Google Introduces Chrome Quantum Attack Protection

Hybrid post-quantum algorithm X25519Kyber768 aims to prevent harvest now, decrypt later hacks
John Potter
John Potter

August 16, 2023

Google logo
Google aims to make its Chrome browser secure from quantum attacks.Google

Google has introduced quantum-resistant encryption to its Chrome web browser, starting with version 116, which was released yesterday.

Chrome security manager Devon O'Brien said in a blog that starting August 15 the browser would integrate support for X25519Kyber768. This security upgrade aims to protect web browsing against potential threats from future quantum computers.

Awkwardly named X25519Kyber768, this advanced quantum-resistant cryptography is a hybrid solution. It melds the two cryptographic algorithms: X25519, a prevalent elliptic curve algorithm used in today's transport layer security (TLS) key agreements, and Kyber-768, a cutting-edge quantum-resistant key encapsulation method (KEM). The innovative hybrid encryption is now accessible in Chrome 116 and is also available, albeit behind a flag, in Chrome 115. 

Quantum-resistant cryptography must protect against both quantum and conventional cryptanalytic attack approaches. In practice, during 2022 and 2023, various top contenders

for quantum-resistant cryptographic algorithms were compromised using affordable, off-the-shelf hardware. According to Google, hybrid solutions like X25519Kyber768 offer the adaptability to roll out and evaluate fresh quantum-resistant algorithms while securing connections with a proven algorithm.

Beyond these factors, these algorithms must also deliver optimal performance on standard commercial hardware, adding another dimension to this intricate issue.

Harvest Now, Decrypt Later

Google says its proactive approach to future-proofing Chrome is already addressing the security concerns of professionals.

“It’s believed that quantum computers that can break modern classical cryptography won't arrive for five, 10, possibly even 50 years from now, so why is it important to start protecting traffic today?" said O'Brien.

"The answer is that certain uses of cryptography are vulnerable to a type of attack called harvest now, decrypt later, in which data is collected and stored today and later decrypted once cryptanalysis improves.”

In TLS, while the symmetric encryption algorithms safeguarding data during transmission are deemed secure against quantum cryptanalysis, the method of generating these symmetric keys isn't. Since this vulnerability exists in Chrome, the company is expediting the update of TLS to incorporate quantum-resistant session keys that will accelerate the protection of user network traffic against prospective quantum cryptanalysis.

Read more about:

Enter Quantum Newsletter

To get the latest quantum computing news, advice and insight, sign up to our newsletter

This site uses cookies to provide you with the best user experience possible. By using Quantum Business News, you accept our use of cookies.