Google’s Chrome browser is taking a significant step toward future-proofing its security. To better protect against quantum computer-based attacks, the tech giant is updating its post-quantum cryptography.
In a move that mirrors advancements in the field, Google is transitioning from the Kyber algorithm to a newer, more standardized one called Module Lattice Key Encapsulation Mechanism (ML-KEM). This shift comes just five months after the initial rollout of post-quantum secure TLS key encapsulation.
While the technical changes between Kyber and ML-KEM might seem minor, they’re significant enough to necessitate a complete switch. ML-KEM, endorsed by the U.S. National Institute of Standards and Technology (NIST), offers a more robust and standardized approach to post-quantum cryptography.
From Kyber to ML-KEM
The transition to ML-KEM is not a reaction to any early issues encountered with Kyber. Instead, it’s a strategic decision to align with the latest industry standards and ensure the highest level of security for Chrome users.
One of the primary reasons for the switch is the increased data size associated with post-quantum algorithms. Kyber-based key exchanges can be quite bulky, potentially impacting network performance. ML-KEM, while also larger than traditional pre-quantum algorithms, offers a more efficient balance between security and performance.
To facilitate a smooth transition, Google recommends that server operators temporarily support both Kyber and ML-KEM. This allows for broader client compatibility and ensures that users with older Chrome versions can still benefit from post-quantum security.
However, the long-term goal is for all stakeholders to adopt ML-KEM as the standard. To streamline this process, a proposed solution involves servers announcing their supported cryptographic algorithms via DNS. This allows clients to use the appropriate key from the start, avoiding unnecessary round trips during the handshake.
The update to ML-KEM is scheduled for Chrome 131, which is expected to be released on November 6, 2024. Users of Chrome’s development channels, such as Canary, Beta, and Dev, can expect to see ML-KEM support earlier.