Paper 2024/357

Security analysis of the iMessage PQ3 protocol

Douglas Stebila, University of Waterloo

The iMessage PQ3 protocol is an end-to-end encrypted messaging protocol designed for exchanging data in long-lived sessions between two devices. It aims to provide classical and post-quantum confidentiality for forward secrecy and post-compromise secrecy, as well as classical authentication. Its initial authenticated key exchange is constructed from digital signatures plus elliptic curve Diffie–Hellman and post-quantum key exchanges; to derive per-message keys on an ongoing basis, it employs an adaptation of the Signal double ratchet that includes a post-quantum key encapsulation mechanism. This paper presents the cryptographic details of the PQ3 protocol and gives a reductionist security analysis by adapting the multi-stage key exchange security analysis of Signal by Cohn-Gordon et al. (J. Cryptology, 2020). The analysis shows that PQ3 provides confidentiality with forward secrecy and post-compromise security against both classical and quantum adversaries, in both the initial key exchange as well as the continuous rekeying phase of the protocol.

Available format(s)
Cryptographic protocols
Publication info
post-quantumsecure messagingiMessagePQ3
Contact author(s)
dstebila @ uwaterloo ca
2024-03-01: approved
2024-02-28: received
See all versions
Short URL
Creative Commons Attribution


      author = {Douglas Stebila},
      title = {Security analysis of the iMessage PQ3 protocol},
      howpublished = {Cryptology ePrint Archive, Paper 2024/357},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.