By Tom Brant
Google engineers are concerned that the advanced cryptography capabilities of future quantum computers will make it laughably easy to break even the most secure encryption available today. So they’re working on modifications to the Chrome browser that will use so-called post-quantum algorithms to try and stump code breakers of the future.
If you’re a little fuzzy on the intersection between quantum computing, cryptography, and encryption, PCMag recently visited the Los Alamos National Laboratory in New Mexico to get some real quantum computing engineers to explain the basics.
Essentially, Los Alamos engineers are betting that quantum cryptography could confound modern spies by placing encrypted data inside an indivisible photon. According to Google, it could just as easily crack today’s HTTPS encryption.
“[A] hypothetical, future quantum computer would be able to retrospectively decrypt any Internet communication that was recorded today, and many types of information need to remain confidential for decades,” Google engineer Matt Braithwaite explained in a blog post. “Thus even the possibility of a future quantum computer is something that we should be thinking about today.”
Enter post-quantum cryptography in Chrome. It’s an experiment that enables a small fraction of connections between desktop Chrome browsers and Google’s servers to use post-quantum encryption key exchanges on top of the usual HTTPS encryption method, known as an elliptic-curve key exchange algorithm.
Of course, quantum computers are mostly a future dream (though IBM says it is on the cusp of building one), so it will be hard for Google to measure the success of its experiment.
“The post-quantum algorithm might turn out to be breakable even with today’s computers, in which case the elliptic-curve algorithm will still provide the best security that today’s technology can offer,” Braithwaite wrote. “Alternatively, if the post-quantum algorithm turns out to be secure then it’ll protect the connection even against a future, quantum computer.”
The post-quantum algorithms are currently running in the experimental Canary version of Chrome; you can tell whether it’s being used by opening the security panel and looking for “CECPQ1,” Google says.
But don’t expect them to stick around.
“We explicitly do not wish to make our selected post-quantum algorithm a de-facto standard,” Braithwaite wrote. “To this end we plan to discontinue this experiment within two years, hopefully by replacing it with something better.”