It may well come as a surprise to you that Google has been experimenting with bringing post-quantum encryption to the Chrome desktop browser, but it’s a fact. Google announced that it was helping protect Chrome traffic at the transport layer security level back in August 2023. That was using a yet-to-be standardized algorithm called Kyber. Now members of the Chrome team have confirmed that, as from Chrome 131 coming November 6, the experiment is over and that post-quantum protection will be available to all browser users in the form of the fully standardized Module Lattice Key Encapsulation Mechanism. Here’s what you need to know.
A New Quantum Security Path For The Google Chrome Web Browser
In a Google security blog posting dated September 13, David Adrian, David Benjamin, Bob Beck & Devon O’Brien confirmed that the Chrome browser is heading down a new quantum security path. However, it’s more accurately a path that has had the builders in to lay a new tarmac top over the existing foundations. The non-standard, as defined by the U.S. National Institute of Standards and Technology, Kyber algorithm has now been tweaked and standardized at last. NIST said that it has “released a final set of encryption tools designed to withstand the attack of a quantum computer,” and is encouraging server admins to begin the transition as soon as possible.
Thanks to the minor technical changes made to the post-quantum algorithm Kyber, part of a hybrid key exchange also employing the pre-quantum X25519 algorithm, Google has implemented the new Kyber, now called the Module Lattice Key Encapsulation Mechanism, into its cryptography library, Boring SSL. This means that the standardized version can now be used across services depending upon this library for securing transport layer security. It also means that the new version of ML-KEM is no longer compatible with previously deployed versions of Kyber, so Google is having to make changes, coming in Chrome 131, to allow for this.
What Is Post-Quantum Cryptography And Why Does Chrome Need It?
The point of Transport Layer Security protocols in networking is to protect your data while it is in transit and also for website authentication to validate identity. The cryptographic part of this equation makes it harder for an attacker to intercept, access, or alter either of these properties. However, as Google points out, the evolution of quantum computers threatens to make such protections impotent. “Many types of asymmetric cryptography used today are considered strong against attacks using existing technology,” Google said, “but do not protect against attackers with a sufficiently-capable quantum computer.” Post-quantum cryptography, also referred to as quantum-resistant cryptography, is designed to protect against both quantum and classic attack methodologies.
As you might imagine, there are plenty of obstacles to overcome when thinking about implementing a post-quantum cryptography TLS solution. Google lists these primarily as:
- Post-quantum cryptography is too big to be able to offer two post-quantum key share predictions at the same time.
- The danger of regressing users’ post-quantum security, requiring the delay until Chrome 131 is available to make this change so give server admins a chance to update their implementations.
- Kyber was always experimental, continuing to support it risks ossification on non-standard algorithms.
“We’re excited to continue to improve security for Chrome users against both current and future computers,” Google said.
