Paper 2024/357

Security analysis of the iMessage PQ3 protocol

Douglas Stebila, University of Waterloo
Abstract

The iMessage PQ3 protocol is an end-to-end encrypted messaging protocol designed for exchanging data in long-lived sessions between two devices. It aims to provide classical and post-quantum confidentiality for forward secrecy and post-compromise secrecy, as well as classical authentication. Its initial authenticated key exchange is constructed from digital signatures plus elliptic curve Diffie–Hellman and post-quantum key exchanges; to derive per-message keys on an ongoing basis, it employs an adaptation of the Signal double ratchet that includes a post-quantum key encapsulation mechanism. This paper presents the cryptographic details of the PQ3 protocol and gives a reductionist security analysis by adapting the multi-stage key exchange security analysis of Signal by Cohn-Gordon et al. (J. Cryptology, 2020). The analysis shows that PQ3 provides confidentiality with forward secrecy and post-compromise security against both classical and quantum adversaries, in both the initial key exchange as well as the continuous rekeying phase of the protocol.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
post-quantumsecure messagingiMessagePQ3
Contact author(s)
dstebila @ uwaterloo ca
History
2024-03-01: approved
2024-02-28: received
See all versions
Short URL
https://ia.cr/2024/357
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2024/357,
      author = {Douglas Stebila},
      title = {Security analysis of the {iMessage} {PQ3} protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/357},
      year = {2024},
      url = {https://eprint.iacr.org/2024/357}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.