man 7 Apple_PQ3_encryption_

man 7 Apple_PQ3_encryption_
Photo by Laurenz Heymann / Unsplash
audio-thumbnail
Along Came Polly
0:00
/389.038563

introduction

apples pq3 is a new cryptographic protocol that adds post-quantum security to imessage and other apple services at massive scale. rolled out with ios 17.4, macos 14.4, and related updates in 2024, pq3 represents the most significant cryptographic upgrade to imessage to date. apple rebuilt the imessage protocol from the ground up to achieve what it calls level 3 security, meaning post-quantum defenses are applied not only during the initial key establishment but also continuously throughout the message exchange. in apples taxonomy, most messaging apps today are level 1 end-to-end encrypted but with no quantum protection, and signals recent pqxdh update reached level 2 by adding a post-quantum algorithm to its initial handshake. pq3 elevates imessage to level 3, making it the first widely-deployed messaging service with post-quantum encryption in both the handshake and ongoing communication. the primary goal is to preempt harvest-now, decrypt-later attacks where an adversary records encrypted messages today to decrypt them in the future using a quantum computer. by combining classical elliptic-curve cryptography with nists advanced post-quantum algorithms, pq3 protects imessage conversations against both conventional attackers and future quantum adversaries.

apples taxonomy of messaging security levels. most apps are level 0 or 1 no quantum protection. signals pqxdh achieved level 2 with a post-quantum initial handshake, while apples new pq3 protocol attains level 3 by using post-quantum cryptography for both the initial key exchange and continuous rekeying.

cryptographic design hybrid handshake and kem structure

at its core, pq3 uses a hybrid key establishment every new imessage session begins with two parallel key agreements one classical and one post-quantum. when initiating a conversation, the senders device retrieves the recipients public key bundle from apples identity directory service ids. each pq3-capable device registers two public encryption keys 1 a conventional elliptic-curve diffiehellman key using nist curve p256 and 2 a post-quantum kyber key encapsulation public key. kyber is a lattice-based kem algorithm selected by nist as the module-lattice kem standard after extensive cryptanalysis . these public keys are signed by the devices secure enclave using ecdsa p-256 and tied to the users account identity and protocol version, which prevents spoofing or downgrade attacks . using this bundle, the sender performs:

  • a classical ecdh the sender generates an ephemeral p-256 key pair and computes an ecdh shared secret with the recipients static p-256 public key.
  • a post-quantum kem the sender uses the recipients kyber public key to encapsulate a random secret, producing a ciphertext. this ciphertext is essentially a wrapped symmetric key that only the recipient holding the kyber private key can decapsulate.

the sender then transmits its ephemeral p-256 public key and the kyber ciphertext in the first message, allowing the recipient to derive the same two secrets one via ecdh, one via decapsulation even if they were offline. both resulting shared secrets are combined using key derivation apple applies hkdf with sha-384 to extract entropy from each secret, then mixes them together along with a domain-separation tag and session metadata via another hkdf-extract to derive the sessions initial keying material. in effect, the sessions master key is bound to both the classical and post-quantum components, so an attacker would need to break both the elliptic-curve diffiehellman and the kyber kem to recover it. this satisfies the hybrid security goal that pq3 can never be less safe than the existing classical protocol. even if a future quantum computer defeats ecc discrete log or, conversely, if some unforeseen mathematical attack weakened kybers lattice problem, the remaining algorithm should still protect the conversations confidentiality. apple chose kyber-1024 for this initial key exchange, which corresponds to nists highest security level category 5, 256-bit classical security to give a large safety margin for the long-lived static keys. the p-256 curve provides 128-bit classical security. thanks to the hkdf-combination, the session key is secure as long as either the discrete log problem remains hard or the kyber kem remains unbroken. this design addresses the harvest-now, decrypt-later threat from the very first message even a quantum adversary recording the initial handshake would face a lattice-based secret they cannot decrypt without the kyber private key which only lives on the recipients device.

session key ratcheting and self-healing

beyond the initial handshake, pq3 extends the signal-style double ratchet with post-quantum rekeying. once a secure session is established, every message uses fresh key material, and the protocol continuously injects new entropy so that past or future ciphertexts remain safe even if a devices state is compromised at some point. pq3 actually employs a triple-ratchet mechanism:

