Pricing

Chrome Leads in Post-Quantum Cryptography with Kyber

BY Mark Howell 24 May 20244 MINS READ
article cover

Chromium Blog: Advancing Our Amazing Bet on Asymmetric Cryptography

Today in Edworking News we want to talk about Chromium Blog Advancing Our Amazing Bet on Asymmetric Cryptography. Google and many other organizations, such as NIST, IETF, and NSA, believe that migrating to post-quantum cryptography is important due to the large risk posed by a cryptographically-relevant quantum computer (CRQC).

Introduction: The Challenge of Quantum Threats to Cryptography

Quantum Computing Threats

Google and notable organizations like NIST, IETF, and NSA emphasize the critical need for post-quantum cryptography (PQC) due to the risks posed by cryptographically-relevant quantum computers (CRQCs). These risks include `store-now-decrypt-later` attacks, where encrypted traffic stored today could be decrypted by future quantum computers, and impersonation attacks, where quantum computers could break current asymmetric cryptographic systems used for authentication in HTTPS.

Google's Strategic Initiatives

To address these threats, Chrome Security has been advancing its post-quantum cryptographic measures. In August, a new hybrid post-quantum cryptographic key exchange, Kyber (ML-KEM), was introduced. Recently, the latest draft specification for Kyber has been enabled by default for TLS 1.3 and QUIC on all desktop Chrome platforms as of Chrome 124. This rollout prompted fixes for several existing TLS middlebox product bugs, making Kyber's implementation more robust.

Description: Diagram illustrating hybrid cryptographic key exchanges in TLS protocol.

The Post-Quantum Cryptography Landscape

Post-quantum cryptography in the context of HTTPS focuses on:

  • Key Exchange: Making it quantum resistant to mitigate `store-now-decrypt-later` attacks.

  • Authentication: Transitioning asymmetric cryptography used for authentication to post-quantum variants.
    Initially, addressing quantum threats to current traffic is more urgent to mitigate store-now-decrypt-later attacks, while transitioning to post-quantum authentication can be phased since it affects future traffic only.

Challenges with Post-Quantum Cryptography

One prominent challenge with post-quantum cryptography is size:

  • Kyber key exchange: Increases size from 32 bytes (X25519) per peer to 1KB per peer, showing a 30x increase.

  • ML-DSA (Dilithium) keys and signatures: Increase the size by 40x compared to ECDSA keys and signatures, adding approximately 14KB per TLS handshake.


Edworking is the best and smartest decision for SMEs and startups to be more productive. Edworking is a FREE superapp of productivity that includes all you need for work powered by AI in the same superapp, connecting Task Management, Docs, Chat, Videocall, and File Management. Save money today by not paying for Slack, Trello, Dropbox, Zoom, and Notion.

Path to Agile Post-Quantum Web PKI

A more agile Web PKI is necessary to support a smoother, more reliable transition to post-quantum cryptography. Historically, the single-certificate deployment model has imposed significant constraints, causing long delays in past cryptographic transitions. Moving to a multi-certificate deployment model allows greater flexibility, where servers with multiple certificates can auto-select the correct one for different clients.

Developing Trust in a Post-Quantum World

The current PKI mechanisms, such as cross-signatures and signature algorithm negotiation, are not sufficient for true trust anchor agility. Chrome proposed Trust Expressions at the November 2023 IETF meeting in Prague as a mechanism to support trust anchor negotiation in TLS effectively. This proposal, currently seeking community input, aims to enable clean deployment of multiple certificates across a range of clients.

Experimentation and Agility

Experimentation is essential for evolving post-quantum authentication mechanisms. Agility allows for using different solutions based on context, avoiding unnecessary data transmission for the lowest-common denominator clients. Solutions like Merkle Tree Certificates and intermediate elision require clients to be up-to-date.

