What is the PQ3 protocol, and how does it work?
Currently, most messaging apps have standard encryption methods which use public and private keys to securely deliver messages.
There are two encryption methods.
In the public key encryption method, a user’s message is encrypted by the public key before transmission and then the private key is used to decrypt messages.
In the private key method, while both keys are required, they are basically the same, and both the sender and the recipient are allowed to encrypt or decrypt the message.
Apple’s PQ3 protocol uses a hybrid design combining traditional encryption methods with post-quantum encryption both during the initial key establishment between devices and during rekeying, which essentially rechecks the cryptographic keys between devices to ensure continued protection.
Under the PQ3 protocol each device generates public keys locally and then transmits them to Apple servers as part of the iMessage registration process using the Module Lattice-based Key Encapsulation Mechanism or ML-KEM.
This enables the sender device to get the receiver device’s public keys and generate post-quantum encryption keys for the first message.
Apple has also included a periodic post-quantum rekeying mechanism within the conversation which is capable of self-healing from key compromise and safeguarding future messages.
COMMENTS