  • symmetric ratchet like in signals double ratchet, a one-way hash chain hkdf using sha-384 derives a new message key from the prior key for each message, and the old keys are immediately erased. this provides forward secrecy once a message is delivered and its key discarded, an attacker who later steals the devices state cannot decrypt that past message . all symmetric keys and derivations in pq3 use 256-bit values and hkdf-sha384, which is designed to resist even quantum attacks since a quantum grovers algorithm would only quadratically weaken a symmetric 256-bit key to 128-bit strength.
  • ecdh ratchet classical to achieve post-compromise security recovering confidentiality after a device breach, pq3 continually performs an elliptic-curve diffiehellman ratchet between the parties. with every outgoing message, the sender includes a new ephemeral p-256 public key 32 bytes, and combines it with the last public key received from the other side to derive fresh entropy via ecdh . this new ecdh shared secret is mixed into the session state via hkdf to update the root key. thus, even if an attacker had compromised the session keys up to that point, as soon as one full ecdh ratchet round completes, the attacker loses the ability to decrypt subsequent messages. in practice, this operates much like the classical double ratchets dh step e.g. x25519 in signal, except apple uses p-256 keys for the ratchet, incurring only a 32-byte overhead per message . the use of standard p-256 here leverages hardware support secure enclave and apples existing ecc infrastructure, and is backward-compatible with earlier imessage crypto which since 2019 had moved to elliptic curves .
  • post-quantum kem ratchet to guard against a quantum adversary in post-compromise scenarios, pq3 adds a kyber ratchet alongside the ecdh ratchet. periodically, the sender will generate a one-time kyber keypair, encapsulate a secret to the recipient with it, and send both the new kyber public key and the kem ciphertext in-band. the recipient decapsulates to get the same secret, and both sides mix this into the session key state again via hkdf, just as with the ecdh ratchet. this quantum-proof ratchet ensures that even if an attacker records all encrypted traffic and later compromises one device, they still cannot decrypt messages after the most recent post-quantum rekey because those message keys depend on a kyber secret that cannot be computed from prior state. in essence, it provides post-quantum post-compromise security the conversation can self-heal from a breach when new kem keys are introduced. notably, apple uses kyber-768 for these ratchet steps providing 192-bit classical security . kyber-768 has smaller key material than kyber-1024 and is sufficient for ephemeral, one-time ratchet keys that are replaced frequently.

the inclusion of a kyber ratchet is a novel advancement signals protocol, for example, does not perform any post-quantum rekeying after the initial handshake signals pqxdh adds a pq kem only at session setup, not in the continuous double ratchet. apples approach means imessage can recover from compromise even against an adversary who later builds a quantum computer, whereas other protocols would remain vulnerable after the initial key if long-term conversation state were stolen. figure 1 below summarizes the cryptographic primitives and key sizes used in pq3 across the handshake and ratchet phases.

phase componentalgorithms primitivessize overheadpurpose
initial key exchangeelliptic curve dh p-256 nist curve, post-quantum kem kyber-1024p-256 public key 32 bytes, kyber-1024 public key 1568 bytes, ciphertext 1568 byteshybrid one-way handshake sender to offline receiver derive shared secrets that are secure against both classical and quantum attacks.
session key derivationhkdf sha-38448-byte output per hkdf-extractcombine two shared secrets ecdh and kem into a single master session key. ensures breaking one algorithm alone doesnt reveal the key.
symmetric message ratchethkdf sha-384 per message32-byte message keys aes-256 keyforward secrecy each message gets a unique key, old keys erased . uses 256-bit keys to resist quantum brute-force .
ecdh ratchet per messageephemeral p-256 ecdh32-byte public key per messagepost-compromise security classical each message introduces a new ecdh secret small overhead. prevents future messages from being decrypted if past session state was compromised.
pq kem ratchet periodicephemeral kyber-768 kemkyber-768 public key 1184 bytes, ciphertext 1088 bytes 2.2kb totalpost-compromise security quantum-resistant occasionally injects a lattice-based secret to heal the session against quantum attackers. higher overhead, so not every message.
encryption cipheraes-256 in ctr mode16-byte iv, variable ciphertext padding up to 12 overheadsymmetric encryption of message payload. 256-bit key from message key yields 128-bit post-quantum security grover-resistant . ctr mode is used since messages are individually integrity-protected by signatures see below.
authenticationecdsa p-256 digital signatures64 bytes per signatureevery message is signed by the senders device private key in secure enclave . ensures authenticity and binds message metadata counters the malleability of ctr and thwarts forgeries .

