 Last month, Apple announced the biggest security upgrade to iMessage, probably since the app's creation, PQ3, a post-quantum cryptographic protocol, which will be used in Apple's default messaging application once you've updated your system to iOS 17.4, macOS 14.4, or WatchOS 10.4. So in case you didn't know, quantum computers are able to run algorithms that are capable of breaking public key cryptography schemes like RSA and even ECDH much, much faster than classical computers. Because quantum computers are still fairly new and quantum resistant encryption is even newer, most software companies have yet to add updated encryption protocols to their software as we're going to see in a second. But I honestly think that this is a bigger and more imminent threat, you know, quantum computers breaking encryption than some people realize, especially in regards to governments or even corporate adversaries that have the ability to archive large amounts of encrypted data that are flowing through the internet. This is something that the NSA in particular are doing right now. They're storing the messages and waiting for a time when they do have a quantum computer to start decrypting them. Now you might be wondering with PQ3 what this 3 stands for. Obviously the PQ stands for post-quantum, so could this be Apple's third iteration of post-quantum encryption? You'd think that we would have heard about the other two, but no, that's not what this is. The three actually stands for level three security because Apple went ahead and invented this metric for measuring how good your encryption is, this level by level security chart, which of course they put themselves at the top of. So down here at level zero, we have no end to end encryption by default. So this includes QQ, Skype, Telegram, and WeChat. Now the key word here is by default, and of course also end to end, I'm sure all these apps here have server side encryption, but not necessarily end to end encryption. So with Telegram, for example, they don't have end to end by default or at least the only chats that I know of that have end to end encryption by default are the secret chats. But for everything else, unless you go in and change a setting, it's just server side encryption. Then level one is where we get apps that do actually have end to end encryption enabled by default. You don't have to change any settings to get it. But of course, no post-quantum encryption. And notice here in level one that Signal and iMessage both say previous next to them because of course Signal recently added post-quantum encryption to their app, and they actually did it before iMessage ever did, which hopefully this post-quantum encryption that Signal added is going to make its way into some of these other apps further down the line as well since of course Signal is open source. Any of these other apps could probably integrate it into their software as well. WhatsApp in particular should really be adopting this very soon because WhatsApp pretty much started off just as a proprietary fork of Signal. And then over here at level three, Apple is saying that their new iMessage with PQ3 has the PQC key establishment plus ongoing PQC rekeying. So they're not just using one post-quantum key to encrypt your entire conversation, they're rotating the keys. And they're also doing so in a post-quantum way. So even if somebody managed to break your encryption or if they managed to get one of your post-quantum private keys for that encryption, then they're only going to be able to decrypt part of the conversation until a new key is established, which I think with this PQ3 encryption, Apple rotates the keys about every 50 messages or so. It kind of varies because to reestablish that key the way that Apple did it, there's a lot of overhead. I think it's about two kilobytes or so to send those keys, which if you think about it, that's a lot compared to like a short text message, right? Like if you want to send a short text message and it just so happens to be when a key needs to be reestablished, it's going to end up being a whole lot bigger. And then we've got a little bit more explanation about this leveling explained here in the blog post. At level two, the application of post-quantum cryptography is limited to the initial key establishment providing quantum security only if the conversation key material is never compromised. But today's sophisticated adversaries already have incentives to compromise encryption keys because doing so gives them the ability to decrypt messages protected by those keys for as long as the keys don't change. To best protect end-to-end encrypted messaging, the post-quantum keys need to change on an ongoing basis to place an upper bound on how much of a conversation can be exposed by a single point in time key compromise both now and with future quantum computers. Therefore, we believe messaging protocols should go even further and attain level three security where post-quantum cryptography is used to secure both the initial key establishment and the ongoing message exchange with the ability to rapidly and automatically restore the cryptographic security of a conversation even if a key becomes compromised. Now I'm very glad that Apple is adding better encryption to their messaging app and joining the post-quantum bandwagon pushing the rest of these companies that don't have it to do the same. This blog post really reeks of marketing and Apple trying to steal the post-quantum secure thunder from Signal. In fact, if you read through this entire blog post, they mention Signal a number of times, five times that they're talking about Signal, which is kind of funny because if we go back to this