SoylentNews is people

Title    iMessage Gets a Major Makeover That Puts It on Equal Footing With Signal
Date    Monday February 26, @01:18AM
Author    hubie
from the dept.

upstart writes:

How Kybers and ratcheting are boosting the resiliency of Apple's messaging app:

iMessage is getting a major makeover that makes it among the two messaging apps most prepared to withstand the coming advent of quantum computing, largely at parity with Signal or arguably incrementally more hardened.

On Wednesday, Apple said messages sent through iMessage will now be protected by two forms of end-to-end encryption (E2EE), whereas before, it had only one. The encryption being added, known as PQ3, is an implementation of a new algorithm called Kyber that, unlike the algorithms iMessage has used until now, can't be broken with quantum computing. Apple isn't replacing the older quantum-vulnerable algorithm with PQ3—it's augmenting it. That means, for the encryption to be broken, an attacker will have to crack both.

The iMessage changes come five months after the Signal Foundation, maker of the Signal Protocol that encrypts messages sent by more than a billion people, updated the open standard so that it, too, is ready for post-quantum computing (PQC). Just like Apple, Signal added Kyber to X3DH, the algorithm it was using previously. Together, they're known as PQXDH.

iMessage and Signal provide end-to-end encryption, a protection that makes it impossible for anyone other than the sender and recipient of a message to read it in decrypted form. iMessage began offering E2EE with its rollout in 2011. Signal became available in 2014.

[...] Another important part of the iMessage upgrade is automatic key refreshing that happens behind the scenes. By changing the key regularly as messages pass back and forth, messengers become more resilient in the event of a compromise. When an adversary obtains a static key, all messages sent with it are subject to immediate decryption. Key refreshing in the same scenario limits what can be decrypted to only a single message or a small subset of messages.

Signal has always provided key refreshing through a signature innovation in the protocol known as ratcheting. Apple says its key refresh mechanism is modeled on ratcheting. To do this, Apple is replacing the elliptic-curve cryptography used since 2019 with Elliptic-curve Diffie-Hellman.

[...] Another difference between the two apps that privacy-minded people should remember is that, by default, iMessage backs up messages within iCloud with no E2EE. Advanced encryption will do nothing to protect users in this scenario. People should either turn off iCloud backups or turn on E2EE in iCloud. (Signal doesn't back up messages at all.)

Apple said it turned to two outside cryptography teams to verify that PQ3 is secure. Both supplied mathematical proofs, one titled Security Analysis of the iMessage PQ3 Protocol and the other A Formal Analysis of the iMessage PQ3 Messaging Protocol.

Original Submission


  1. "upstart" -
  2. "How Kybers and ratcheting are boosting the resiliency of Apple's messaging app" -
  3. "said" -
  4. "updated the open standard" -
  5. "Security Analysis of the iMessage PQ3 Protocol" -
  6. "A Formal Analysis of the iMessage PQ3 Messaging Protocol" -
  7. "Original Submission" -

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, iMessage Gets a Major Makeover That Puts It on Equal Footing With Signal on 2024-04-20 22:34:25