Monthly Archives: July 2016

Last week, Google revealed that it would be experimenting with post-quantum cryptography in its browser, Google Chrome. The experiment will allow for a small proportion of connections between Google’s servers and Chrome on the desktop to use a post-quantum key-exchange algorithm as well as the elliptic-curve key-exchange algorithm that is already in wide use.

qcThe fundamental concept driving the experiment is that large quantum computers, which threaten to encompass a total revolution in computing history, may be able to break currently used security algorithms. The tech mogul’s philosophy is to be ready for these hacking attempts before quantum computers are built or propagated widely.

Google’s experiment utilizes an algorithm called New Hope. Google considers it the post-quantum key-exchange with the most potential after having investigated a variety of options over the past year. Google hopes to allow for its best engineers to gain real-world experience with the larger data structures that will likely be required given that post-quantum algorithms become more widespread.

According to Google, the company’s decision to layer the post-quantum algorithm over the existing algorithm will allow for the company to conduct its experiment without affecting its users’ security. The company also pledged that it would stop its experiment after collecting information for two years as it does not intend to make its post-quantum algorithm the standard.

“Google’s investigating the quantum computing resistance of New Hope for a robust key exchange algorithm,” explained VP of product at Rubicon Labs Rod Schultz. While the company’s announcement “doesn’t herald anything new,” “it goes further to confirm that quantum computing-resistant algorithms will provide significant competitive advantage for anyone who has the IP for them.”

“You can view this investigation as [one] in Google’s core competency,” Schultz continued,” and also as a hedge and insurance policy around the catastrophic impact to encryption that quantum computing is predicted to have.”

Rob Enderle, principal analyst at the Enderle Group, as usual chimed in on the phenomenon:

“I doubt that we can develop a defense that works before we actually have quantum computers, because there’s no way to actually test something against a platform that doesn’t exist… Still, this approach could be better than existing methods, making it worthwhile to attempt.”

Jim McGregor, principal analyst at Tirias Research, stated that “Cybercriminals and government-sponsored organizations are looking at this technology too.”

“No one in the industry believes that any software solution is unbreakable,” he concluded.

titanPost-quantum cryptography has been of interest to cryptographers for years. In fact, the seventh annual international conference for post-quantum cryptography took place in Fukuoka, Japan just a few months ago. The United States’ NSA has published information on the subject, and the United States National Institute of Standards and Technology published a report on post-quantum cryptography just last spring. Along with the report, the agency stated that it would be in open collaboration with the public to develop and vet post-quantum crypto algorithms.

“Gaining access to powerful computing resources is not difficult anymore,” stated Schultz. “The bigger challenge will be in updating the current technology that’s prolific today with QC-resistant technology. It will only take a single quantum computer in the hands of the wrong person to destroy the foundation of encryption today.”

-->