By WIRED
Apple is launching its first post-quantum protections, one of the biggest deployments of the future-resistant encryption technology to date.
Billions of medical records, financial transactions, and messages we send to each other are protected by encryption. It’s fundamental to keeping modern life and the global economy running relatively smoothly. However, the decades-long race to create vastly powerful quantum computers, which could easily crack current encryption, creates new risks.
While practical quantum computing technology may still be years or decades away, security officials, tech companies, and governments are ramping up their efforts to start using a new generation of post-quantum cryptography. These new encryption algorithms will, in short, protect our current systems against any potential quantum computing-based attacks.
Today Cupertino is announcing that PQ3—its post-quantum cryptographic protocol—will be included in iMessage. The update will launch in iOS and iPad OS 17.4 and macOS 14.4 after previously being deployed in the beta versions of the software. Apple, which published the news on its security research blog, says the change is the “most significant cryptographic security upgrade in iMessage history.”
“We rebuilt the iMessage cryptographic protocol from the ground up,” its blog post says, adding that the upgrade will fully replace its existing encryption protocols by the end of this year. You don’t need to do anything other than update your operating system for the new protections to be applied.
Quantum computing is serious business. Governments in the US, China, Russia, and tech companies such as Google, Amazon, and IBM are plowing billions into the (still) relatively nascent efforts to create quantum computers. If successful, the technologies could help unlock scientific breakthroughs in everything from drug design to creating longer-lasting batteries. Politicians are also vying to become quantum superpowers. The current quantum computing devices are still experimental and not practical for general use.
Unlike the computers we use today, quantum computers use qubits, which can exist in more than one state. (Current bits are either ones or zeroes). It means that quantum devices can store more information than traditional computers and perform more complex calculations, including potentially cracking encryption.
“Quantum computers, if deployed reliably and in a scalable manner, would have the potential to break most of today’s cryptography,” says Lukasz Olejnik, an independent cybersecurity and privacy researcher and consultant. This includes the encryption in the messaging apps billions of people use every day. Most encrypted messaging apps using public key cryptography have used RSA, Elliptic Curve, or Diffie-Hellman algorithms.
Responding to the potential threat—which has been known about since the 1990s—intelligence and security agencies have become increasingly vocal about developing and deploying quantum-resistant cryptography. The National Institute of Standards and Technology (NIST) in the US has been a driving force behind the creation of these new encryption types. Olejnik says tech companies are taking the quantum threat “very” seriously. “Much more serious than some older changes like switches between hash functions,” Olejnik says, adding things are moving relatively fast given that post-quantum cryptography is still “very young” and there’s “no functional quantum computer on the horizon.”
Discussion about this post