[_cenw]

The keys in advanced protection are derived from your device passcodes, your macOS user password and a recovery key. You'll notice you have to approve from one of your devices to use iCloud web or add a new device.

The deviation function takes a while to run and depends on the secure enclave, but you still probably want to avoid 4-digit passcodes.

[highwaylights]

They are, but they also must be encrypted n separate times where n is the number of signed in devices.

Mac iPad iPhone Recovery Key

Each of the above would have a separate uniquely encrypted device backup key as a result of the derivation function. I can change the password on any of those (or regenerate the recovery key) without a full iCloud re-encryption or duplication of my iCloud data - therefore Apple must be holding a key in escrow that is the actual decryption key. One would assume it's that key that is encrypted against the derivation function, as then it could still be credibly argued as end-to-end, but that's just an assumption I'm making.

[_cenw]

I'm not sure why you're doing all this speculation, when wrapping keys is a pretty standard technique (i.e. LUKS key slots) and Apple provides the details themselves[1]. Yes, they're doing a handshake with secure enclave keys and transfer the master key to your devices. Turning on Advanced Protection will reencrypt all the data in iCloud in the background whereas turning it off will submit the master key to Apple so they can presumably place it on an HSM. Apple already did this before advanced protection with your Keychain.

[1]: https://help.apple.com/pdf/security/en_US/apple-platform-sec...