Anticipating the development of large quantum computers that could theoretically break the security protocol behind HTTPS, Google announced Thursday that it's experimenting with post-quantum cryptography in Chrome. The company is adding a post-quantum key-exchange algorithm to a small fraction of connections between desktop Chrome and Google's servers, Google software engineer Matt Braithwaite explained. The post-quantum algorithm will be added on top of the existing, elliptic-curve key-exchange algorithm that's typically used, ensuring the same level of security for users. The experiment is currently enabled in Chrome Canary, and users can look for it by opening the Security Panel under Developer Tools and looking for "CECPQ1." The experiment should give Google real-world experience with the larger data structures that post-quantum algorithms will likely require, Braithwaite wrote, while putting the spotlight on an important area of research.
Google announced Thursday that it is experimenting with post-quantum cryptography with Chrome that it hopes will prevent quantum hacking. The new style of encryption key is already being tested alongside current security measures over a small number of connections between Chrome and Google's servers. According to a blog post written by Google's software engineer Matt Braithwaite, the key if successful should stand up to future large quantum computers. Quantum computers, which use certain aspects of quantum physics, are capable of solving problems much faster than our present-day binary computers. These computers can also easily crack our current secure digital connections.
Few of us give much thought to the tiny padlock symbol that appears in our web browsers every time we use an e-commerce site, send and receive emails, or check our bank or credit card accounts. But it's a signal that the online services are using HTTPS, a web protocol that encrypts the data we send across the internet and the responses we receive. This and other forms of encryption protect all kinds of electronic communications, as well as things like passwords, digital signatures, and health records.
The majority (71%) of global organizations view quantum computers as a major security threat, a DigiCert report found. With quantum computing being such a new concept, these threats haven't become widespread yet, but are expected to within the next three years. DigiCert's 2019 Post-Quantum Crypto Survey report, conducted by ReRez Research, surveyed 400 enterprise organizations in the US, Germany, and Japan. Despite the impressive capabilities quantum computing promises, 95% of respondents said they are discussing at least one tactic for protecting themselves against the dangers of quantum computing. SEE: Quantum computing: An insider's guide (free PDF) (TechRepublic) Quantum computers, which are still in the early stages of development, could potentially be able to process and solve massive computational problems that exceed the capabilities of current supercomputers.
Quantum computing provides the processing hardware necessary to run Shor's Algorithm at scale and perform even the most difficult underlying math problems very efficiently. Quantum also offers the power to identify secret cryptographic keys in an extremely efficient way. This could potentially expose businesses to threat actors globally--and all at once. This disruption eclipses the diligent planning and deep investment that went into Y2K preparations. It is an immense, high-impact event that will override existing cryptography methods and make current infrastructure and application protections irrelevant.