Your iMessage messages could be on the verge of becoming substantially more secure.
Apple on Wednesday announced a new post-quantum cryptographic protocol for iMessage called “PQ3.” The company stated that this “groundbreaking” and “state-of-the-art” protocol provides “extensive defenses against even highly sophisticated quantum attacks,” as seen in their public release:
Today we are announcing the most significant cryptographic security upgrade in iMessage history with the introduction of PQ3, a groundbreaking post-quantum cryptographic protocol that advances the state of the art of end-to-end secure messaging. With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach what we call Level 3 security — providing protocol protections that surpass those in all other widely deployed messaging apps. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world.
The PQ3 protocol will be gradually rolled out in iMessage starting in iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4 beginning in March, and has already been incorporated into the latest beta versions of these operating systems. visionOS will not support the PQ3 protocol during the initial rollout, the company confirmed.
Apple stated that PQ3 will fully replace iMessage’s existing cryptography protocol within all supported conversations later this year. All devices in an iMessage conversation must be updated to the above software versions or later to be eligible.
iMessage already supports end-to-end encryption, but current cryptographic protocols that are commonly used by messaging apps could potentially be solved by future quantum computers.
Comparatively, the PQ3 protocol is designed to protect users against “Harvest Now, Decrypt Later” attacks, in which malicious actors collect large amounts of encrypted data now and store it in hopes they will be able to decrypt it with a quantum computer in the future:
Apple says PQ3 achieves what it calls “Level 3” security, meaning it secures “both the initial key establishment and the ongoing message exchange,” and has published further details in its security documentation.
Via MacRumors and security.apple.com