table key algorithms and sizes in apples pq3 protocol. post-quantum components kyber kem are combined with classical ecc components p-256 ecdh/ecdsa to ensure at least classical security and add quantum resilience. the kyber-1024 kem used for initial pre-key exchange has large key material 1.5kb keys, while the kyber-768 used for ratcheting reduces overhead to 2.2kb per rekey. by contrast, a p-256 public key is only 32 bytes. pq3 balances these trade-offs by using the big post-quantum updates infrequently but enough to secure long conversations.

implementation in imessage and apples ecosystem

apple integrated pq3 into imessage in a way that is seamless for users and compatible with existing infrastructure. device key registration when an imessage device iphone, ipad, mac, etc. comes online, it generates its p-256 key pair and kyber-1024 kem key pair locally with private keys stored securely, e.g. in secure enclave, and uploads the public keys to apples identity directory service along with a timestamp and supported protocol version. the public keys are signed by the devices long-term device authentication key an ecc key also in the secure enclave, and that in turn is certified by the users account key through apples contact key verification system . this chain of signatures and apples new key transparency service a public log of user keys ensures that when one device fetches another devices keys, it can verify they havent been tampered with and that the receiving device intended to register them. it also conveys the protocol version to thwart downgrade attacks for example, if an attacker or misconfigured server tried to supply only a legacy non-pq public key for a contact who actually has pq3-capable keys, the signature over the key bundle which includes a pq3 supported flag would fail to validate . in practice, imessage will automatically use pq3 whenever both sender and receiver devices support it, and fall back to the previous protocol when communicating with any device that hasnt upgraded, so no user action is required beyond updating the os. during the rollout, apple allowed mixed environments e.g. in a chat where one of the recipients devices is older and doesnt have a kyber key registered, that device will simply continue using the classical encryption scheme for its copies of messages, while the newer devices use pq3 for theirs. thanks to imessages design of sending separate encrypted payloads to each device, the presence of an older device doesnt prevent others from using pq3 each device pair negotiates independently based on capabilities. by the end of 2024, apple planned to have fully replaced the old protocol in all conversations where both sides are updated, effectively making quantum-resistant e2e encryption the default for hundreds of millions of imessage users.

integration with other services although branded as an imessage feature, pq3 was built as a general secure messaging layer for apples ecosystem. the protocol is used for any end-to-end encrypted, device-to-device channel that could benefit from forward secrecy and post-quantum security. for example, a formal analysis paper notes that pq3 underlies not only imessage, but also facetime, homekit, and homepod handoff essentially, many apple services that establish direct secure sessions between devices now leverage the pq3 protocol. this indicates apples holistic approach rather than patching post-quantum algorithms into each application separately, they developed pq3 as a unified, robust e2e crypto scheme and integrated it across multiple systems. as a result, when you initiate a facetime call or connect a homekit accessory, the same hybrid kyber/ecc handshake and ratchet principles may be protecting the encryption keys behind the scenes. apples control over hardware and software e.g. secure enclave, cryptokit libraries enabled optimized implementation of kyber and the rest of pq3 at the os level. while apple hasnt open-sourced the imessage code, third-party cryptographers have reimplemented pq3 for study for instance, a python implementation of the pq3 protocol is available on github, illustrating the protocol flows as documented by apple . moreover, apples security engineering team engaged an independent security consultancy to audit the pq3 implementation the auditors found no security issues in the code . this, along with extensive internal testing, gave apple confidence to deploy pq3 by default to such a huge user base without degrading reliability or user experience.

