View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Hardware
  2. Quantum
February 21, 2024

Apple secures iMessage using post-quantum cryptography standard

Apple follows Signal in securing its messaging platform against hypothetical cyberattacks from quantum computers by using post-quantum cryptography standards.

By Greg Noone

Apple has announced that its iMessage platform will now be secured using a post-quantum cryptographic protocol. Named PQ3, the protocol is designed to secure Apple’s messaging platform against future attacks by threat actors using quantum computers. The tech giant follows Signal and Google in embracing post-quantum cryptography. This discipline has emerged in response to fears that quantum computers will soon be developed capable of breaking conventional forms of encryption like RSA.

“With compromise-resilient encryption and extensive defences against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach what we call Level 3 security – providing protocol protections that surpass those in all other widely deployed messaging apps,” said Apple. “To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world.”

A close-up of the iMessage app on an iPhone, used to illustrate a story about how Apple is embracing post-quantum cryptography for iMessage.
Apple has joined the post-quantum cryptography bandwagon by announcing that it will use the PQC protocol to secure iMessage. (Photo by oasisamuel / Shutterstock)

Apple bets on post-quantum cryptography

iMessage was originally launched by Apple in 2011. Until 2019 it was secured using RSA encryption, before it switched to Elliptic Curve cryptography. The decision to switch again to the PQ3 is an acknowledgement that quantum computers may soon be capable of using Shor’s algorithm to breach these protocols and expose the messages they secure en masse. Apple added that threat actors may already be preparing for this moment, known as “Q-Day,” by conducting so-called “Harvest Now, Decrypt Later” (HNDL) attacks that hoard encrypted messages that they can later decrypt once in possession of a sufficiently powerful quantum computer. 

PQC is one of several post-quantum cryptography standards written to combat this threat. While theoretically capable of resisting the efforts of a quantum computer to decrypt it (theoretical as this premise cannot be fully tested until such a machine is built), these protocols can nonetheless run on conventional or ‘classical’ computers. Apple confirmed that support for PQ3 will be available with the public release of iPadOS 17.4, macOS 14.4, watchOS 10.4 and iOS 17.4. Furthermore, post-quantum cryptography will be introduced “from the start of a conversation” on iMessage, “so that all communication is protected from current and future adversaries.”

Popularity of post-quantum encryption standards growing

Apple’s announcement is the latest in a series of post-quantum cryptography rollouts announced by prominent tech companies in recent years. In September 2023, Signal announced that it would be adding post-quantum cryptographic standards to its underlying Signal Protocol. Both Google and Cloudflare have also embraced post-quantum protocols, using them to secure APIs and TLS network connections respectively. 

The basis for most of these rollouts has been efforts by the US National Institute of Standards and Technology (NIST) to devise resilient standards for post-quantum cryptography protocols in a multi-year competition. The contest led to the publication of three such standards in August 2023, but not before weeding out several candidates that were easily breached using classical computers. 

Read more: Vulnerabilities reported in post-quantum encryption algorithm

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.