Few of us give much thought to the tiny padlock symbol that appears in our web browsers every time we use an e-commerce site, send and receive emails, or check our bank or credit card accounts. But it's a signal that the online services are using HTTPS, a web protocol that encrypts the data we send across the internet and the responses we receive. This and other forms of encryption protect all kinds of electronic communications, as well as things like passwords, digital signatures, and health records.
Quantum computing provides the processing hardware necessary to run Shor's Algorithm at scale and perform even the most difficult underlying math problems very efficiently. Quantum also offers the power to identify secret cryptographic keys in an extremely efficient way. This could potentially expose businesses to threat actors globally--and all at once. This disruption eclipses the diligent planning and deep investment that went into Y2K preparations. It is an immense, high-impact event that will override existing cryptography methods and make current infrastructure and application protections irrelevant.
Anticipating the development of large quantum computers that could theoretically break the security protocol behind HTTPS, Google announced Thursday that it's experimenting with post-quantum cryptography in Chrome. The company is adding a post-quantum key-exchange algorithm to a small fraction of connections between desktop Chrome and Google's servers, Google software engineer Matt Braithwaite explained. The post-quantum algorithm will be added on top of the existing, elliptic-curve key-exchange algorithm that's typically used, ensuring the same level of security for users. The experiment is currently enabled in Chrome Canary, and users can look for it by opening the Security Panel under Developer Tools and looking for "CECPQ1." The experiment should give Google real-world experience with the larger data structures that post-quantum algorithms will likely require, Braithwaite wrote, while putting the spotlight on an important area of research.
For years, experts have warned users to use secure browser communications whenever possible. If you visit a site and the URL in your browser's address bar starts with "https://", you know the communication between your computer and the server is encrypted. But that encryption, according to Google, has a potential weakness. If quantum computers get sufficiently powerful in the future, they could be used to break TLS, the cryptographic protocol that's one of the foundations of HTTPS. Worse, a future quantum computer might be able to retroactively decrypt today's internet communications.