May 22, 2026
Proof or it didn’t happen
A blueprint for formal verification of Apple corecrypto
Apple says its secret security math is finally provable — commenters say: cool, but fix the rest too
TLDR: Apple published new proof-backed security code meant to protect iPhones and Macs from future quantum-computer threats, and says experts can now inspect the work themselves. Commenters were split between praising the unusually rigorous approach and dragging Apple for fixing one deep security problem while, they argue, neglecting others.
Apple just dropped a very serious flex: it says the cryptography at the heart of iPhones, Macs, and more is getting mathematical proof that its new quantum-safe protections are implemented correctly. In plain English, Apple is trying to make sure the code protecting messages, internet connections, and sensitive data on 2.5 billion devices does exactly what it’s supposed to do — especially as the company rolls out defenses against future quantum computers. Apple also published its proof tools for outside experts to inspect, which is basically the security world’s version of saying, “Check our homework.”
But the real fireworks were in the comments. One camp was downright impressed, with users gushing that Apple’s chosen verification tools are unusually approachable by formal-methods standards. Another commenter zeroed in on an old bug in one of these new algorithms and called it the perfect example of why this kind of proof work matters: the sort of tiny missing step that looks invisible in review and could slip past normal testing unless the stars align. That’s the sober side.
Then came the classic internet record scratch: “Great, but what about everything else?” One critic basically accused Apple of polishing the vault door while leaving other windows shaky, arguing the company still hasn’t taken parser security seriously enough and instead offers Lockdown Mode as a workaround. So yes, Apple’s security nerds are celebrating — but the comments quickly turned it into a messy, very online debate over whether this is a breakthrough or just premium-grade damage control.
Key Points
- •Apple says it is releasing corecrypto implementations of ML-KEM and ML-DSA along with mathematical proofs of correctness and related verification tools.
- •The company states that these implementations were formally verified against NIST standards FIPS 203 and FIPS 204.
- •Apple added post-quantum encryption to corecrypto in 2024 and is applying quantum-secure cryptography to iMessage, VPN, TLS, and developer APIs in CryptoKit.
- •Apple says corecrypto underpins cryptographic functions on more than 2.5 billion active devices, making correctness and security critical.
- •According to Apple, ML-KEM and ML-DSA were chosen because they met its requirements for security, implementability, performance, and compact parameters, and were later standardized by NIST.