Google is aiming to protect the web from the threat posed by quantum computers to traditional methods of encryption.
In a new post on the company’s Chromium blog, Devon O’Brien, Technical Program Manager, Chrome security, wrote that, “we are updating technical standards, testing and deploying new quantum-resistant algorithms, and working with the broader ecosystem to help ensure this effort is a success.”
Quantum computing is thought by some to be the next frontier, with theoretical processing speeds far exceeding that of even the most powerful supercomputers of today. And with that added power comes the ability to crack hitherto impervious encryption methods.
KEM
So, in an effort to sure-up encryption, Chrome will be supporting X25519Kyber768 “for establishing symmetric secrets in TLS,” once version 116 of the popular browser becomes available very soon, although it will also be, “available behind a flag in Chrome 115.”
This hybrid key exchange comprises X25519 and Kyber768. The former is already used today for key-agreement in TLS, whilst the latter is a a quantum-resistant Key Encapsulation Method (KEM). This cryptographic algorithm was selected as one of four such quantum-resistant encryption methods by the National Institute of Standards and Technology (NIST).
Google is rolling out this support in Chrome now so that it can detect any incompatibility issues well ahead of time, before quantum computers become useable outside of a lab.
O’Brien also said that, “Chrome may also use this updated key agreement when connecting to third-party server operators, such as Cloudflare, as they add support.” He also encouraged developers and admins to report any issues experienced with this change to its bug page.
O’Brien noted that quantum-resistant methods of encryption must protect against both quantum and traditional modes of attack, warning that several prominent candidates for quantum-resistant cryptographic algorithms have already been cracked on hardware readily available to attackers right now.
He added that the advantage of a hybrid method, such as X25519Kyber768, is that it offers, “flexibility to deploy and test new quantum-resistant algorithms while ensuring that connections are still protected by an existing secure algorithm.”
Even though O’Brien estimates that it will take somewhere between 5 to 50 years for quantum computers with encryption-cracking abilities to appear, he believes it is important to protect internet traffic now because data can be collected now and then decrypted once the technology arrives.
System administrators can disable X25519Kyber768 in chrome if their business has issues with network appliance incompatibility using the PostQuantumKeyAgreementEnabled enterprise policy in Chrome 116.
However, this will only be temporary fix, with O’Brien suggesting that administrators should, “work with the vendors of the affected products to ensure that bugs causing incompatibilities get fixed as soon as possible.”
The the X25519Kyber768 and the Kyber specifications may also change before release, “which may result in Chrome’s implementation changing as well.”
Services Marketplace – Listings, Bookings & Reviews