Apple PQ3. A quantum leap in brand security
Apple is introducing PQ3 for iMessage.
Break down this simple, understated message into what it actually means and you’ll understand the power of the Apple brand. You’ll also see how the company intends to keep it that way.
What’s the context? Let’s look at the problem Apple is trying to solve.
Secure communication, massage encryption, eavesdropping has been around since .... people have wanted to communicate securely and in private. It has nothing to do with computers. Computers just made everything faster; both encrypting and hacking. People dedicated their smarts to compete with each other to develop and defeat the most sophisticated methods. However, some of the encryption methods actually depend on the fact that computers are not that fast.
The example of it is the RSA, a public-private cryptosystem widely used in today's secure communication. The term public-private means that you (better say, your device) creates a pair of encryption keys. One is designated as private, the other as public. You tell the world what your public key is and then anyone who has the public key can encrypt a message intended for you. Only you with the private key can decrypt the message.
Both keys are created by factoring two large prime numbers. The security of the algorithms relies on the difficulty to do the reverse operation and from the known key to find these two prime numbers. As computers became faster and faster, it was enough to make the encryption key bigger to resist a brute-force attack. But all that assumed that we use the type of computers we use today to do the attack.
In 1994, Peter Shor developed an algorithm that when used on a quantum computer, can find the prime factor of an integer number. That is one of the reasons why the world is racing to build quantum computers with large enough processors to crack the RSA algorithm.
That was also the beginning of the race to develop quantum resistant encryption algorithms, which would protect the encrypted data from even the 'big' quantum computers. Yours truly wrote a more technical post in Nov, 2021 about this.
Are the quantum computers we have right now big enough to crack this encryption? No. But what everyone is doing is capturing encrypted traffic to crack it later, once technology catches up. It is called Harvest Now, Decrypt Later.
To show you how difficult the problem is, the US National Institute of Standards and Technology (NIST) issued a Call for Proposals in 2016. It is 2024 and after 4 rounds of submissions (and eliminations) we have 4 candidates for quantum safe algorithms, but none of them are officially declared as standards.
And now, back to Apple and PQ3. Apple announced 'iMessage with PQ3: The new state of the art in quantum-secure messaging at scale' which starts in true Apple language that 'Today we are announcing the most significant cryptographic security upgrade in iMessage history with the introduction of PQ3, a groundbreaking post-quantum cryptographic protocol that advances the state of the art of end-to-end secure messaging.'
At the same time, Apple defined how to measure the security level for messaging applications - 'With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach what we call Level 3 security'.
In the above mentioned blog post, Apple goes into great technical and non-technical details how this new encryption will provide for security now and in the future. As a side note, while reading the post, you might notice how carefully Apple doesn't proclaim that they are using an algorithm approved by NIST.
But what Apple did was a masterpiece in branding. With this announcement, Apple declared before anyone else that 'Only Apple truly cares about your security' and 'Apple will protect you from the bad quantum computers'. For the rest of Apple’s competition, it has created a standard which every other company now has to meet in order to demonstrate how secure their product is.
There are many companies in this quantum communication and post-quantum encryption space. They might have better technology. They might even know how to do it better than Apple. But they don't know how to build a brand. Apple does. That's the recurrent pattern which will keep Apple in business even in the quantum computer world. Welcome to the Apple PQ3 era.