The encryption methods used to secure today's Internet communications won't be impenetrable forever. More powerful "quantum computers" on the horizon could very well crack them. That's why Google is testing out new cryptography that computers in the future might not be able to break. The processing power offered by "hypothetical, future" quantum computers could be enough to "decrypt any internet communication that was recorded today," wrote Matt Braithwaite, a Google software engineer in a company blog post on Thursday. This could affect the Transport Layer Security (TLS) protocol used when visiting websites.
Google announced Thursday that it is experimenting with post-quantum cryptography with Chrome that it hopes will prevent quantum hacking. The new style of encryption key is already being tested alongside current security measures over a small number of connections between Chrome and Google's servers. According to a blog post written by Google's software engineer Matt Braithwaite, the key if successful should stand up to future large quantum computers. Quantum computers, which use certain aspects of quantum physics, are capable of solving problems much faster than our present-day binary computers. These computers can also easily crack our current secure digital connections.
For years, experts have warned users to use secure browser communications whenever possible. If you visit a site and the URL in your browser's address bar starts with "https://", you know the communication between your computer and the server is encrypted. But that encryption, according to Google, has a potential weakness. If quantum computers get sufficiently powerful in the future, they could be used to break TLS, the cryptographic protocol that's one of the foundations of HTTPS. Worse, a future quantum computer might be able to retroactively decrypt today's internet communications.
Anticipating the development of large quantum computers that could theoretically break the security protocol behind HTTPS, Google announced Thursday that it's experimenting with post-quantum cryptography in Chrome. The company is adding a post-quantum key-exchange algorithm to a small fraction of connections between desktop Chrome and Google's servers, Google software engineer Matt Braithwaite explained. The post-quantum algorithm will be added on top of the existing, elliptic-curve key-exchange algorithm that's typically used, ensuring the same level of security for users. The experiment is currently enabled in Chrome Canary, and users can look for it by opening the Security Panel under Developer Tools and looking for "CECPQ1." The experiment should give Google real-world experience with the larger data structures that post-quantum algorithms will likely require, Braithwaite wrote, while putting the spotlight on an important area of research.
If quantum computing ever lives up to its promise (and that's still a big'if' at this stage), somebody could use this technology to retroactively break any communications that were encrypted with today's standard encryption algorithms. To guard against this, Google today announced that it will now start experimenting using post-quantum algorithms to encrypt the connections between the experimental Canary version of Chrome and some of its services. To be clear, this is only an experiment for now and only a small number of connections between the browser and Google's servers will use this new algorithm. The idea here, though, is to bring this idea to the forefront now and "gain real-world experience with the larger data structures that post-quantum algorithms will likely require," as Google engineer Matt Braithwaite writes in today's announcement. Few people fully understand quantum computing, let alone quantum cryptography.