Apple has opened its corecrypto library, including ML‑KEM and ML‑DSA implementations, on GitHub. The release comes with extensive documentation, formal verification artifacts, and performance tools, signaling a push toward broader adoption of post‑quantum security across its device ecosystem.

Apple Shares iPhone and Mac Post‑Quantum Cryptography Code on GitHub

Apple today added a new corecrypto repository to its public GitHub organization, exposing the low‑level cryptographic library that powers Security framework, CryptoKit, and CommonCrypto on iPhone, iPad, Mac, and Apple Silicon devices. The upload includes source for the two NIST‑standard post‑quantum algorithms Apple selected—ML‑KEM for key encapsulation and ML‑DSA for digital signatures—along with test suites, performance benchmarks, build targets, and a dedicated formal‑verification folder.

Why the release matters

Apple first announced its post‑quantum effort with the PQ3 protocol in iMessage on iOS 17.4, allowing conversations to start with quantum‑resistant keys and to refresh those keys over time. By publishing the underlying corecrypto code, Apple is moving from a closed‑source prototype to an openly auditable component. This step serves three practical goals:

Community review – Researchers can examine the implementation against the latest NIST standards (FIPS 203 for ML‑KEM, FIPS 204 for ML‑DSA) and look for subtle bugs that might escape internal testing.
Cross‑platform consistency – The same library runs on iPhone, iPad, Mac, Apple TV, and the new Apple Silicon chips, ensuring a uniform security baseline.
Accelerating adoption – By providing a reference implementation, Apple encourages other vendors and open‑source projects to integrate the same algorithms, helping the industry transition before large‑scale quantum computers appear.

Inside the repository

Portable C code – The bulk of the algorithms is written in clean, standards‑compliant C, making it easy to compile on non‑Apple platforms for research purposes.
Hand‑optimized ARM64 assembly – For Apple Silicon devices, Apple includes assembly tuned to take advantage of the cores’ vector units, delivering performance comparable to classic elliptic‑curve operations.
Formal verification assets – A folder named formal_verification contains Isabelle/HOL theories, a custom Cryptol‑to‑Isabelle translator, and scripts that reproduce the proofs Apple used to certify compliance with FIPS 203/204. The accompanying paper, Formal verification for Apple corecrypto, explains the methodology in detail.
Test harnesses and benchmarks – The tests directory holds unit tests for each primitive, while benchmarks measures throughput and latency on a range of Apple Silicon CPUs (M2, M3, and the upcoming M4).

How Apple verified the code

Apple’s blog post describes a multi‑layered verification pipeline:

Conventional testing – Thousands of automated test vectors, including edge‑case inputs generated by the NIST test suites.
Simulation – Cycle‑accurate models of the ARM64 micro‑architecture run the assembly paths to catch timing‑related bugs.
Independent review – Selected external cryptographers were invited to audit the code and the accompanying proofs.
Formal verification – Using the custom Cryptol‑to‑Isabelle tool, Apple translated algorithm specifications into Isabelle, then proved functional equivalence between the specification and the implementation.

During this process Apple uncovered a missing range‑check in an early ML‑DSA version that could have produced out‑of‑bounds values under rare conditions. The issue was corrected before any device shipped the affected code. A similar discovery involved an error in a third‑party proof, which Apple patched for the exact parameter set it uses.

Impact on the Apple ecosystem

Releasing corecrypto does not immediately change the user experience, but it lays the groundwork for several upcoming features:

Future iMessage updates – More messaging apps could adopt PQ3‑style key exchange without waiting for Apple to ship a new OS version.
Secure boot and firmware signing – ML‑DSA signatures may replace current ECDSA‑based firmware verification on Macs with Apple Silicon, offering resistance to quantum attacks on the supply chain.
Enterprise integration – Companies that rely on Apple devices for VPNs or secure file transfer can now build their own post‑quantum‑ready solutions using the same library Apple ships internally.

What developers should do

Clone the repo – git clone https://github.com/apple/corecrypto.git
Read the documentation – The README.md outlines build steps for macOS, Linux, and Windows (via WSL).
Experiment with the benchmarks – Running make bench on an M3 Mac shows roughly 1.2 µs per ML‑KEM encapsulation, comparable to classic RSA‑2048 operations.
Follow the formal‑verification guide – The formal_verification/README.md walks through reproducing the Isabelle proofs, a valuable learning resource for anyone interested in cryptographic assurance.

Looking ahead

Apple’s decision to open source its post‑quantum corecrypto code marks a shift from secrecy to collaboration. By providing both the implementation and the proof artifacts, Apple invites the broader security community to validate its work and to help refine the algorithms before large‑scale quantum computers become a practical threat.

For the full technical deep‑dive, read Apple’s Security Research blog post here and explore the GitHub repository here.

Apple shares iPhone and Mac post-quantum cryptography code on GitHub - 9to5Mac

Marcus Mendes is a Brazilian tech podcaster and journalist who has covered Apple since the mid‑2000s.

#Post-Quantum Cryptography #Apple #Open Source #Formal Verification #Cryptography

Apple Publishes iPhone and Mac Post‑Quantum Cryptography Code on GitHub