Apple Publishes Post-Quantum Corecrypto Code for 2.5 Billion Devices on GitHub
Updated
Updated · Computerworld · May 26
Apple Publishes Post-Quantum Corecrypto Code for 2.5 Billion Devices on GitHub
1 articles · Updated · Computerworld · May 26
Apple released the source code for its corecrypto library on GitHub, exposing the post-quantum protections behind iPhone and Mac security frameworks and publishing a white paper on how it tested them.
The release covers Apple’s implementations of the standardized ML-KEM and ML-DSA algorithms, aimed at hardening iMessage, VPN and TLS against future quantum computers that could break current encryption.
Corecrypto already runs continuously across more than 2.5 billion active devices, and Apple said formal verification of key components found issues conventional testing would have missed before products shipped.
CryptoKit now gives developers access to those quantum-secure building blocks, while Apple said opening the code and verification tools should invite outside review and encourage wider adoption.
Apple first signaled its post-quantum push with iMessage’s PQ3 in iOS 17.4; the broader code release raises the bar for rivals, though the mathematical proof covers only the protections Apple specifically verified.
As tech giants quantum-proof their platforms, will the rest of the world be left vulnerable in a new digital divide?
Is the industry creating a fragile 'quantum-safe' monoculture by standardizing on just a few lattice-based algorithms?
Apple Sets New Industry Standard with Open-Source, Formally Verified Post-Quantum Cryptography for Billions of Users
Overview
Apple has taken a major step in post-quantum cryptography by publicly releasing its corecrypto repository on GitHub, building on its earlier rollout of the iMessage PQ3 protocol in 2024. This move is part of Apple’s ongoing efforts to enhance cryptographic protections and stay ahead of future quantum threats. By sharing its corecrypto source code, Apple not only strengthens its own security but also provides valuable resources for the wider developer community. This helps less-resourced developers research and implement robust post-quantum protections, contributing to a more secure digital landscape for everyone.