RCS text-messaging (Android vs iPhone): TLS 1.X? PQC?

443 views
Skip to first unread message

Daniel Apon

unread,
Mar 15, 2025, 10:33:21 PM3/15/25
to pqc-forum
Hello all,

I've finally got RCS (instead of SMS) between my friends who use Android phones and myself (I use an iPhone).

I'm sure someone here can point to a useful breakdown of the cryptographic technologies involved.

Does RCS use TLS?

Which version of TLS?

Does RCS use PQC (e.g. akin to iMessage or Signal)?

What protocol of PQC does RCS use?

Cheers,
--Daniel Apon

John Mattsson

unread,
Mar 15, 2025, 11:26:54 PM3/15/25
to Daniel Apon, pqc-forum

Hi Daniel,

 

So, RCS is a GSMA standard from 2008, and began taking off with the standardization of the universal profile in 2016.

https://en.wikipedia.org/wiki/Rich_Communication_Services

https://www.gsma.com/solutions-and-impact/technologies/networks/gsma_resources/gsma-rcs-universal-profile-3-0-specifications/

 

Earlier RCS standards specifies the use of TLS between the client and the network. TLS is used to protect configuration, signaling, and messages. The Universal Profile RCS 3.0 (March 2025) specifies use of End-to-end (E2E) encryption via MLS. Google has implemented E2E encryption with Signal but that is not part of any standard and not supported by Apple. Both Google and Apple has stated that they will support E2E encryption via MLS.

I would assume that Google and Apple use TLS 1.3. MLS does not have not code point registered for ML-KEM but they are working on it.

https://datatracker.ietf.org/wg/mls/documents/


In general, the cryptographic techniques used will depend on the two clients as well as the networks. Currently my guess would be that when you and your Android friends message each other you get hop-by-hop protection with a mixture of TLS 1.3 and IPsec without PQC. In the near future you will get End-to-end (E2E) encryption via MLS. Possible first without PQC and in a later step PQC…

Cheers,

John

 

--
You received this message because you are subscribed to the Google Groups "pqc-forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pqc-forum+...@list.nist.gov.
To view this discussion visit https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/1fd132a9-b7f7-4962-a93d-2440c1ef7c2cn%40list.nist.gov.

Daniel Apon

unread,
Mar 17, 2025, 1:32:03 PM3/17/25
to John Mattsson, pqc-forum
John,

Wonderful! Thank you for the extremely useful info! <3
This is bigly on my radar -- it affects a device I carry on my person for 22-23 hours per day on average..

Actually -- maybe I can pray for some useful discussion about this at RWC & related events this next week in Sofia, Bulgaria -- anyone who will be in the area, please reach out =)

Cheers,
--Daniel
Reply all
Reply to author
Forward
0 new messages