iMessage is undergoing a significant transformation that positions it as one of the two messaging applications most equipped to endure the impending rise of quantum computing, closely matching Signal or potentially even slightly more fortified.

According to Apple’s announcement on Wednesday, messages transmitted via iMessage will now benefit from dual layers of end-to-end encryption (E2EE), as opposed to the singular layer it used to have. The newly introduced encryption, PQ3, incorporates a novel algorithm known as Kyber which, unlike the algorithms iMessage previously utilized, cannot be compromised by quantum computing. Apple is not replacing the older quantum-vulnerable algorithm with PQ3, but rather augmenting it. This implies that in order to breach the encryption, an attacker would need to crack both.

Securing E2EE for the future

The modifications to iMessage come five months after the Signal Foundation, the creator of the Signal Protocol securing messages for over a billion users, updated the open standard to make it also ready for post-quantum computing (PQC). Similar to Apple, Signal integrated Kyber into X3DH, the algorithm it previously employed, collectively forming PQXDH.

iMessage and Signal offer end-to-end encryption, a safeguard that ensures only the sender and recipient of a message can access it in its decrypted state. E2EE was first introduced with iMessage’s launch in 2011, while Signal became available in 2014.

Quantum computing poses one of the most prominent threats to various encryption methods. The robustness of the algorithms utilized in virtually all messaging applications is reliant on mathematical problems that are easy to solve in one direction, yet extremely challenging in the opposite direction. In contrast to a conventional computer, a quantum computer with adequate resources can solve these problems significantly faster.

The precise arrival of this development is unforeseeable. A common projection suggests that a quantum computer with 20 million qubits (a basic unit of measurement) will be able to crack a single 2,048-bit RSA key in around eight hours. To date, the most powerful known quantum computer has 433 qubits.

Whenever this future materializes, cryptography engineers acknowledge its inevitability. They are also aware that certain adversaries may accumulate and store abundant encrypted data now, with intentions of decrypting it once quantum advancements facilitate such actions. The measures taken by both Apple and Signal aim to fortify against this prospect by leveraging Kyber, one of the several PQC algorithms presently endorsed by the National Institute of Standards and Technology. Since Kyber is still relatively new, both iMessage and Signal will continue to rely on the more established algorithms for the time being.