message format and compatibility a message sent under pq3 carries some additional data compared to the legacy imessage protocol. in the first message of a conversation, for example, the payload includes the senders ephemeral p-256 public key and a kyber ciphertext encapsulating the initial shared secret targeted to the receivers static keys . each regular message in an ongoing conversation may include a new 32-byte ecdh public key for the classical ratchet, and occasionally a 2kb kyber public key ciphertext bundle for the post-quantum ratchet. to prevent these larger messages from standing out or leaking metadata like how frequently rekeys happen or the true length of the users text, apple employs padding. pq3 uses the padm padded envelope scheme , which pads messages to one of a set of pseudorandom lengths such that the ciphertext length leaks minimal information within a factor of log log m for a maximum message size m . this padding adds at most about 12 overhead and is optimized so that for typical imessage text lengths the overhead is much smaller . therefore, an attacker observing encrypted message sizes would find it hard to distinguish a message that carried a post-quantum rekey from one that didnt. on the receiving side, devices recognize the protocol version and parse these fields accordingly. older devices simply ignore the pq3-specific fields or dont receive them at all, depending on server-side filtering by capabilities, so backward compatibility is maintained without disruption. apples design also ensures that increasing the frequency of post-quantum rekeys in the future if quantum threats grow or network capacity allows can be done in a backward-compatible way the protocol includes a flexible rekey interval rule negotiated based on device support.

performance considerations and trade-offs

introducing post-quantum cryptography in a mobile messaging app at scale required careful attention to performance, particularly in terms of bandwidth and latency. the kyber kem, while relatively efficient among pq algorithms, has much larger key sizes than traditional elliptic-curve crypto. for example, a single p-256 public key is 32 bytes, whereas a kyber-768 ciphertext is about 1,088 bytes . apple observed roughly a 20 increase in size when adding a kyber encapsulation compared to an ecdh exchange . indeed, sending a kyber-768 public key 1184 bytes plus its ciphertext 1088 bytes adds 2.2kb of overhead to a message. if pq3 naively performed this on every message, it would significantly bloat message sizes and could impact delivery speeds especially in low-bandwidth situations or for users on metered networks. this overhead would also multiply the load on apples servers handling billions of imessages. to reconcile security with practicality, pq3 uses an adaptive scheduling for the post-quantum ratchet. in normal conditions, the kyber rekey is performed roughly once every 50 messages per conversation, rather than every message . additionally, a time-based cap ensures that even in a low-volume chat, a post-quantum rekey occurs at least once every 7 days . the protocols heuristic rekeying criterion takes into account the number of messages sent since the last rekey and the current network conditions to decide when to attach the kyber kem data. for instance, if the device is on a slow connection or the user is rapidly sending many small messages, pq3 might defer the kyber update slightly to avoid introducing a delay, whereas on wi-fi or after a certain count of messages it will proactively rekey. this adaptive approach means that most messages incur only the 32-byte ecdh ratchet overhead, with the 2kb post-quantum payload amortized over dozens of messages. on average, the bandwidth overhead of pq3 is kept modest apple specifically aimed to amortize message size to avoid excessive additional overhead from the added security. and if needed, apple can fine-tune the frequency via software updates as quantum threat models or network capacities evolve, without breaking compatibility .

latency in terms of latency, the initial session setup in pq3 remains a one-round process for the initiator the first message carries all necessary information for the receiver to compute the shared keys immediately on receipt no extra handshake round-trip is needed beyond what classical imessage already did. the receiver can then send an acknowledgment which in imessage is an encrypted delivery receipt that includes its own ephemeral ratchet key, completing the mutual exchange without user-visible delay. apple cleverly uses these automatic delivery receipts to rapidly complete ratchets even if the recipient doesnt send a new chat message back, their devices receipt allows the sender to finish the dh/kem exchange and advance the ratchet state . this ensures that forward-secure and post-quantum updates happen promptly. for the ongoing conversation, the occasional 2kb kyber rekey payload could, in poor network conditions, slightly delay a message. however, given the relatively small frequency 2 of messages or less and apples precautions the heuristic avoiding rekey on bad connections, users are unlikely to notice any lag. in practice, early reports indicated no appreciable change in imessage speed or reliability with pq3 enabled, demonstrating that modern networks and apples optimization handle the overhead well. furthermore, the computational cost of kyber is quite low on modern hardware kyber encapsulation/decapsulation involves matrix polynomial operations that are efficient even on mobile cpus, and apples implementation possibly using armv8 crypto extensions or optimized c code from the open-source pqclean project means that processing a kem or two has negligible impact on battery or ui responsiveness. the secure enclave may also accelerate p-256 ecdh and ecdsa operations, but kyber operations likely run in normal cpu context still, these complete in microseconds to milliseconds range, well below any threshold that users would feel.

