In order to prepare network traffic for possible decryption using quantum technology, Google has already started to introduce a new form of encryption.

Quantum technology seems to be a distant future for the time being, but it is currently developing at a rapid pace. In order to prevent possible decryption by quantum computers, Google is already working on encryption that must be resistant to this.

What

Starting with Chrome 116, the browser supports X25519Kyber768, a hybrid KEM (key encapsulation mechanism) that combines two forms of encryption:

• X25519 – an elliptic curve algorithm currently commonly used with the TLS encryption protocol (transport-layer security)
• Kyber-768 – a quantum-resistant KEM that even won an award from the US National Institute of Standards & Technology for general encryption in PQC (Post-quantum cryptography)

Mission

The new encryption will be rolled out in Chrome and on Google’s servers to check for possible compatibility issues. This is done via the protocols TCP (transmission control protocol) and QUIC (no acronym).

Google may also use this encryption when connecting to third party servers such as Cloudflare where supported. Google will then ask developers and administrators to report any issues with this change to them.

Why

We measure the strength of cryptography by how difficult it is for attackers to crack. Your options are constantly growing, so encryption must also keep getting better.

Security experts are particularly concerned about developments towards and away from quantum computers. These new computers will be able to do (mathematical) tasks that are currently unthinkable, but the technology can advance quickly. Current forms of encryption are strong for what’s possible now, but they won’t cope with these superior quantum computers.

New forms of encryption must withstand both current systems and quantum technology. That’s why Google chooses the hybrid X25519Kyber768. This allows the tech giant to test how this encryption holds up against new or future technologies without becoming vulnerable to current threats. In addition, this new system must also be suitable for use on commercial hardware.

If quantum technology is still a thing of the future, why invest so much in new security? First of all, it never hurts to be prepared, but there is a current threat that will only materialize in the future. After all, cyber criminals engineered the attack Harvest now, decode later, where already highly protected data is stolen only to decrypt the more complex encryption if they have the technology to do so. This can be important for personal information or military data, for example.

Google emphasizes that both the X25519Kyber768 and its specifications are still in the final design phase. The end result may still differ from what the company has now, and therefore the implementation in Chrome may change as well.

Last week, Google already announced that it would increase security updates for Chrome from 116. Another recent security and Chrome news is the browser’s compatibility with Apple’s iCloud passwords.