iMessage Gets a Major Makeover That Puts It on Equal Footing With Signal
upstart writes:
How Kybers and ratcheting are boosting the resiliency of Apple's messaging app:
iMessage is getting a major makeover that makes it among the two messaging apps most prepared to withstand the coming advent of quantum computing, largely at parity with Signal or arguably incrementally more hardened.
On Wednesday, Apple said messages sent through iMessage will now be protected by two forms of end-to-end encryption (E2EE), whereas before, it had only one. The encryption being added, known as PQ3, is an implementation of a new algorithm called Kyber that, unlike the algorithms iMessage has used until now, can't be broken with quantum computing. Apple isn't replacing the older quantum-vulnerable algorithm with PQ3-it's augmenting it. That means, for the encryption to be broken, an attacker will have to crack both.
The iMessage changes come five months after the Signal Foundation, maker of the Signal Protocol that encrypts messages sent by more than a billion people, updated the open standard so that it, too, is ready for post-quantum computing (PQC). Just like Apple, Signal added Kyber to X3DH, the algorithm it was using previously. Together, they're known as PQXDH.
iMessage and Signal provide end-to-end encryption, a protection that makes it impossible for anyone other than the sender and recipient of a message to read it in decrypted form. iMessage began offering E2EE with its rollout in 2011. Signal became available in 2014.
[...] Another important part of the iMessage upgrade is automatic key refreshing that happens behind the scenes. By changing the key regularly as messages pass back and forth, messengers become more resilient in the event of a compromise. When an adversary obtains a static key, all messages sent with it are subject to immediate decryption. Key refreshing in the same scenario limits what can be decrypted to only a single message or a small subset of messages.
Signal has always provided key refreshing through a signature innovation in the protocol known as ratcheting. Apple says its key refresh mechanism is modeled on ratcheting. To do this, Apple is replacing the elliptic-curve cryptography used since 2019 with Elliptic-curve Diffie-Hellman.
Read more of this story at SoylentNews.