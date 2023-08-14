Americas

Google readies Chrome for distant quantum attacks with new support
Google readies Chrome for distant quantum attacks with new support

News
Aug 14, 20233 mins
Browser SecurityEncryption

The new hybrid encryption mechanism will help shield TLS encryption keys from attackers who have a sufficiently capable quantum computer.

ChromeOS
Credit: JR Raphael, IDG

Google is taking a major step in making web browsing safe from future quantum computers by adding support for quantum-resistant encryption.

Dubbed X25519Kyber768, the new quantum-resistant cryptography will be a hybrid mechanism that combines the output of two cryptographic algorithms to encrypt Transport Layer Security (TLS) sessions -- X25519, an elliptic curve algorithm widely used for key agreement in TLS today, and Kyber-768, a quantum-resistant Key Encapsulation Method (KEM).

"Teams across Google are working hard to prepare the web for the migration to quantum-resistant cryptography," the company said in a blog post. "As a step down this path, Chrome will begin supporting X25519Kyber768."

The new hybrid encryption has been made available in Chrome 116, and behind a flag in Chrome 115.

Quantum scare pushing Kyber key

Networking protocols, such as TLS, use symmetric cryptography for several purposes, including confidentiality and authentication. Symmetric encryption involves using a single key to both encrypt and decrypt data. The secrecy of the encryption relies on keeping this key secret.

Despite the popularity of existing encryption techniques, there's a growing concern that quantum computers will be able to break at least some legacy encryption schemes.

Google's new approach is a fightback in that it is expected to contribute an extra quantum-resistant layer of encryption. It does so by encasing the X25519 keys with a quantum-resistant, Kyber-768 encapsulation layer.

Quantum-resistant cryptography (or post-quantum encryption) refers to the capability of an algorithm to remain secure even in the presence of powerful quantum computers.

Technique protects from pre-quantum threats

Although quantum computers that can break classical cryptography aren't expected 15-20 years from now, Google's attempt at protecting traffic with quantum-resistant tech is still relevant.

This is so because in what is called the "Harvest now and decrypt later" kind of attacks, certain uses of cryptography have been found to be vulnerable. This allows for data to be collected and stored today and later decrypted once cryptoanalysis improves.

"This Google’s announcement of shielding encryption keys in Chrome from quantum computers is very forward-looking," said Pareekh Jain, chief analyst at Pareekh Consulting. "Quantum computers' serious adoption is a few years away, but messages have a risk of getting stored now and decrypting later. To protect against this future threat, Google is launching support in Chrome."

"This is like future-proofing Chrome usage in enterprises and satisfying security concerns of CISOs proactively," Jain added.

Shweta Sharma is a senior journalist covering enterprise information security and digital ledger technologies for IDG's CSO Online, Computerworld, and other enterprise sites.

