Apple turns to post-quantum cryptography for future-proof iMessage security in iOS 17.4

We already know that iOS 17.4 will be a game-changing update for the iPhone, with support for alternative App Stores and payments in the EU, a handful of new emojis, and virtual numbers for Apple Cash cards, but Apple has another feature in store for when it launches sometime during The next few weeks. In a post on its Security Research blog, Apple outlined a new, cutting-edge security upgrade for iMessage that “has the strongest security features of any broadband messaging protocol in the world.”

This is all very technical, but Apple will deploy post-quantum encryption level 3 (PQ3), which “is used to secure both initial key generation and the ongoing exchange of messages, with the ability to quickly and automatically restore the cryptographic security of a conversation even if a particular key is compromised.” This means That a hacker would need to crack two identical keys goes beyond any of the available methods used in even the most sophisticated attacks.

Apple points out that Signal was the first widespread messaging service to use post-quantum cryptography with the recent addition of PQXDH support, raising the app's security from Level 1 to Level 2. However, Apple says the new PQ3 protocol for iMessage takes it a step further and here's how it's described. Apple for the protocol in action:

When Alice's device establishes a new session with Bob's device, her device queries the IDS server for the key packet associated with Bob's device. The subset of the key packet that contains the device authentication key and version information is validated using communication key verification. The device then validates the signature covering the encryption keys and timestamps, attesting that the keys are valid and have not expired.

Alice's machine can then use the two public encryption keys to share two symmetric keys with Bob. The first symmetric key is calculated through an ECDH key exchange that combines Alice's ephemeral encryption key with Bob's registered public key P-256. The second symmetric key is obtained from encapsulating the Kyber key with Bob's post-quantum public key.

This combination ensures that the initial session state cannot be derived without knowing both shared secrets, which means that an attacker would need to break both algorithms to recover the resulting secret, thus meeting our hybrid security requirement.

iMessage has been used in high-profile zero-click government attacks, most notably Israeli NSO Group's Pegasus spyware. Apple says the new system is necessary to protect against future known and unknown attacks and will protect against customers who have already collected encrypted data for future decryption.

Apple says the new protocol will start rolling out with public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4, and is already in developer builds and public betas.