storage and rotation devices rotate their long-term kyber-1024 and p-256 public keys periodically each registration is timestamped and expires . this limits how long a given static key can be targeted or collected by an adversary. from a performance view, this means occasionally uploading new keys to apples directory, but that overhead is trivial compared to messaging traffic. the kyber-1024 keys 1.5 kb are larger than previous ecc keys, but apples identity servers and the push network were sized to handle these. since keys are reused for possibly many initial messages until rotated, the cost is amortized.

comparison of overheads to put numbers in context, suppose alice and bob exchange 100 messages. with classical signal-style encryption, that might mean 100 ecdh public keys 64 bytes each for curve25519 or 32 bytes each for compressed p-256 3.2-6.4 kb total overhead. in pq3, the same 100 messages might include 2 pq rekeys if one every 50 messages thats 2 * 2.2kb = 4.4kb from kyber, plus 100 ecdh keys 3.2 kb. total 7.6kb overhead for 100 messages only moderately larger. if it were a pure post-quantum ratchet every time, 100 messages would balloon to 220 kb of kem data, which is clearly a non-starter for a consumer chat app . apples strategy achieves a middle ground most of the time, the incremental cost of pq3 is invisible, but the occasional bigger update ensures long-term security. in addition, the use of hkdf-extract chaining means that even those who do log all the ciphertexts and keys cannot combine information from multiple ratchets to their advantage each ratchets secret is mixed in a one-way fashion that resets the security of the key stream . this way, the effect of any single key compromise is limited in time and scope, as formally verified by apples cryptographers .

security analysis and community feedback

apples introduction of pq3 was met with thorough scrutiny from the cryptographic community, and it benefited from extensive formal verification prior to deployment. apple collaborated with outside experts to mathematically prove the protocols security properties. in one analysis led by professor douglas stebila, a game-based proof approach was used to reduce pq3s security to that of its underlying primitives. stebilas proof confirms that even if an attacker compromises some session keys or has either a classical or quantum computer, they cannot break pq3s confidentiality without breaking both the lattice-based kem and the elliptic-curve diffiehellman precisely the intended hybrid guarantee. another independent team prof. david basin and researchers at eth zurich modeled pq3 in the tamarin prover, a tool for symbolic protocol analysis . they were able to verify, with machine-checked proofs, that in the absence of the sender or recipient being compromised, all keys and messages transmitted are secret, and even if compromises occur, the protocols self-healing ratchets ensure that the damage is limited and short-lived. their formal model encompassed an adversary with the power to corrupt devices and even to eventually obtain a quantum computer thus breaking classical crypto, yet showed that pq3 maintains secrecy and authenticity guarantees in a well-defined way. such rigorous analysis, rare for industry products, gives high confidence in pq3s design. as the eth researchers noted, pq3 goes beyond signal with regards to post-quantum defenses in pq3, a post-quantum secure algorithm is part of the ratcheting and used repeatedly, rather than only once in the initialization as in signal. . the formal proofs are publicly available and set a new high bar for evaluating secure messaging protocols.

from the broader cryptographic community, the response to pq3 has been positive, recognizing it as a major milestone in practical post-quantum cryptography deployment. researchers at pqshield a post-quantum cryptography firm commented that 2024 is the year pqc becomes ready for full-scale, mature product deployment and lauded apples move to secure hundreds of millions of users with pq3. the most innovative aspect highlighted was pq3s post-quantum continuous rekeying something no other mass-market messenger had implemented . by contrast, signals pqxdh introduced a few months earlier was limited to protecting the initial key exchange, which pqshield notes still requires a rather powerful adversary capable of device compromise and traffic collection to defeat, but apples protocol closes even that advanced gap. one trade-off that experts pointed out is that pq3 forgoes deniability in messaging. traditional signal-style messaging uses unauthenticated dh outputs and macs so that, after the fact, transcripts cannot be cryptographically proven to originate from a user providing plausible deniability. apple instead decided to digitally sign each message with the senders identity key ecdsa p-256 . this means that every imessage carries an unforgeable signature tying it to the sender, which could be verified by third parties. in practice, this has no impact on preventing eavesdropping or tampering the messages are still end-to-end secure and integrity-checked, but it does mean if a conversation transcript is obtained, the sender cant repudiate messages they sent the signatures are proof of authorship . apple seems to have accepted this in favor of the stronger authentication and simpler design it provides and possibly because imessages legal/ux model doesnt emphasize deniability the way otr or signal do. the security community is divided on the importance of deniability in apples case, messages are already tied to an apple id/phone number and user login, so cryptographic deniability was likely not a priority. still, its a notable design difference from signals double ratchet.

