Apple releases quantum-resistant code and verification tools

As reported by CyberScoop, Apple has made its quantum-resistant cryptographic code and the mathematical verification tools used to ensure its correctness publicly available. This release aims to allow for independent review and broader adoption across the technology industry.

The release includes implementations of ML-KEM and ML-DSA, two quantum-secure algorithms, along with the formal verification libraries and tools Apple developed. These tools are integrated into corecrypto, Apple's cryptographic library used on over 2.5 billion devices for encryption, decryption, hashing, and digital signatures. Apple began deploying this quantum-resistant encryption in iMessage in 2024 and has since expanded it to VPN services and TLS networking protocols.

The verification process, which uses mathematical proofs to ensure code correctness, uncovered errors missed by conventional testing, such as a bug in the ML-DSA code that could have compromised digital signatures. Apple acknowledges that a hybrid approach, combining formal verification with conventional testing and evaluation, provides the most robust security for critical cryptographic software against the threat posed by future quantum computers.

Source: CyberScoop