Google Shifts to ML-KEM for Post-Quantum TLS Security

Total
0
Shares
Google Chrome for Windows 11

Google’s Chrome browser is taking a significant step toward future-proofing its security. To better protect against quantum computer-based attacks, the tech giant is updating its post-quantum cryptography.

In a move that mirrors advancements in the field, Google is transitioning from the Kyber algorithm to a newer, more standardized one called Module Lattice Key Encapsulation Mechanism (ML-KEM). This shift comes just five months after the initial rollout of post-quantum secure TLS key encapsulation.

While the technical changes between Kyber and ML-KEM might seem minor, they’re significant enough to necessitate a complete switch. ML-KEM, endorsed by the U.S. National Institute of Standards and Technology (NIST), offers a more robust and standardized approach to post-quantum cryptography.

From Kyber to ML-KEM

The transition to ML-KEM is not a reaction to any early issues encountered with Kyber. Instead, it’s a strategic decision to align with the latest industry standards and ensure the highest level of security for Chrome users.

One of the primary reasons for the switch is the increased data size associated with post-quantum algorithms. Kyber-based key exchanges can be quite bulky, potentially impacting network performance. ML-KEM, while also larger than traditional pre-quantum algorithms, offers a more efficient balance between security and performance.

To facilitate a smooth transition, Google recommends that server operators temporarily support both Kyber and ML-KEM. This allows for broader client compatibility and ensures that users with older Chrome versions can still benefit from post-quantum security.

However, the long-term goal is for all stakeholders to adopt ML-KEM as the standard. To streamline this process, a proposed solution involves servers announcing their supported cryptographic algorithms via DNS. This allows clients to use the appropriate key from the start, avoiding unnecessary round trips during the handshake.

The update to ML-KEM is scheduled for Chrome 131, which is expected to be released on November 6, 2024. Users of Chrome’s development channels, such as Canary, Beta, and Dev, can expect to see ML-KEM support earlier.

Join Our Newsletter
Get weekly access to our best recipes, kitchen tips, and updates.
Leave a Reply
You May Also Like