Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116

Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116.

“Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115,” Devon O’Brien said in a post published Thursday.

Kyber was chosen by the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) as the candidate for general encryption in a bid to tackle future cyber attacks posed by the advent of quantum computing. Kyber-768 is roughly the security equivalent of AES-192.

The encryption algorithm has already been adopted by Cloudflare, Amazon Web Services, and IBM.

X25519Kyber768 is a hybrid algorithm that combines the output of X25519, an elliptic curve algorithm widely used for key agreement in TLS, and Kyber-768 to create a strong session key to encrypt TLS connections.

“Hybrid mechanisms such as X25519Kyber768 provide the flexibility to deploy and test new quantum-resistant algorithms while ensuring that connections are still protected by an existing secure algorithm,” O’Brien explained.

While it’s expected to take several years, possibly even decades, for quantum computers to pose severe risks, certain kinds of encryption are susceptible to an attack called “harvest now, decrypt later” (aka retrospective decryption) in which data that’s encrypted today is harvested by threat actors in hopes of decrypting it later when cryptanalysis becomes easier due to technological breakthroughs.

This is where quantum computers come in, as they are capable of efficiently performing certain computations in a manner that can trivially defeat existing cryptographic implementations.

“In TLS, even though the symmetric encryption algorithms that protect the data in transit are considered safe against quantum cryptanalysis, the way that the symmetric keys are created is not,” O’Brien said.

“This means that in Chrome, the sooner we can update TLS to use quantum-resistant session keys, the sooner we can protect user network traffic against future quantum cryptanalysis.”

Enterprises that face network appliance incompatibility issues following the rollout are advised to disable X25519Kyber768 in Chrome using the PostQuantumKeyAgreementEnabled enterprise policy, which is available starting in Chrome 116, as a temporary measure.

The development comes as Google said it’s changing the release cadence of Chrome security updates from bi-weekly to weekly to minimize the attack window and address the growing patch gap problem that allows threat actors more time to weaponize published n-day and zero-day flaws.

“Bad actors could possibly take advantage of the visibility into these fixes and develop exploits to apply against browser users who haven’t yet received the fix,” Amy Ressler from the Chrome Security Team said. “That’s why we believe it’s really important to ship security fixes as soon as possible, to minimize this ‘patch gap.'”