.
Modern messaging apps typically use public-private key pair encryption. The public key is used to encrypt the outgoing message, and the private key is used by the recipient to decrypt the message, much of which happens automatically and seamlessly. The encryption currently used to scramble users' messages works by applying various mathematical functions. Whether or not a malicious hacker can decrypt a message depends on the strength of the ciphers currently in use and the raw computational power needed to calculate all the mathematical combinations and permutations of the cipher.
Apple and other companies believe that future quantum computers, capable of exponentially faster calculations, could break current encryption standards.
“A sufficiently powerful quantum computer could solve these classical mathematical problems in a fundamentally different way, and theoretically fast enough to threaten the security of end-to-end encrypted communications.” said Apple in a blog post.
How does Apple do this?
Apple said adversaries could begin collecting encrypted data today and be able to decrypt it once quantum computers become more commonly available. This is a technique called “retroactive decoding.”
Apple said in a blog post that encryption keys must be changed “continuously” to protect against future quantum cryptographic attacks.
Apple says the new custom-built protocol combines existing encryption algorithms for iMessage, elliptic curve cryptography and post-quantum cryptography. This forms what Apple calls his PQ3 protocol. Once the new PQ3 encryption standard is published, Apple says it will be applied to all new iMessage conversations and old messages by updating the session keys for previous conversations.
Apple commissioned two academic research teams to evaluate the PQ3 standard. Because the system is new and quantum computing power is still years away from being generally available, there is no practical way to measure the effectiveness of Apple's post-quantum protocols.
The tech giant's announcement comes as lawmakers consider introducing online safety rules that risk undermining encryption on messaging services. At the same time, companies like Meta are working to apply end-to-end encryption protection to products like Messenger and Instagram.
Signal, an end-to-end messaging app, upgraded to a post-quantum encryption algorithm last year to prevent future quantum-based decryption attacks.