Google today announced that it has begun to deploy a new type of cryptography in its Chrome Canary browser that’s designed to prevent decryption attacks by quantum computers.
Unlike classical computers that deal in bits, quantum computers work with quantum bits, or qubits, each of which can be zero or one or both. The superposition of qubits let machines run lots of computations simultaneously, making a quantum computer highly desirable for certain workloads. Presumably one of those workloads could be breaking encryption, and so some researchers have come up with ways to potentially combat such attacks. For instance, a few academics last year produced NewHope, an implementation of Peikert’s ring-learning-with-errors-based (Ring-LWE) key-exchange protocol that works with OpenSSL.
Google chose to experiment with this technology in addition to the existing elliptic-curve algorithm for some of its websites, Google software engineer Matt Braithwaite wrote in a blog post.
“The post-quantum algorithm might turn out to be breakable even with today’s computers, in which case the elliptic-curve algorithm will still provide the best security that today’s technology can offer,” Braithwaite wrote. “Alternatively, if the post-quantum algorithm turns out to be secure then it’ll protect the connection even against a future, quantum computer.”
The work is relevant considering that the U.S. Navy and defense contractor Lockheed Martin have both worked with independent company D-Wave on quantum computing. Meanwhile, Google has been pursuing development of quantum computing infrastructure, as have IBM and Microsoft, among others.
Google won’t leave this implementation in Chrome Canary for longer than two years; after that, the company could put something better in place.
“We explicitly do not wish to make our selected post-quantum algorithm a de-facto standard,” Braithwaite wrote.
If you use Chrome Canary, you can see if Google is testing the cryptography on a connection to a given page by opening the Inspect tool (command/control + shift + I) and going to the Security section. The telltale sign is the code CECPQ1 in the key exchange section, Braithwaite wrote.