Apple released the corecrypto source code on GitHub, exposing the low‑level cryptographic library that powers Security, CryptoKit and CommonCrypto across iPhone and Mac. The move follows the 2024 rollout of the PQ3 protocol in iMessage, Apple’s first public step toward post‑quantum protection. By publishing the code, Apple invites external scrutiny of its quantum‑resistant designs. It covers key exchange, hashing, RNG and digital signatures.

Within the repository Apple includes implementations of the NIST‑selected algorithms ML‑KEM and ML‑DSA, along with test suites, performance tools and a formal‑verification folder. The verification assets demonstrate compliance with FIPS 203 and FIPS 204 standards and contain a custom Cryptol‑to‑Isabelle translator. Apple notes the release date May 22 2026, aiming to spur broader adoption and peer review of its formal methods.

Apple’s detailed blog post explains that formal verification caught a missing step in an early ML‑DSA implementation that could have produced out‑of‑range outputs, and it repaired an error in a third‑party proof. By open‑sourcing the code and proof material, Apple provides researchers with reproducible artifacts, significantly tightening confidence that future iPhone and Mac devices will resist quantum attacks for consumers.