Google Chrome 116 plans to have Quantum-Resistant Encryption in collaboration with Kyber

Google has revealed its intentions to introduce support for encryption algorithms resistant to quantum computing in its Chrome browser, starting with version 116.

According to Devon O’Brien, “This shift will involve Chrome adopting X25519 Kyber 768 to establish secure secrets using TLS. This will commence with Chrome 116 and will be accessible behind a flag in Chrome 115.”

3/ Devon O'Brien, Technical Program Manager, Chrome security said: It is important to start protecting traffic today because a type of attack called Harvest Now, Decrypt Later, in which data is collected and stored today and later decrypted once cryptanalysis improves.

— QANplatform (@QANplatform) August 14, 2023

Kyber, endorsed by the U.S. Department of Commerce’s NIST, is a choice to enhance encryption and prepare for future cyber threats posed by quantum computing. Kyber-768, similar in security to AES-192, is already used by Amazon Web Services, IBM, and Cloudflare.

“Our post-quantum cryptography program has leveraged the top minds in cryptography — worldwide — to produce this first group of quantum-resistant algorithms that will lead to a standard and significantly increase the security of our digital information.” —NIST Director Laurie E. Locascio.”

What is X25519Kyber768?

X25519Kyber768 is a hybrid solution combining X25519, an elliptic curve algorithm commonly employed for key agreement in TLS, and Kyber-768. This hybrid method crafts robust session keys for encrypting TLS connections.

Devon O’Brien clarified that such hybrid mechanisms, like X25519Kyber768, ensure new quantum-resistant algorithms can be tested while existing connections remain secure.

Is there a matter of concern?

Although the significant risk from quantum computers is expected to emerge over several years, encryption is exposed to attacks like “harvest now, decrypt later,” where encrypted data gathered today is aimed to be decrypted later using technological advancements.

This is where quantum computers come into play, as their capabilities can potentially undermine existing cryptographic systems.

Devon O’Brien highlighted that while symmetric encryption algorithms safeguard data in transit, creating symmetric keys is vulnerable. Chrome aims to update TLS quickly with quantum-resistant session keys to protect user network traffic in the future.

What’s the plan next?

For organizations encountering network appliance compatibility issues, a temporary solution is to disable X25519Kyber768 in Chrome using the PostQuantumKeyAgreementEnabled enterprise policy, available from Chrome 116 onwards.

This development coincides with Google’s decision to transition from bi-weekly to weekly security updates for Chrome. This shift aims to narrow the window for attacks and counter the patch gap problem, where threat actors exploit the time lag between patch releases and their applications.

Furthermore, Google’s move to enforce default key pinning in Chrome 106 for Android is an additional layer of defense against certificate authority (CA) breaches, enhancing your security.

Next move

Google’s proactive move to embrace quantum-resistant encryption algorithms in Chrome version 116 is a testament to the ever-evolving nature of cybersecurity. The shift towards safeguarding against potential quantum threats reminds us that while we fight against today’s challenges, we must also anticipate tomorrow’s unforeseen challenges. 

💡Soft reminder: Our actions today shape the digital landscapes of the future!