In March 2024, Apple announced “post quantum cryptography” for its iMessage service. What does this mean? Today, the privacy of information sent across the internet between two people depends on “asymmetric encryption” - where each person can use their own “private key” to encrypt their communications, without first needing to agree a common key which someone else might overhear. Some clever maths is used to turn your private key into a public one, in a way that today’s computers cannot practically reverse. This means you can tell someone your public key, but they cannot use that to work out your private key, so can’t decrypt the messages sent to you. However, future “quantum computers” might be able to reverse these calculations, so they could decrypt and read the data sent without actually knowing the keys of either person.
The theory of a quantum computer is well understood, but no-one knows if or when it could be practically built. Estimates from “experts” in the field range typically from 10 to 30 years for one that could actually “crack” encryption in this way. However, if you send data across public networks today that still needs to be kept confidential for 10 or more years, you might worry that someone could collect the encrypted data you send now and decrypt it later when such a quantum computer is available - sometimes referred to as “Harvest Now, Decrypt Later” attacks.
One proposed solution is new types of algorithms that we do not expect could be broken by quantum computers –the “post quantum cryptography” (or PQC) that Apple have rolled out. iMessage was already end-to-end encrypted, so the content couldn’t be read except on the sender’s and the receiver’s Apple devices. Now it will be encrypted twice, using today’s “classical” algorithm and a proposed “post-quantum” algorithm. They have also added a mechanism to regularly update the encryption key, so even if someone does manage (by luck or skill) to obtain the key at some point, they can only read a limited amount of content. The full technical details can be found in Apple’s blog post[1], but here we consider what lessons can be drawn from this:
1. For most everyday devices and applications, the end user doesn’t need to worry about the quantum computing threat - providing the software can be easily upgraded and the vendor is actively developing and maintaining that software. One morning, Apple iPhone owners woke up and their device had been updated – in due course web browsers and other consumer devices will be too. So for these use cases, don’t panic – ignore the scare stories like quantum thieves draining your bank account!
However, you should ensure that you know what else you use that sends encrypted data across a network (like IoT devices, that router you haven’t updated for years, and so on). If you know for each device how important its function is, how sensitive the data it handles is, whether it can be updated, and whether the vendor plans to update it, then you will be ready to decide if and when to replace or decommission it.
2. Most upgrades to PQC will not be so smooth as this one. There’s a good reason why Apple upgraded iMessage before any other iPhone apps – when you control the operating system and the application on all user devices and on all the servers, it makes deployment much simpler. When the protocols have to be agreed between lots of different organisations, and then rolled out separately by each one, it will be more difficult. As not everyone will be ready at the same time, solutions will need to be found for backwards compatibility, without allowing “downgrade” attacks that put everyone back onto the old algorithms.
3. We don’t know what the “right” PQC algorithms are. Standards are still being developed, and there is always a risk that a proposed “quantum-safe” algorithm could actually be cracked using a classical computer – so by protecting against a hypothetical future quantum computer we might make communications insecure against today’s computers. Until we’ve given some resourceful cryptographers plenty of time to try to break these new proposed algorithms using today’s computers, this will be a significant risk. This is why Apple are encrypting the data twice (sometimes called “double-wrapping”), using both a classical and a PQC algorithm. This means that even if someone can break the PQC algorithm today, they still can’t break the classical one until a quantum computer comes along, so your data is still safe for now.
4. PQC, at least in this scenario, doesn’t seem to cause the issues with processing speed or storage space that some experts have worried about - an iPhone, like many other mass market devices, has plenty of spare capacity. It might be different for smaller, cheaper devices like a security camera or internet connected sensor, however.
5. We don’t need to worry, for now, about changing the processes for the initial login or authentication to use post-quantum encryption. Collecting this login data to decrypt years later is of no value to an attacker (unless the service provider’s security practices are really bad….) Therefore, Apple have said they will upgrade the iMessage authentication process to use PQC at a later date.
6. Apple believes it has a “quantum-safe” mechanism to regularly update the encryption key. PQC does introduce extra data transmission overhead for a key update, so Apple are only doing this every few thousand characters, not for every message, but this is still pretty good. It seems they believe they can make this truly unpredictable –so there is no way to infer the previous or the next key used - without relying on any special source of “entropy” or randomness. It has previously been suggested you need a quantum random number generator to be truly quantum safe, but Apple appear to be happy they can do without this.
7. Apple is serious about privacy. Probably very few iMessage users are actively worrying about the “harvest now, decrypt later” risk. Nonetheless, Apple wanted to be seen as an early mover in this space. Let’s see if this makes others follow suit quickly, or if they take their time to wait for the technology to mature, and learn from Apple’s experience!
Comments