🔒

Introduction to PQ3 and Quantum Security

May 13, 2025

iMessage with PQ3: Quantum-Secure Messaging

Introduction to PQ3

  • Announcement: Apple introduces PQ3, a post-quantum cryptographic protocol for iMessage.
  • Security Level: Reaches Level 3 security, surpassing current messaging apps.
  • Protection: Offers the strongest protection against quantum attacks.

Historical Context

  • Initial Launch: iMessage launched in 2011 with end-to-end encryption.
  • Upgrades:
    • 2019: Switched from RSA to Elliptic Curve cryptography (ECC).
    • Introduced rekey mechanism for defense against key compromise.

Quantum Computing Threat

  • Current Algorithms: Classical public key cryptography (RSA, ECC) threatened by quantum computing.
  • Future Threat: Potential for quantum computers to decrypt current algorithms.
  • Harvest Now, Decrypt Later: Attacks storing encrypted data for future decryption with quantum computers.

Post-Quantum Cryptography (PQC)

  • Development: New algorithms secure against quantum threats.
  • Use: PQC does not require quantum computers to operate.
  • Security Spectrum:
    • Level 0: No end-to-end encryption, no quantum security.
    • Level 1: End-to-end encryption, no quantum security.
    • Level 2: Introduction of post-quantum security at key establishment (e.g., Signal's PQXDH).
    • Level 3: Full post-quantum security in key establishment and message exchange (iMessage PQ3).

Designing PQ3

  • Goals:
    • Introduce PQC from conversation start.
    • Mitigate key compromise impact.
    • Hybrid design with ECC for additional safety.
    • Minimize message size impact.
    • Use formal verification for strong security assurances.

Technical Details

  • Keys:
    • Post-quantum encryption key introduced for each device.
    • Uses Kyber public keys as per NIST standards.
  • Rekeying:
    • Periodic post-quantum rekeying mechanism for self-healing.
    • Hybrid design combines ECC and post-quantum encryption for robustness.
  • Message Exchange:
    • New ECDH key transmitted inline with responses.
    • Post-quantum rekey happens periodically to manage overhead.

Protocol Verification

  • Formal Verification: Mathematical proof of security properties.
  • Analysis:
    • Game-based proofs by Douglas Stebila for confidentiality.
    • Symbolic evaluation by ETH Zurich for secrecy and authenticity.

Conclusion

  • iMessage PQ3 sets global standard for quantum security in messaging.
  • Combines pioneering end-to-end encryption with advanced post-quantum protections.
  • Continues legacy of innovation and strong security assurances.

View note sourcehttps://security.apple.com/blog/imessage-pq3/