Apple Launches PQ3 for iMessage: A Major Leap in Post-Quantum Cryptography

Apple has announced the launch of PQ3, described as “the most significant cryptographic security upgrade in iMessage history,” with the release of iOS 17.4 on February 21. This groundbreaking protocol positions Apple as a leader in post-quantum cryptography for messaging, making iMessage one of the few services to incorporate such advanced security measures. Although Signal introduced a quantum-resistant encryption upgrade in September 2023, Apple claims PQ3 achieves “level 3” encryption, setting a new standard in the field.

The Cupertino-based tech giant emphasizes that PQ3 marks a milestone in messaging security, claiming it offers protocol protections superior to any other widely used messaging application. Apple asserts that, to their knowledge, PQ3 possesses the most robust security features of any messaging protocol currently available at scale. This development is particularly significant given iMessage’s longstanding commitment to privacy, with end-to-end encryption in place since its inception. Initially relying on RSA encryption, Apple transitioned to Elliptic Curve cryptography (ECC) in 2019, which, until now, has been deemed virtually unbreakable due to the prohibitive amount of time and computational resources required to crack it.

However, the potential of quantum computing to disrupt current encryption standards has prompted a proactive approach from companies like Apple. Quantum computers, with their advanced capabilities, could theoretically decrypt today’s secure communications effortlessly. While no quantum computer currently exists with such power, the rapid progress in quantum technology has spurred global efforts among governments and organizations to develop post-quantum cryptographic solutions. These initiatives aim to protect sensitive data belonging to entities like banks and hospitals from future threats.

The timeline for quantum computers capable of undermining standard cryptographic methods remains uncertain, with IBM projecting a significant advancement in quantum computing by 2029 and QuEra, an MIT/Harvard spinout, expecting to achieve a 10,000-qubit error-corrected system by 2026. In the meantime, concerns about “harvest now, decrypt later” (HNDL) attacks are growing. In these scenarios, malicious actors collect encrypted data with the intention of decrypting it once powerful enough quantum computers become available. Apple’s PQ3 is a strategic move to fortify iMessage against such future threats, ensuring that user communications remain secure in the quantum era.