苹果发布PQ3协议- iMessage的后量子加密

Apple has announced a new post-quantum cryptographic protocol called PQ3 that it said will be integrated into iMessage to secure the messaging platform against future attacks arising from the threat of a practical quantum computer.

苹果宣布推出一种新的后量子加密协议，名为PQ3，据称将集成到iMessage中，以保护该消息平台免受未来量子计算机威胁导致的攻击。

"With compromise-resilient encryption and extensive defenses against even highly sophisticated quantum attacks, PQ3 is the first messaging protocol to reach what we call Level 3 security — providing protocol protections that surpass those in all other widely deployed messaging apps," Apple said.

“凭借抗折衷加密和对即使是高度复杂的量子攻击的广泛防御，PQ3是首个达到我们所称的三级安全级别的消息协议，提供了超越所有其他广泛部署的消息应用程序的协议保护，” 苹果表示。

The iPhone maker described the protocol as "groundbreaking," "state-of-the-art," and as having the "strongest security properties" of any cryptographic protocol deployed at scale.

iPhone制造商将该协议描述为“开创性的”，“最先进的”，并具有任何大规模部署的密码协议中“最强的安全特性”。

PQ3 is the latest security guardrail erected by Apple in iMessage after it switched from RSA to Elliptic Curve cryptography (ECC), and by protecting encryption keys on devices with the Secure Enclave in 2019.

PQ3是苹果在iMessage中的最新安全防护措施，自2019年从RSA转换为椭圆曲线密码（ECC）并通过Secure Enclave保护设备上的加密密钥之后。

While the current algorithms that underpin public-key cryptography (or asymmetric cryptography) are based on mathematical problems that are easy to do in one direction but hard in reverse, a potential future breakthrough in quantum computing means classical mathematical problems deemed computationally intensive can be trivially solved, effectively threatening end-to-end encrypted (E2EE) communications.

目前支持公钥加密（或非对称加密）的算法基于易于单向执行但在反向上困难的数学问题，潜在的未来量子计算突破意味着被认为计算密集的经典数学问题可以轻松解决，从而有效威胁端到端加密（E2EE）通信。

The risk is compounded by the fact that threat actors could conduct what is known as a harvest now, decrypt later (HNDL) attack, wherein encrypted messages are stolen today in hopes of decoding them at a later point in time by means of a quantum computer once it becomes a reality.

风险加剧的原因是威胁行为者可能进行所谓的现在收集、以后解密（HNDL）攻击，其中加密消息今天被窃取，希望以后通过量子计算机解密它们一旦它成为现实。

In July 2022, the U.S. Department of Commerce's National Institute of Standards and Technology (NIST) chose Kyber as the post-quantum cryptographic algorithm for general encryption. Over the last year, Amazon Web Services (AWS), Cloudflare, Google, and Signal have announced support for quantum-resistant encryption in their products.

2022年7月，美国商务部国家标准和技术研究所（NIST）选择了Kyber作为通用加密的后量子加密算法。在过去一年中，亚马逊网络服务（AWS）、Cloudflare、谷歌和Signal宣布支持其产品中的量子抵抗加密。

Apple is the latest to join the post-quantum cryptography (PQC) bandwagon with PQ3, which combines Kyber and ECC and aims to achieve Level 3 security. In contrast, Signal, which introduced its own PQXDH protocol, offers Level 2 security, which establishes a PQC key for encryption.

苹果是最新加入后量子密码（PQC）浪潮的公司，通过将Kyber和ECC结合起来，旨在实现三级安全。相比之下，Signal引入了自己的PQXDH协议，提供了二级安全，为加密建立了PQC密钥。

This refers to an approach where PQC is "used to secure both the initial key establishment and the ongoing message exchange, with the ability to rapidly and automatically restore the cryptographic security of a conversation even if a given key becomes compromised."

这指的是一种方法，其中PQC“用于保护初始密钥建立和持续消息交换，能够迅速并自动地恢复对话的加密安全性，即使给定的密钥被泄露。”

The protocol, per Apple, is also designed to mitigate the impact of key compromises by limiting how many past and future messages can be decrypted with a single compromised key. Specifically, its key rotation scheme guarantees that the keys are rotated every 50 messages at most and at least once every seven days.

苹果表示，该协议还旨在通过限制使用单个受损密钥解密的过去和未来消息数量来减轻密钥受损的影响。具体而言，其密钥轮换方案保证每50条消息至多轮换一次，且每七天至少轮换一次。

Support for PQ3 is expected to start rolling out with the general availability of iOS 17.4, iPadOS 17.4, macOS 14.4, and watchOS 10.4 next month.

预计支持PQ3将随着iOS 17.4、iPadOS 17.4、macOS 14.4和watchOS 10.4的普遍可用性开始推出。

Cupertino's iMessage security upgrade follows the tech giant's surprise decision to bring Rich Communication Services (RCS) to its Messages app later this year, marking a much-needed shift from the non-secure SMS standard.

库比蒂诺的iMessage安全升级是这家科技巨头决定在今年晚些时候将富通信服务（RCS）引入其消息应用程序之后的惊喜决定，标志着从不安全的短信标准转变为RCS的重要转变。

It also said it will work towards improving the security and encryption of RCS messages. It's worth noting that while RCS does not implement E2EE by default, Google's Messages app for Android uses the Signal Protocol to secure RCS conversations.

它还表示将努力改进RCS消息的安全性和加密。值得注意的是，尽管RCS默认情况下不实现端到端加密，但谷歌的Android消息应用程序使用Signal协议来保护RCS对话。

While the adoption of advanced protections is always a welcome step, it remains to be seen if this is expanded beyond iMessage to include RCS messages.

尽管采用先进的保护措施总是受欢迎的一步，但尚不清楚这是否会扩展到除iMessage之外的RCS消息。

原文始发于微信公众号（知机安全）：苹果发布PQ3协议- iMessage的后量子加密