Google Testing Post-Quantum Cryptography in Chrome

google chrome security update

Google has announced its first venture into post-quantum cryptography with the use of a post-quantum key-exchange algorithm in the Canary test build of the Chrome browser.

Plenty has been speculated since the Snowden documents were made public about the NSA’s interest in building a quantum computer that could break current encryption securing communication worldwide.

Quantum computing on a practical scale is a distant goal, but some do exist that leverage some aspects of quantum physics and small numbers of quantum bits.

Google has decided to try its hand at getting ahead of the problem. On Thursday, it announced that it was kicking off an experiment in the Canary test build of Chrome where a small percentage of connections between the browser and Google’s servers will be secured using a post-quantum key-exchange algorithm in addition to Chrome’s typical elliptic-curve key exchange algorithm.

Google’s venture into post-quantum cryptography, if successful, could be the start of a cryptographic success story for decades to come.

“The post-quantum algorithm might turn out to be breakable even with today’s computers, in which case the elliptic-curve algorithm will still provide the best security that today’s technology can offer,” Google software engineer Matt Braithwaite said in making the announcement. “Alternatively, if the post-quantum algorithm turns out to be secure then it’ll protect the connection even against a future, quantum computer.”

The experiment will hinge on the New Hope post-quantum algorithm developed by Erdem Alkim, Léo Ducas, Thomas Pöppelmann and Peter Schwabe. New Hope was described in a paper prepared for the 2015 IEEE Security and Privacy conference and according to the researchers, more than doubles the security parameters involved, while cutting into performance degradation and speeding up computing. New Hope builds on research developed by Joppe Bos, Craig Costello, Michael Naehrig and Douglas Stebila.

Google said it plans to run its experiment for no more than two years, “hopefully replacing it with something better,” Braithwaite said.

In 2014, the Washington Post disclosed a document provided them by whistleblower Edward Snowden entitled “Penetrating Hard Targets” that describes an $80 million NSA program to build a quantum computer that would be used to break strong encryption. The article puts the NSA’s efforts on par with labs sponsored by the European Union and Swiss government.

“A hypothetical, future quantum computer would be able to retrospectively decrypt any internet communication that was recorded today, and many types of information need to remain confidential for decades,” Braithwaite wrote. “Thus even the possibility of a future quantum computer is something that we should be thinking about today.”

Google said Canary users can check the Security Panel in Chrome and look for “CECPQ1” in the key exchange to determine whether the experiment is enabled.

Suggested articles