Conclusion

Both Google and the broader community expect a gradual transition to post-quantum cryptography. The immediate focus on agility over standardization facilitates handling the complexities of migrating to secure post-quantum authentication methods. By incorporating mechanisms for trust anchor agility, the web can become more secure, robust, and ready for quantum-resilient encryption.
Remember these 3 key ideas for your startup:

  1. Stay Ahead of Security Threats: Implement modern cryptographic standards like Kyber in your systems to safeguard against future quantum threats. Continuous updates ensure protection against adversaries leveraging stored encrypted data.

  2. Adopt Agile Solutions: Embrace multi-certificate models to increase flexibility and compatibility with various client updates. This adaptability is crucial for maintaining robust security standards within dynamic web environments.

  3. Invest in Trust Anchors: Explore mechanisms like Trust Expressions to negotiate trust anchors effectively, ensuring seamless transitions to post-quantum authentication methods without compromising on security or performance.
    For startups and SMEs aiming to maintain a secure web presence, keeping abreast of these developments and adapting to new standards is essential for sustaining reliability and protecting user data.
    For more details, see the original source.

article cover
About the Author: Mark Howell Linkedin

Mark Howell is a talented content writer for Edworking's blog, consistently producing high-quality articles on a daily basis. As a Sales Representative, he brings a unique perspective to his writing, providing valuable insights and actionable advice for readers in the education industry. With a keen eye for detail and a passion for sharing knowledge, Mark is an indispensable member of the Edworking team. His expertise in task management ensures that he is always on top of his assignments and meets strict deadlines. Furthermore, Mark's skills in project management enable him to collaborate effectively with colleagues, contributing to the team's overall success and growth. As a reliable and diligent professional, Mark Howell continues to elevate Edworking's blog and brand with his well-researched and engaging content.

Trendy NewsSee All Articles
CoverEdit PDFs Securely & Freely: Breeze PDF In-Browser SolutionBreeze PDF is a free, offline browser-based PDF editor ensuring privacy. It offers text, image, and signature additions, form fields, merging, page deletion, and password protection without uploads.
BY Mark Howell 15 days ago
CoverDecoding R1: The Future of AI Reasoning ModelsR1 is an affordable, open-source AI model emphasizing reasoning, enabling innovation and efficiency, while influencing AI advancements and geopolitical dynamics.
BY Mark Howell 26 January 2025
CoverSteam Brick: A Minimalist Gaming Console Redefines PortabilitySteam Brick: A modified, screenless Steam Deck for travel, focusing on portability by using external displays and inputs. A creative yet impractical DIY project with potential risks.
BY Mark Howell 26 January 2025
CoverVisual Prompt Injections: Essential Guide for StartupsThe Beginner's Guide to Visual Prompt Injections explores vulnerabilities in AI models like GPT-4V, highlighting security risks for startups and offering strategies to mitigate potential data compromises.
BY Mark Howell 13 November 2024
CoverGraph-Based AI: Pioneering Future Innovation PathwaysGraph-based AI, developed by MIT's Markus J. Buehler, bridges unrelated fields, revealing shared complexity patterns, accelerating innovation by uncovering novel ideas and designs, fostering unprecedented growth opportunities.
BY Mark Howell 13 November 2024
CoverRevolutionary Image Protection: Watermark Anything with Localized MessagesWatermark Anything enables embedding multiple localized watermarks in images, balancing imperceptibility and robustness. It uses Python, PyTorch, and CUDA, with COCO dataset, under CC-BY-NC license.
BY Mark Howell 13 November 2024
CoverJungle Music's Role in Shaping 90s Video Game SoundtracksJungle music in the 90s revolutionized video game soundtracks, enhancing fast-paced gameplay on PlayStation and Nintendo 64, and fostering a cultural revolution through its energetic beats and immersive experiences.
BY Mark Howell 13 November 2024
CoverMastering Probability-Generating Functions: A Guide for EntrepreneursProbability-generating functions (pgfs) are mathematical tools used in probability theory for data analysis, risk management, and predictive modeling, crucial for startups and SMEs in strategic decision-making.
BY Mark Howell 31 October 2024
Try EdworkingA new way to work from  anywhere, for everyone for Free!
Sign up Now