USENIX Security '25: Formal Analysis of Apple’s iMessage PQ3 📱
A detailed formal verification of Apple's iMessage PQ3 protocol presented at USENIX Security '25 by ETH Zurich researchers.
USENIX
36 views • Oct 30, 2025
About this video
USENIX Security '25 - A Formal Analysis of Apple's iMessage PQ3 Protocol
Felix Linker, Ralf Sasse, and David Basin, ETH Zurich
We present the formal verification of Apple's iMessage PQ3, a highly performant, device-to-device messaging protocol offering strong security guarantees even against an adversary with quantum computing capabilities. PQ3 leverages Apple's identity services together with a custom, post-quantum secure initialization phase and afterwards it employs a double ratchet construction in the style of Signal, extended to provide post-quantum, post-compromise security.
We present a detailed formal model of PQ3, a precise specification of its fine-grained security properties, and machine-checked security proofs using the TAMARIN prover. Particularly novel is the integration of post-quantum secure key encapsulation into the relevant protocol phases and the detailed security claims along with their complete formal analysis. Our analysis covers both key ratchets, including unbounded loops, which was believed by some to be out of scope of symbolic provers like TAMARIN (it is not!).
View the full USENIX Security '25 program at https://www.usenix.org/conference/usenixsecurity25/technical-sessions
Felix Linker, Ralf Sasse, and David Basin, ETH Zurich
We present the formal verification of Apple's iMessage PQ3, a highly performant, device-to-device messaging protocol offering strong security guarantees even against an adversary with quantum computing capabilities. PQ3 leverages Apple's identity services together with a custom, post-quantum secure initialization phase and afterwards it employs a double ratchet construction in the style of Signal, extended to provide post-quantum, post-compromise security.
We present a detailed formal model of PQ3, a precise specification of its fine-grained security properties, and machine-checked security proofs using the TAMARIN prover. Particularly novel is the integration of post-quantum secure key encapsulation into the relevant protocol phases and the detailed security claims along with their complete formal analysis. Our analysis covers both key ratchets, including unbounded loops, which was believed by some to be out of scope of symbolic provers like TAMARIN (it is not!).
View the full USENIX Security '25 program at https://www.usenix.org/conference/usenixsecurity25/technical-sessions
Tags and Topics
Browse our collection to discover more content in these categories.
Video Information
Views
36
Likes
3
Duration
15:42
Published
Oct 30, 2025
Related Trending Topics
LIVE TRENDSRelated trending topics. Click any trend to explore more videos.
Trending Now