WWDC25: Get ahead with quantum-secure cryptography | Apple

Apple Developer

10 Jun 202520:10

Summary

TLDRThis video explains the importance of adopting quantum-secure cryptography to safeguard sensitive data against future quantum attacks. With quantum computing on the rise, current cryptographic algorithms like RSA and elliptic curve cryptography are vulnerable. The video covers various quantum attacks, including the 'harvest now, decrypt later' attack, and provides practical steps to transition to quantum-secure encryption and signatures. It highlights the role of Apple’s CryptoKit in facilitating the migration to secure cryptography, offering tools for developers to protect data in transit and through custom cryptographic protocols, ensuring long-term security.

Takeaways

😀 Quantum computing poses a threat to traditional cryptographic methods, making it essential for developers to adopt quantum-secure cryptography.
🔒 The 'harvest now, decrypt later' attack allows attackers to store encrypted data and decrypt it once they have access to a quantum computer in the future.
🚨 Active quantum attacks can compromise digital signatures, enabling attackers to impersonate users and perform unauthorized actions.
⚡ Quantum-secure cryptography algorithms are ready for adoption and will remain secure even in the presence of quantum computers.
🔑 Public-key cryptography, like RSA and elliptic curve cryptography, needs to be replaced by post-quantum algorithms to protect against quantum attacks.
🔐 Symmetric-key cryptography can be made quantum-secure by increasing key sizes, such as upgrading from AES-128 to AES-256.
🌐 For defending against quantum attacks on network data, it's crucial to implement quantum-secure encryption in TLS, especially for sensitive data in transit.
📱 iMessage has already adopted quantum-secure encryption to protect user conversations, showcasing how to implement quantum-secure cryptography at scale.
💻 TLS 1.3 has a quantum-secure encryption upgrade, and developers can enable it easily for secure data transmission over the network.
🔧 Custom cryptographic protocols should migrate to quantum-secure APIs, such as Post-quantum HPKE, available through CryptoKit for Apple platforms.

Q & A

What is the main threat posed by quantum computing to current cryptography?
-Quantum computing poses a threat to current cryptography by being able to break or weaken many widely used algorithms, which are based on mathematical problems that quantum computers can solve exponentially faster than classical computers.
What is the 'harvest now, decrypt later' attack and why is it a concern?
-The 'harvest now, decrypt later' attack involves an attacker harvesting encrypted data, such as TLS traffic, and storing it. Once they gain access to a sufficiently powerful quantum computer in the future, they can decrypt the harvested data, potentially exposing sensitive user information.
How can quantum-secure cryptography defend against the 'harvest now, decrypt later' attack?
-Quantum-secure cryptography uses algorithms that are resistant to quantum attacks. By adopting quantum-secure encryption protocols, such as quantum-secure TLS, apps can ensure that sensitive data is protected from being decrypted by future quantum computers.
What types of cryptographic protocols are at risk from quantum attacks?
-Both encryption (for confidentiality) and signatures (for authenticity) are at risk. Quantum attacks can break encryption algorithms like RSA and elliptic curve cryptography, and they can forge signatures, breaking the authenticity of data.
What are 'quantum-secure' algorithms and how are they different from classical algorithms?
-Quantum-secure algorithms are designed to resist attacks from both classical and quantum computers. They replace traditional public-key cryptographic methods (like RSA) with new algorithms that are too computationally intensive for both types of computers to solve.
What is Post-quantum Hybrid Public Key Encryption (HPKE) and why is it recommended?
-Post-quantum HPKE is a quantum-secure encryption method that combines post-quantum algorithms with classical algorithms to provide enhanced security. It's recommended because breaking such a hybrid construction requires breaking both the post-quantum and classical components, making it highly secure.
How can symmetric-key cryptography be made quantum-secure?
-Symmetric-key cryptography can be made quantum-secure by increasing the key size. For example, moving from AES-128 to AES-256, as quantum computers can only reduce the security of symmetric-key algorithms by a small constant factor.
What steps should developers take to migrate their network protocols to quantum-secure cryptography?
-Developers should migrate to quantum-secure encryption in TLS, especially for handling encrypted data in transit. This includes upgrading to quantum-secure versions of TLS and ensuring that both client-side and server-side implementations are updated.
What are the key features of CryptoKit's new quantum-secure APIs?
-CryptoKit’s new quantum-secure APIs support post-quantum hybrid encryption (such as Post-quantum HPKE) and signatures (such as ML-DSA). These APIs are secure, easy to use, performant, and support hardware-isolated execution with Secure Enclave, providing added protection against side-channel attacks.
How does iMessage use quantum-secure cryptography to protect user data?
-iMessage uses quantum-secure hybrid encryption for key establishment and ongoing rekeying to protect sensitive user conversations. In iOS 17.4, Apple launched iMessage PQ3, which was rebuilt to provide quantum-secure messaging at scale.