another area of discussion is post-quantum authentication sometimes dubbed level 4 security. pq3 still relies on classical ecc signatures p-256 for message authentication and identity verification. this is completely reasonable today forging those signatures would require a quantum computer at the time of communication, which is far harder than the harvest-now, decrypt-later scenario for encryption keys . however, looking ahead, one could imagine attackers in possession of a quantum computer might also try to impersonate users by breaking signatures in real-time. neither pq3 nor signals protocol address that yet, as both use classical schemes ecdsa or eddsa for authenticity. the pqshield analysts note that adding post-quantum signatures e.g. crystals-dilithium or the experimental mqdss/ml-dsa schemes is challenging current pq signatures are quite large and computationally heavier, and in signals case they would also break the deniability property. apples hardware secure enclaves today implement p-256 and other classical algorithms in silicon they do not yet support a pq signature algorithm, which likely influenced apples decision to stick with ecdsa for now . apple acknowledged that as quantum threats advance, they will continue to assess the need for post-quantum authentication and can upgrade protocols accordingly. for the time being, level 3 post-quantum confidentiality is the essential defense against record-now/decrypt-later attacks, and apple has achieved that. level 4 post-quantum authentication will be the next hurdle in coming years, potentially requiring new breakthroughs in efficient pq signatures or new protocols the research community has proposed techniques like ring signatures for deniable pq handshakes, etc. .

in summary, apples pq3 protocol is a state-of-the-art blend of classical and post-quantum cryptography, engineered for real-world performance and formally verified for robust security. it leverages the well-vetted hardness of lattice problems kyber and elliptic curves, combining them such that each serves as a backstop for the other. the design introduces post-quantum protection from the first message and throughout the conversation, exceeding the protections of any widely-deployed secure messaging system prior to it. despite the increased key sizes and complexity, apple achieved a seamless deployment by judiciously hybridizing algorithms and amortizing costs. from a security standpoint, pq3 guarantees that an eavesdropper who is saving ciphertexts today will not be able to decrypt those messages in the future, even with a quantum computer unless both the classical and post-quantum cryptography are compromised. and even a sophisticated adversary who manages to briefly breach a devices keys will find that they can only spy on a limited window of messages before the self-healing ratchet locks them out again. by aligning with nists post-quantum standards kyber ml-kem and using conservatively strong parameters, apple also ensures pq3s cryptographic components will interoperate with future standards and remain secure under evolving cryptanalysis. the successful rollout of pq3 in imessage a global, popular service is a pivotal moment in the industrys transition to post-quantum cryptography. it demonstrates that quantum-resistant encryption can be deployed at scale without sacrificing performance or user transparency. we can expect other messaging providers and protocols the ietf mls standard, whatsapp, etc. to follow suit, likely adopting similar hybrid approaches and maybe even improving on apples design for example, by exploring pq signatures or different kems. for now, apples pq3 stands as a cutting-edge implementation that raises the bar for secure messaging in the quantum era.

sources

  1. apple security engineering & architecture sear, imessage with pq3 the new state of the art in quantum-secure messaging at scale, feb. 2024 .
  2. apple sear, security analysis of the imessage pq3 protocol analysis by d. stebila .
  3. f. linker, r. sasse, d. basin eth zürich, a formal analysis of apples imessage pq3 protocol, 2024 .
  4. pqshield research, post-quantum messaging examining apples new pq3 protocol, feb. 2024 .
  5. wired, apples imessage is getting post-quantum encryption, feb. 21 2024 .
  6. infoq, apple debuts post-quantum cryptography cipher pq3 for imessage, feb. 29 2024 .
  7. reddit r/crypto discussion, apple adds pq primitives to imessage, 2024 .
  8. d. eijkman, an analysis of apples imessage pq3 algorithm using proverif, b.sc. thesis, radboud univ. 2025 .