In iOS and iPadOS 17.4, macOS 14.4, and watchOS 10.4, Apple will upgrade iMessage’s security layer to post-quantum cryptography.
The IT giant predicted that quantum computers would break encryption in the next few years. Apple says it is altering iMessage end-to-end encryption without quantum-level computing capability.
Modern messaging applications encrypt via public and private keys. Messages are encrypted with the public key and decrypted using the private key, mostly automatically. Math functions are employed in modern encryption to scramble user communications. The strength of the cryptographic encryption in use today and the sheer processing power needed to calculate all of its mathematical combinations or permutations allow malevolent hackers to decode data.
Apple and other corporations think quantum computers, which can calculate exponentially faster, might defeat encryption.
Apple said on its blog that a powerful quantum computer may answer these classical mathematical problems in fundamentally new ways and jeopardize end-to-end encrypted communications.
How is Apple doing it?
Apple warned opponents may use “retrospective decryption” to capture encrypted data now and decipher it tomorrow when quantum computers are more widely accessible.
Apple writes on its blog that its encryption keys must be updated “on an ongoing basis” to prevent quantum encryption threats.
Apple claims its new system uses post-quantum cryptography and elliptic curve cryptography, the iMessage encryption technique. Apple calls this the PQ3 protocol. Apple said it would reset session keys for all new and existing iMessage exchanges when the PQ3 cryptography standard launches.
Apple commissioned two academic study teams to analyze PQ3. Apple’s post-quantum protocol cannot be tested since it is new and quantum computer capability is years away.
The tech giant’s disclosure comes as legislators consider internet safety measures that might weaken message encryption. Meanwhile, Meta is encrypting Messenger and Instagram end-to-end.
End-to-end messaging Signal switched to post-quantum encryption last year to avoid quantum-based decryptions.