chart here, Signal is nowhere near the most popular chat app in terms of downloads and a number of people using it. I mean, maybe they're more popular than Line or Viber. I don't really know too much about those particular apps, but Skype, QQ, Telegram, WeChat, of course, iMessage all have probably an order of magnitude more downloads than Signal, so it kind of makes you wonder why is Apple so threatened by Signal? My theory about that is because they were really the first ones to do the post-quantum encryption in their application. Or at least they were the first, I guess, widely used app to have post-quantum encryption and so Apple wants to split hairs here and try to make themselves stand out more than Signal. But the amount of security that you actually get here going from Level 2 to Level 3 or more specifically going from Signal with PQXDH to iMessage with PQ3 is nowhere near as significant as Apple would want you to believe. So this re-keying that Apple is talking about is more commonly referred to as forward secrecy. This is actually a feature that Signal has provided via the Double Ratchet algorithm. In fact, Signal has had this feature in their app for over 10 years. Double Ratchet was partially developed by Moxie Marlin Spike, who was the former CEO of Signal. Signal's encryption algorithm with this forward secrecy was open source and copied by other messaging applications. But more importantly, it's still being used alongside Signal's post-quantum encryption algorithm. So Signal actually did have post-quantum encryption with re-keying that key renewal months before Apple did. And almost everything else about Apple's PQ3 encryption is the same as Signal's that they implemented months before. They both use the PQ encryption in addition to ECDH. They both use crystal kyber as their post-quantum encryption algorithm and they both have forward secrecy as I already explained. The only real difference here is that PQ3 actually uses a post-quantum secure algorithm as part of the ratcheting that's being used for the key renewal. So in theory, yes, Apple's post-quantum encryption in iMessage is technically more secure than Signal's if you just pay attention to that part. In fact, I would say it probably really is more secure than Signal because after all, Apple paid a bunch of fancy German scientists and professors to review the encryption and make sure it was super-duper uber secure before releasing it in their software updates. But even though iMessage is technically more secure than Signal, it's still absolutely proprietary and so it isn't at all the most practical app for securing yourself against the so-called very strong adversaries who can corrupt parties or possess quantum computers and therefore defeat classical cryptography. Secure messaging applications are just one of many opsec tools that you would use depending on your threat model and if your threat model involves an adversary with enough resources to corrupt parties and use quantum computers against you, then it's pretty safe to say that we're talking about a government or a big global tech company like Apple. And I really doubt that this kind of adversary would go straight to throwing their quantum computers at your stored encrypted messages that they have saved in their billion-dollar Utah data centers. They're not going to go right for brute forcing you. An adversary like this would probably try to target the platform that you're using with something like Pegasus spyware. That's literally how these kinds of adversaries targeted iPhone users in the past and of course if you're able to own the device then you can own all the messages being sent from the device. So a global adversary is going to focus their research on targeting iPhone or macOS platforms directly. They don't have to worry about whether you're using Linux, BSD, CubesOS or anything else besides an Apple device because iMessage won't run on those devices. In fact, since this adversary knows that you're going to be locked into Apple hardware and Apple operating systems, they might just go ahead and target Apple themselves directly to deploy a supply chain attack. Something like that is not going to be off the table with global threat actors and because iMessage, iOS and everything else that Apple makes as closed source, you wouldn't even know if a corrupted iMessage or iOS update was pushed to your device for that adversary to be able to read your messages. A much more important and fundamental privacy consideration both now and in the future when quantum computers that can break classical encryption actually exist is going to be having open source algorithms in open source messaging software. That way you don't have to just trust Apple and their fancy German scientists to make sure that their post-quantum encryption is really secure. You can go and verify that software for yourself. It doesn't matter how fancy the post-quantum key exchange is when you, the end user, have no real control over those cryptographic keys or even the device that's generating them. So don't fall into the trap of believing PQ3 iMessage is a secure and private messaging app. Sure, the encryption protocols that it's using are built like an iron fortress, but that fortress is built upon weak proprietary sand that can get pulled from under you whenever Apple or a third party that might corrupt them chooses to do so. If you enjoyed this video, please like and share it to hack the algorithm and check out my online store based.when where you can buy awesome merch like the tie-dye tour tee or little daemon hoodie and you can automatically save 10% of checkout on your entire order when paying in Monero XMR. Have a great day.