this post was submitted on 22 Feb 2024
17 points (94.7% liked)

Cybersecurity

5764 readers
44 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago
MODERATORS
 

Apple has announced PQ3, a significant cryptographic update for iMessage, providing Level 3 security with post-quantum cryptography (PQC) for both initial key establishment and ongoing message exchange. This protocol is designed to secure communications against quantum computing threats and has been formally verified for its robust security properties. PQ3 employs a hybrid design, combining current Elliptic Curve algorithms with new post-quantum algorithms, ensuring it's never less safe than existing protocols. The rollout will begin with upcoming iOS, iPadOS, macOS, and watchOS updates, with iMessage conversations automatically upgrading to PQ3. This protocol represents a major advancement in securing end-to-end encrypted messaging at scale.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 9 months ago (1 children)

has been formally verified for its robust security properties.

How do they formally verify these?

[–] kid 1 points 9 months ago

From the article:

This includes a team led by Professor David Basin, head of the Information Security Group at ETH Zürich and one of the inventors of Tamarin — a leading security protocol verification tool that was also used to evaluate PQ3 — as well as Professor Douglas Stebila from the University of Waterloo, who has performed extensive research on post-quantum security for internet protocols.

There is a paper describing the tests.

Not that this settle everything.