Google Testing Post-Quantum Cryptography For Chrome

Although quantum computers are largely in the experimental phase, Google has started testing cryptography to protect against hackers in the post-quantum era.



8 Reasons You Need A Security Penetration Test (Click image for larger view and slideshow.)

Google is testing out post-quantum cryptography in a move to guard against hackers who may one day use quantum computers to break the security protocol used in HTTPS.

Although quantum computers are still small and experimental, Google is looking down the road to a time when quantum computers could be used to break the asymmetric cryptographic primitives that are used in TLS, which when used to secure HTTP constitutes the HTTPS protocol. Cryptographic primitives that can stay secure against quantum computers are known collectively as post-quantum cryptography.

"A hypothetical, future quantum computer would be able to retrospectively decrypt any Internet communication that was recorded today, and many types of information need to remain confidential for decades. Thus even the possibility of a future quantum computer is something that we should be thinking about today," Matt Braithwaite, a Google software engineer, said in a Google Security blog.

In an effort to guard against those potential hacks in the future, Google is now testing out post-quantum cryptography.

The test involves using the current encryption algorithm, an elliptic-curve key-exchange, which is used in Google's desktop Chrome browsers and a second, and experimental, post-quantum key-exchange algorithm.

Google notes that by layering the experimental algorithm over the existing one, if the experiment fails, the older algorithm will still be in place to provide security.

"Alternatively, if the post-quantum algorithm turns out to be secure then it'll protect the connection even against a future quantum computer," Braithwaite said.

Quantum computers are designed to leverage certain aspects of quantum physics to solve problems much faster than a traditional computer. The quantum computers used today are experimental and only use a small number of quantum bits (qubits). Google, with its D-Wave computer, which it operates with NASA, is working on developing a computer that can accommodate a larger number of qubits. Microsoft, IBM, Intel and others are also working on developing larger quantum computers.

Google's D-Wave computer can combine the benefits of digital and analog systems for quantum computing. The digital approach provides robust error correction, however it requires custom algorithms, whereas the analog method can be generalized and deal with various algorithms in an easier fashion. But analog quantum computing is limited by errors accumulating in the system and other factors.

[Read Spy Agencies Fund IBM's Quantum Computing Research.]

Google is calling its quantum security experiment Chrome Canary. Users curious to know whether it's in use in their browser can check the Chrome menu and go to "developer tools." On the left-hand side, under "Main Origin," users can click on the developers.google.com link. Then, on the right-hand side in the box marked "Connection," users should find the word "Key Exchange" and see if it says "CECPQ1." The CECPQ1 indicates that Google domain is conducting the test.

However, Google notes that not all of its domains have enabled the experiment, and that even those that have done so may experience a fading in and out of the experiment if issues are found.

"Our aims with this experiment are to highlight an area of research that Google believes to be important and to gain real-world experience with the larger data structures that post-quantum algorithms will likely require," Braithwaite said.

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.