Chrome to adopt NIST-approved post quantum encryption on desktop

The switch is set to be enforced with the Chrome 131 update

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Google is set to upgrade its post-quantum encryption protection on itsweb browserdesktop with the new Chrome 131 release.

This comes as the National Institute of Standards and Technology (NIST)officially releasedthe first three quantum-resistant approved algorithms on August 13, 2024. The Tech giant first introduced hybrid quantum-safe encryption back in April based on the experimental Kyber TLS key exchange system and has now decided to switch to the new ML-KEM standard.

While the full implementation of quantum computing being a ways off still – experts estimate Q-day to happen between five and 10 years for now – it’s just a matter of time before current encryption methods become obsolete. Hackers know that and they’ve already begun executing what’s known as “store now, decrypt later (SNDL) attacks.” This is why it is crucial for all software providers using encryption to kick off the post-quantum transition as soon as possible.

Switching to the ML-KEM algorithm

After over a decade of testing more than 80 algorithms, NIST released the first three quantum-resistant encryption standards last month which are designed for specific tasks.

The Module Lattice Key Encapsulation Mechanism (ML-KEM) is the primary standard for cryptographic key exchanges. This is essentially the process of protecting the exchange of information across a public network like in the case of web browsers or thebest VPNapps. The ML-KEM algorithm is based on what was previously known as CRYSTALS-Kyber, exactly what Chrome adopted back in April.

As Google explains in ablog post: “The changes to the final version of ML-KEM make it incompatible with the previously deployed version of Kyber.

“We do not want to regress any clients’ post-quantum security, so we are waiting until Chrome 131 to make this change so that server operators have a chance to update their implementations.”

Why do we need post-quantum encryption?

For the less techy out there,encryptionis the process of scrambling data into an unreadable form to make sure that only the sender and receiver can access the information.

For instance, today’sVPN protocolsoften leverage RSA-based key exchanges to ensure only you and your receiver can encrypt and decrypt the information. Web browsers likeGoogle Chromeuse a similar methods based onTLSkey exchange to secure your data in transit.

As mentioned earlier, today’s encryption is set to eventually lose its effectiveness due to quantum computers’s ability to process computations that stump current machines, within minutes. If you want some more technical details on how quantum computing breaks encryption, I suggest you watch the explainer below from Veritasium:

The biggest takeaway here is that the cryptographic world must get ready to fight back against new security threats coming from a mass adoption of quantum computers.

The NIST standardized algorithms come, in fact, with instructions on how to implement them and their intended uses to better support developers to embark on their PQ transition.

At the time of writing, just a handful of VPN providers have already embraced thenew era of VPN security, while more companies are working to upgrade their protections. Secure messaging appSignal also added post-quantumencryption last September. On July 2023,secure emailprovider Tuta (formerly known as Tutanota) also shared its plans to bringpost-quantum cryptography to the cloudwith its PQDrive project.

We expect more and more developers to join the PQ revolution. As experts atNIST pointed out, in fact, “full integration will take time.”

Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up.She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to chiara.castro@futurenet.com

Undermining your privacy? Session says no and leaves Australia

Are online dating and data privacy an incompatible match?

England vs Australia live stream: how to watch 2024 rugby union Autumn International online from anywhere