Google last week announced an experiment with post-quantum cryptography in Chrome. A small fraction of connections between Google's servers and Chrome on the desktop will use a post-quantum key-exchange algorithm in addition to the elliptic-curve key-exchange algorithm already being used. The idea is that large quantum computers -- if and when they're built -- might be able to break current security algorithms retroactively, so it would be wise to develop algorithmic proof against such cracking efforts. The experiment employs the New Hope algorithm, which Google considered the most promising post-quantum key-exchange among those it investigated last year. Its aim is to gain real-world experience with the larger data structures post-quantum algorithms likely will require. Layering the post-quantum algorithm on top of the existing algorithm allows the experiment to proceed without affecting user security, Google said. Google pledged to discontinue the experiment within two years, emphasizing that it did not want to establish its selected post-quantum algorithm as a de facto standard.
Digging Deeper
"Google's investigating the quantum computing resistance of New Hope for a robust key exchange algorithm," noted Rod Schultz, VP of product at Rubicon Labs. Its announcement "doesn't herald anything new, but it goes further to confirm that quantum computing-resistant algorithms will provide significant competitive advantage for anyone who has the IP for them," he told TechNewsWorld. "You can view this investigation as [one] in Google's core competency, and also as a hedge and insurance policy around the catastrophic impact to encryption that quantum computing is predicted to have," Schultz suggested. The experiment might be putting the cart before the horse, however. "I doubt that we can develop a defense that works before we actually have quantum computers, because there's no way to actually test something against a platform that doesn't exist," observed Rob Enderle, principal analyst at the Enderle Group. "Still, this approach could be better than existing methods, making it worthwhile to attempt," he told TechNewsWorld.
The Quantum Computing Arms Race
There will be a "frantic superpower race to build a quantum computer," predicted Rubicon's Schultz. A bulked-up QC "could undermine the very foundation of modern security by breaking what were once considered unbreakable asymmetric keys in just minutes," he warned. There will be a rush to harness this power, if it's even possible, Schultz said, followed by "an attempt to lock down the knowledge to those who the world thinks will be responsible with this knowledge." Post-quantum cryptography is of interest to pretty much everyone on both sides of the law. "Cybercriminals and government-sponsored organizations are looking at this technology too," observed Jim McGregor, a principal analyst at Tirias Research. "No one in the industry believes that any software solution is unbreakable," he told TechNewsWorld.
Interest in Post-Quantum Crypto
Cryptographers for years have been interested in post-quantum crypto. The seventh international conference focusing on the topic took place in Fukuoka, Japan, earlier this year. The United States National Security Agency early this year published a FAQ on implementing post-quantum crypto. The U.S. National Institute of Standards and Technology this spring published a report on post-quantum crypto, and announced an open collaboration program with the public to develop and vet post-quantum crypto algorithms. Building on years of research, Microsoft this spring established the Lattice Cryptography Library. IBM this spring made quantum computing available to select members of the public with the IBM Quantum Experience.
Feasibility of Deployment
"Gaining access to powerful computing resources is not difficult anymore," Rubicon's Schultz remarked. "The bigger challenge will be in updating the current technology that's prolific today with QC-resistant technology. It will only take a single quantum computer in the hands of the wrong person to destroy the foundation of encryption today." Rolling out post-quantum crypto technology "will likely be coordinated with advancements in the systems used within the data centers," Tirias' MacGregor suggested. "It shouldn't be cost-prohibitive, but widespread usage could take many years."
I upvoted you.