Apple has announced a new post-quantum cryptographic protocol for iMessage called PQ3. 

The tech giant says it’s “the most significant cryptographic security upgrade” in the app’s history as it advances the state of the art of end-to-end secure messaging. Here’s more from Apple’s description: “With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach what we call Level 3 security — providing protocol protections that surpass those in all other widely deployed messaging apps. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world.”

Apple notes that the cryptographic community has been working on post-quantum cryptography (PQC): new public key algorithms that provide the building blocks for quantum-secure protocols but don’t require a quantum computer to run — that is, protocols that can run on the classical, non-quantum computers we’re all using today, but that will remain secure from known threats posed by future quantum computers.

(Quantum computing uses specialized technology—including computer hardware and algorithms that take advantage of quantum mechanics—to solve complex problems that classical computers or supercomputers can’t solve, or can’t solve quickly enough.)

Apple says that, in designing PQ3, more than simply replacing an existing algorithm with a new one, the iMessage cryptographic protocol was rebuilt from the ground up to advance the state of the art in end-to-end encryption, and to deliver on the following requirements:

° Introduce post-quantum cryptography from the start of a conversation, so that all communication is protected from current and future adversaries.

° Mitigate the impact of key compromises by limiting how many past and future messages can be decrypted with a single compromised key.

° Use a hybrid design to combine new post-quantum algorithms with current Elliptic Curve algorithms, ensuring that PQ3 can can never be less safe than the existing classical protocol.

° Amortize message size to avoid excessive additional overhead from the added security.

° Use formal verification methods to provide strong security assurances for the new protocol.




Article provided with permission from AppleWorld.Today