Q-Day is upon us: Apple upgrades iMessage with PQ3 for quantum-proof messaging with iOS 17.4

As said before, it doesn't matter where you fall on the paranoid spectrum: encrypted messaging is becoming more and more popular.

Here's another fact: Q-day is coming. It may not be today or tomorrow, but it’s happening. And as any paranoid tech aficionado will tell you, this is the day a breakthrough in quantum computing will take place. This means that passwords and other public encryption systems could become useless, as cracking passwords will be a walk in the park for quantum computers.

As a side note: now might be a good time to sort through those old files and folders. Or maybe it's time to say goodbye to the Internet?

That's why Apple is rolling out an upgrade to its iMessage text messaging platform to defend against future encryption technologies (via Reuters).

The new protocol is known as PQ3 and serves as a big neon sign saying: The tech world is bracing for a potential future breakthrough in quantum computing that could make current methods of protecting user communications obsolete.

Apple announced it would rebuild the iMessage cryptographic protocol – and potentially make it quantum-proof – in a official blog poststating that the new PQ3 will “completely replace the existing protocol in all supported conversations this year”:

Since its inception in 2011, the blog says, iMessage has established itself as the pioneer messaging app to offer end-to-end encryption as a standard feature. Over the years, Apple has continually improved the cryptographic foundations of iMessage to strengthen its security credentials. The most notable upgrade occurred in 2019, when Apple moved from RSA to the more secure Elliptic Curve Cryptography (ECC) for its cryptographic protocol.

Further strengthening its commitment to user privacy and security, Apple has introduced an innovative update to the iMessage protocol. This update featured a periodic rekey mechanism, adding an extra layer of security. This mechanism ensures cryptographic resilience by allowing the system to “self-heal” in the highly unlikely scenario of a key compromise.

It's great, but…

Harvest now, decipher later

Things get a lot funnier when we take into account the Harvest Now, Decrypt Later scenario – meaning that even though at the moment attackers can't use quantum computers to decrypt our secrets, conversations and private files – Sorry, private life – they can prepare for Q-Day. “The principle is simple: these attackers can collect large amounts of current encrypted data and archive it for future reference. Even if they can't decrypt any of this data today, they can hold on to it until they acquire a quantum computer capable of decrypting it in the future, an attack scenario known as Harvest Now, Decrypt Later.

“Everyone was fighting Q-fu”

Last year, a Reuters investigation explored how the United States and China were racing to prepare for Q Day by pouring money into quantum research and investing in new encryption standards known as post-quantum cryptography name. Apple's blog notes that PQ3 uses a new series of overlapping technologies. technical guarantees aimed at closing this window of opportunity:

• Introduce post-quantum cryptography from the start of a conversation, so all communications are protected from current and future adversaries.
• Mitigate the impact of compromised keys by limiting the number of past and future messages that can be decrypted with a single compromised key.
• Use a hybrid design to combine new post-quantum algorithms with current elliptic curve algorithms, ensuring that PQ3 can never be less secure than the existing classical protocol.
• Amortize message sizes to avoid excessive additional overhead due to additional security.
• Use formal verification methods to provide strong security guarantees for the new protocol.