As Apple gets ready to ship RCS messaging support on the iPhone in 2024, one of the biggest concerns the company has expressed is the lack of any kind of encryption. Such encryption would keep chats private and secure and iMessage has been encrypted since it launched years ago. Now, the company has announced an upgrade to that encryption that makes your iMessage chats more private than ever before. Fear not, the chances of someone intercepting that super-secret chili recipe are now much, much less.
How much less? Apple seems to be pretty convinced that its new PQ3 cryptographic security upgrade is about as good as it gets, saying that as far as it's aware, "PQ3 has the strongest security properties of any at-scale messaging protocol in the world." That's quite the claim, and it's backed it up with receipts as well.
Following the news that Apple won't be forced to open iMessage up to third-party messaging platforms by the European Commission and the Digital Markets Act, Apple is clearly leaning into encryption as a key component. The company's explanation of how PQ3 works is long and complicated, but the bones of the matter are pretty clear — the chances of anyone breaking iMessage encryption are pretty low. With PQ3, Apple says that iMessage is now more able to defend against "even highly sophisticated quantum attacks."
Post-Quantum Cryptography
Apple announced the new iMessage glow-up in a detailed post to its security blog while detailing just how it works.
The iMessage protocol debuted way back in 2011 with encryption at its heart. Apple then upgraded its cryptographic protocol in 2019 "by switching from RSA to Elliptic Curve cryptography (ECC), and by protecting encryption keys on device with the Secure Enclave." The result was a very secure protocol, but nothing's perfect. And as raw processing power continues to increase, it's possible that current encryption models can be broken.
"However, the rise of quantum computing threatens to change the equation," Apple warns. "A sufficiently powerful quantum computer could solve these classical mathematical problems in fundamentally different ways, and therefore — in theory — do so fast enough to threaten the security of end-to-end encrypted communications."
While there are no quantum computers that can currently pose such a risk today, that could well (and probably will) change.
"To mitigate risks from future quantum computers, the cryptographic community has been working on post-quantum cryptography (PQC): new public key algorithms that provide the building blocks for quantum-secure protocols but don’t require a quantum computer to run — that is, protocols that can run on the classical, non-quantum computers we’re all using today, but that will remain secure from known threats posed by future quantum computers," the blog post explains. That post then goes on to explain the details of how cryptography works and while that's beyond our scope here, the blog post is well worth a read just to get a feel for how advanced iMessage's new security protocol is — remember, PQ3 is the third-level of post-quantum cryptography. There are two, less secure, layers below it.
Ultimately, no iPhone, iPad, Mac, or other Apple device user needs to know how any of this works. All that matters is that it does, and it makes iMessage safer than ever. It's also already being tested and will roll out with the public releases of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4. They're all expected to land within the next couple of weeks, too.