Apple Announces ‘Groundbreaking’ New Security Protocol for iMessage::Apple today announced a new post-quantum cryptographic protocol for iMessage called PQ3. Apple says this “groundbreaking” and…
My guess is that they’re doing this now so they can say, in court, that their product is more secure than the alternative. Offering similar encryption in a walled garden might not be enough to avoid antitrust scrutiny in US courtrooms. Now they can lean into to arguing that their product is walled off for security reasons.
That said, at some point more stuff will need this protection. Maybe not tomorrow, but the clock is ticking.
It’s not “groudbreaking” when it’s already widely used in Signal.
Fuck Apple, they’re a monopolistic piece of shit.
Quantum-safe or Beeper-safe?
Beeper didn’t work by cracking iCloud’s encryption. The user’s key was still needed to decrypt a message. Beeper and Apple couldn’t see the contents of an iCloud message, only the end users.
As I recall, Beeper’s secret sauce was around authenticating from a 3rd party client.
Yeah IIRC it was side channel
But did you add RCS support yet?!?!
If the answer is no, YOUR PRIORITIES ARE FUCKING WRONG!
I won’t be surprised if that doesn’t show up until iOS 18; when they announced it in November 2023 the only timeline they gave was “later next year.” This encryption has presumably been in development for a while, whereas I think they announced RCS support only as they started, to try to get ahead of regulatory issues in the EU.
I’ll bet money that this project started long before Apple and Google agreed on their shared cross platform RCS strategy 4 months ago.
And as others have said, unlike PQ3, RCS will visibly impact the experience. “Green bubble” message quality will go way up. I’ll bet PM and marketing want to peg that to a full version number release. Those folks always want to hold back the juicy user-facing stuff for n.0 releases
As EU dropped their app from the list of gatekeepers, they have no need to adopt abandoned protocol laying around and pretend to be open like Google do.
So are they going to use Perfect Forward Secrecy with this protocol? Because that’s their big problem.
the symmetric ratchet, protects older messages in a conversation to achieve forward secrecy. For every message, we derive a per-message encryption key from the current session key. The current session key itself is then further derived into a new session key, ratcheting the state forward. Each message key is deleted as soon as a corresponding message is decrypted, which prevents older harvested ciphertexts from being decrypted by an adversary who is able to compromise the device at a later time, and provides protection against replayed messages. This process uses 256-bit keys and intermediate values, and HKDF-SHA384 as a derivation function, which provides protection against both classical and quantum computers.
Fuck apple.
They gotta stop with the breaking of ground