QuICS Fellow Jonathan Katz Discusses Apple's Post-Quantum Cryptographic Protocol

Apple recently announced new security measures for its iMessage app that is used by more than a billion people worldwide.

In unveiling its PQ3 post-quantum cryptographic protocol, Apple said it is taking action now—while quantum computing is still in its nascent stage—to prevent hackers from collecting current iMessage data, and then using that information in the future when quantum computers are more readily available. In the security world, this scenario is known as Harvest Now, Decrypt Later.

We sat down with Jonathan Katz, a University of Maryland expert on quantum-secure cryptography, to gain more insight as to why these new security measures are needed now, and what we may see in the future.

Question: What is the difference between traditional cryptography and quantum-secure cryptography?

Katz: At a high level, it comes down to the mathematical problems that they’re based on. Classical cryptography algorithms are primarily based on number theoretic type problems. Now people are looking at new classes of mathematical problems that are believed to be hard even for quantum computers. One of the leading candidates for those problems is related to something called lattices. This is another mathematical object, but a little bit different from traditional number theory.

Question: Is Apple protecting our texts with quantum computers, as some outlets have reported? 

Katz: No. The new protocol they deployed is entirely classical; it runs on classical computers like current iPhones and iPads. However, even though they are entirely classical, they are intended to provided security against adversaries who might use quantum computers to attack them.

Question: If quantum computers don’t fully exist yet, why should people be concerned about the security of their messages from a quantum attack? 

Katz: There are two things. One is the possibility of quantum computers being built in the next decade or so, in which case we need to start being prepared now. But it’s more than that, because there's this issue that can happen where—if I encrypt a message to you today, or governments encrypt messages to each other today—an attacker could theoretically take that communication, and just store it on their hard drive. Then 10 years from now, if quantum computers come out, they can then use a quantum computer to decrypt that message. So that's why you need protection against quantum computers now, even though they may not exist for another decade.

Click HERE to read the full article