Apple Inc. plans to update iMessage with a new encryption component, dubbed PQ3, that can block cyberattacks launched by quantum computers.

Members of the company’s cybersecurity research team detailed the technology in a blog post published today. They describe it as the most significant cryptography-related update to iMessage since launch. At the time of its initial release in 2011, the app was the first widely-available communications service with end-to-end encryption enabled by default.

 “PQ3 is the first messaging protocol to reach what we call Level 3 security — providing protocol protections that surpass those in all other widely deployed messaging apps,” Apple’s researchers wrote.

Texts sent via a messaging app can be represented as a series of numbers. To perform encryption, iMessage transforms those numbers into a different set of values using a complex mathematical operation. Decrypting a user message requires reversing that mathematical operation, which in turn can only be done with the corresponding decryption key.

In theory, hackers could guess the correct way to reverse the mathematical operation through repeated trial and error. In practice, however, doing so would require millions of years with even with a supercomputer. As a result, modern encryption algorithms like those used by iMessage are practically impossible to crack.

Quantum computers may change the situation. Theoretically, a quantum computer with a sufficiently high qubit count could go through all the possible ways to crack an encryption algorithm in just a few seconds. If such a machine is developed in the future, hackers may gain the ability to bypass today’s most advanced cryptography defenses. 

The PQ3 protocol Apple debuted for iMessage today is designed to address that potential risk. According to the company, it will encrypt users’ texts using what’s known as a post-quantum cryptography algorithm. That’s a type of encryption software specifically designed to withstand breach attempts launched by quantum computers.

It’s believed that a hypothetical large-scale quantum machine would only be capable of rapidly performing certain types of calculations. That includes the calculations necessary to crack today’s most widely used encryption algorithms. However, there are mathematical operations that are too difficult to solve in a reasonable time frame even for quantum machines.

Post-quantum cryptography algorithms use those mathematical operations to protect user data. One such algorithm, Kyber, forms the basis of Apple’s new PQ3 protocol for iMessage.

Kyber is partly based on a traditional cryptography method known as learning with errors. Using that method, an application can represent the user’s data as a set of erroneously written equations. The errors introduced into the equations make them particularly difficult to solve, which is one reason why the technology lends itself well to post-quantum encryption.

PQ3 combines Kyber with a conventional encryption approach known as elliptic curve cryptography. According to Apple, iMessage has used the latter technology since 2019. The fact that PQ3 incorporates multiple encryption algorithms should enable it to block breach attempts carried out by not only quantum computers but also standard servers. 

Apple said that it validated the protocol’s reliability using a technique called formal verification. With this technique, researchers simulate all the potential ways that a program can be used and identify scenarios in which it may malfunction. Apple carried out the evaluation with the help of researchers from the University of Waterloo ETH Zürich.

PQ3 will roll out to iMessage users with the upcoming public releases of iOS 17.4, iPadOS 17.4, macOS 14.4. The update is already available to developers. 

Photo: Pixabay