Apple Pushes Post-Quantum Cryptography into the Mainstream with PQ3 Announcement

On February 21, 2024, Apple announced an upgrade to iMessage, its popular instant messaging application that works across all Apple platforms (macOS 14.4, iOS 17.4, iPadOS 17.4, and watchOS 10.4). The upgrade includes a new security protocol for end-to-end secure messaging, one that is based on Post-Quantum Cryptography (PQC). It includes PQC key establishment and ongoing PQC rekeying. Rekeying allows for a key to be replaced during ongoing message exchange if the existing key becomes compromised. PQ3 uses a hybrid system, whereby a classical cryptography (in this case, Elliptic Curve) is used alongside a PQC algorithm (Kyber, a lattice-based key encapsulation mechanism selected by the U.S. National Institute of Standards and Technology (NIST) for PQC standardization). PQ3 has been tested externally as well, notably by researchers at ETH Zurich and the University of Waterloo, two foremost academic institutions heavily involved in PQC standardization.

Apple is the second party to provide PQC capabilities for a popular messaging application. In September 2023, Signal announced support for the PQXDH protocol for key establishment (also Kyber-based). It does not, however, offer rekeying capabilities, meaning that Apple has a slight security advantage here. But the Apple announcement is more than just about the level of Post-Quantum (PQ) security it now provides in comparison to Signal. iMessage has about 1 billion monthly active users compared to Signal’s 40 million. This is a massive leap in terms of PQC’s visibility; 1 in 8 people on the planet will now hear about quantum-secure technologies.  

This type of amplification is a shot in the arm for the PQC market. While attack-capable quantum computers are not yet a reality, it is likely that they will be so by 2030. The U.S. NIST has been working for the last 5 years to standardize PQC algorithms for Key Establishment (KEM) and for Digital Signatures (DSA). Four were selected in July 2022 (Kyber for KEM, and Dilithium, Falcon, and SPHINCS+ for DSA), and the world is waiting for the official standards to be announced any day now. The U.S. National Security Agency (NSA) also announced its choice of algorithms in September 2022 for its Commercial National Security Algorithm Suite 2.0 (AES, Kyber, Dilithium, SHA, LMS, and XMSS). These are the algorithm choices that really kick-started the commercial market for PQC solutions (prior to that, it was an extremely niche play). Now, as stakeholders await the official standards announcements, they have already started integrating and testing the algorithms in their products, much like Signal and Apple.

For those that have been developing PQC solutions for the past decade, 2024 will be the crux of the PQC commercialization journey. With the standards announcement looming, and companies like Apple bringing the world’s attention to PQC, the time is ripe for stakeholders to ride that wave and showcase they’ve been ahead of the curve the whole time and already have a market-ready PQC solution. Both Apple and Signal have made their announcements centered around the Harvest Now, Decrypt Later threat (i.e., threat actors stealing encrypted data now, with a view to decrypting it later once quantum computers become available), driving that Fear, Uncertainty, and Doubt (FUD) argument that PQC is necessary now. Those that have been paying attention already know this and have been preparing for quantum migration, but the vast majority will delay action until it’s too late. For this reason, announcements by heavyweights like Apple are a boon for the market, with a potential domino effect very likely to push a million dollar market into the billions by 2030.