Quantum Computers Create A Need For New Cryptography Methods.
A few months ago, Chrome began a real-world experiment testing post-quantum cryptography. The experiment involved shipping a new TLS key-agreement method, which was designed to stand up to quantum computers.
The new key-agreement method combined a post-quantum algorithm named “New Hope” with an elliptic curve known as X25519. The resulting combination was named “CECPQ1,” which stands for Combined Elliptic Curve + Post-Quantum 1.
This week, Adam Langley, an engineer working on Chrome, shared an update on the experiment’s progress.
The experiment had two goals: to raise awareness (within the field of cryptography) about a specific type of mathematical problem that poses a risk to post-quantum cryptography, and to get real-world data on using post-quantum cryptography. On both counts, the experiment has been successful.
On both counts, the experiment has been successful.
The real-world telemetry that Chrome collected showed that CECPQ1 performed surprisingly well. Despite being a larger key-agreement method, in terms of bit-size, there was not a notable decrease in performance.
”The median connection latency only increased by a millisecond, the latency for the slowest 5% increased by 20ms and, for the slowest 1%, by 150ms…the data requirement of NewHope is moderately expensive for people on slower connections.”
The TLS protocol is notorious for having interoperability problems with specialized hardware and software (like enterprise devices) which don’t fully (or correctly) implement the protocol. But Google did not find any evidence that middleboxes – devices which filter, inspect, or modify packets – were not playing nice with CECPQ1.
Google originally planned to run this experiment for up to two years, but as a result of collecting what it needed, Chrome is now ending the experiment in a forthcoming version of Chrome, just five months later. There was also hesitation to keep CECPQ1 around too long because, as Langley puts it, Google does “not want to promote CECPQ1 as a de-facto standard.”
Post-quantum cryptography is a developing field creating cryptographic algorithms and systems that can remain secure against quantum computers, which have the potential to solve mathematical problems relied upon by ‘traditional’ cryptography hundreds of times faster than today’s computers.
Quantum computers will likely not be a legitimate threat for nearly two decades, but taking the lead on post-quantum cryptography is still important. These systems will one day protect billions of connections and highly-sensitive data, so it’s not something you want thrown together at the last minute.
If you are interested in the threat of quantum computers against traditional cryptography, we covered the basics when Google first launched its experiment.