What Apple’s PQ3 protocol mean for data security? | Explained

Apple’s PQ3 post-quantum cryptographic protocol seeks to protect messages on iMessage from hackers using quantum computers 

March 01, 2024 05:28 pm | Updated 05:51 pm IST

Apple announced PQ3, a post-quantum cryptographic protocol, to encrypt conversations in iMessage.

Apple announced PQ3, a post-quantum cryptographic protocol, to encrypt conversations in iMessage. | Photo Credit: AP

Story so far: On February 21, Apple announced PQ3, a post-quantum cryptographic protocol, to encrypt conversations in iMessage. The company called it the “first messaging protocol to reach Level 3 security” and claimed it can defend “even highly sophisticated quantum attacks.” Per Apple, this protocol’s security layer will surpass those available in all widely used messaging apps.

What is the PQ3 protocol, and how does it work?

Currently, most messaging apps use standard encryption methods using public and private keys to securely deliver messages. There are two encryption methods. In the public key encryption method, a user’s message is encrypted by the public key before transmission and then the private key is used to decrypt messages.

In the private key method, while both keys are required, they are basically the same, and both the sender and the recipient are allowed to encrypt or decrypt the message.

Apple’s PQ3 protocol uses a hybrid design combining the traditional encryption methods with post-quantum encryption both during the initial key establishment between devices and during rekeying, which essentially rechecks the cryptographic keys between devices to ensure continued protection.

Under PQ3 protocol each device generates public keys locally and then transmits them to Apple servers as part of the iMessage registration process using the Module Lattice-based Key Encapsulation Mechanism or ML-KEM. This enables the sender device to get the receiver device’s public keys and generate post-quantum encryption keys for the first message. Apple has also included a periodic post-quantum rekeying mechanism within the conversation which is capable of self-healing from key compromise and safeguarding future messages.

Why is Apple shifting to PQ3 protocol?

Currently, Apple’s iMessage supports end-to-end encryption by default. This mode of protection relies on mathematical problems that could potentially be solved by powerful quantum computers.

Over the years, Apple has made improvements to encryption, enhancing its platform’s overall protection against hackers. However, current cryptographic problems can be solved by quantum computers, though such computers are still in the works. Apple says extremely well-resourced attackers can mount attacks by taking advantage of the drop in data storage costs.

Essentially, attackers can store large amounts of today’s encrypted data and file it for future reference. And though attackers may not be able to decrypt this data today, they can retain it until it can be decrypted at a later date by making use of a quantum computer.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

What are PQ3’s strengths and limitations?

The PQ3 protocol protects communications on iMessage against current and future decryptions. It also limits how many past and future messages can be decrypted with a single compromised key, reducing the impact of key compromises.

But, despite its enhanced protection, the PQ3 protocol, because of its intended application scenario, does not address group messaging, authentication against quantum adversaries, or cryptographic deniability.

Also, messages stored in iCloud may not be protected by this protocol.

Will the PQ3 protocol impact Apple users?

The new protocol offers protection against adversaries capable of compromising the transport layer between devices. However, the protocol does protect against attacks mounted on messages delivered to a device, which remains the same and can be extracted after unlocking a device or by using advanced attackers using Pegasus, TirangleDB, and other spyware.

Additionally, since PQ3 relies on traditional signature algorithms for message authentication, a man-in-middle attacker with a powerful quantum computer may still have a chance of hacking it, Kaspersky said in a blog post.

Therefore, while the new protocol from Apple enhances security on iMessage and provides protection against future attacks using quantum computers, it is not a one-stop solution. And users concerned about the protection of their data should not rely only on post-quantum cryptographic protocols.

Are other messaging services also using methods like PQ3?

Currently in beta, PQ3 will start to roll out with the public release of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. However, this is not the first time a tech company has announced post-quantum encryption protocols.

Earlier in September 2023, Signal announced advancements in quantum resistance for the Signal Protocol. The upgrade called PQXDH added a layer of protection against the threat of quantum computers being built for the future. The upgrade used a new post-quantum cryptosystem that implemented one-way functions that cannot be advantageously reversed by a quantum computer.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.