Google is working on safeguarding Chrome against the potential threat of quantum computers, the company announced today. It's doing so by implementing post-quantum cryptography in an experimental version of the browser. While there exist hardware defenses against the vastly superior computing power of quantum machines, Google is using a new so-called post-quantum key-exchange algorithm. This software, called the New Hope algorithm, is enabled in Chrome Canary, a kind of testing ground for new browser technology, on only a small number of connections between the browser and Google servers.
Although quantum computers of this variety are only small and experimental at this stage, Google is taking precautions for the worst case scenario. "While they will, no doubt, be of huge benefit in some areas of study, some of the problems that they [quantum computers] are effective at solving are the ones that we use to secure digital communications," writes Matt Braithwaite, a Google software engineer, in a blog post. "Specifically, if large quantum computers can be built then they may be able to break the asymmetric cryptographic primitives that are currently used in TLS, the security protocol behind HTTPS." In other words, quantum computers could undermine the security of the entire internet.
Quantum computers put all encrypted internet communication at risk
Quantum computers promise computational power far exceeding today's standards by taking advantage of the underpinning physics discipline. So the presence of a hypothetical future quantum computer, Braithwaite adds, puts at risk any and all encrypted internet communication past or present. It's unclear how secure New Hope will prove to be for Chrome, and Braithwaite admits it could be less secure than its existing encryption. But Google says New Hope — developed by researchers Erdem Alkim, Léo Ducas, Thomas Pöppelmann and Peter Schwabe — was the most promising of all post-quantum key-exchange software it looked into last year.
Google plans to discontinue the project within two years
The plan is not to create a standard for others to adopt, but to gather information and experience on how to deploy post-quantum cryptography. So Google will discontinue the use of New Hope within two years, hopefully by replacing it with something better, the company says.
Canary users can check if the algorithm is being used on certain domains by opening up Google's Security Panel developer tool and looking for "CECPQ1" under the key exchange row.