Google Chrome Adopts ML-KEM for Post-Quantum Cryptography Defense. Here is a quick look at what this means.

Google has announced a significant update to its Chrome browser, transitioning from the KYBER encryption method to the new ML-KEM (Module-Lattice-based Key-Encapsulation Mechanism). This change aims to enhance security against the emerging threats posed by quantum computing. The update will be implemented in Chrome version 131, expected in November 2024.

Why the Switch to ML-KEM?

Quantum computing poses a substantial threat to current encryption methods. Traditional encryption algorithms, such as RSA and ECC, could be easily broken by quantum computers. To counter this, the National Institute of Standards and Technology (NIST) has been working on developing quantum-resistant algorithms. ML-KEM, derived from the CRYSTALS-KYBER KEM, is one of these new standards designed for secure key exchange.

The Transition Process

The transition to ML-KEM involves several steps. First, Google will replace the existing KYBER encryption with ML-KEM. This change will affect the hybrid key exchange mechanism used in Chrome. The new system will use the codepoint 0x11EC for ML-KEM768+X25519, replacing the old codepoint 0x6399 used for KYBER768+X25519.

Google’s team, including experts like David Adrian and Devon O’Brien, has confirmed that the browser will now support a hybrid key share prediction for ML-KEM. This update will also include the PostQuantumKeyAgreementEnabled flag and enterprise policy applicable to both KYBER and ML-KEM.

Implications for Users and Enterprises

The switch to ML-KEM means that the previously deployed version of KYBER will no longer be compatible. This incompatibility necessitates careful planning and implementation to ensure a smooth transition for users and enterprises. Google has provided ample time for server operators to update their implementations before the change takes effect.

Broader Industry Response

Google is not alone in preparing for a post-quantum future. Microsoft is also updating its SymCrypt cryptographic library to support ML-KEM and the eXtended Merkle Signature Scheme (XMSS). The transition to post-quantum cryptography is a complex, multi-year process that requires meticulous planning.

Security Concerns and Vulnerabilities

This announcement follows the discovery of a significant cryptographic flaw in Infineon security microcontrollers, which could allow attackers to extract private keys from YubiKey devices. Known as EUCLEAK (CVE-2024-45678), this flaw affects various YubiKey models and requires physical access to the device for exploitation. Yubico, the company behind YubiKey, has announced plans to phase out support for Infineon’s cryptographic library in favor of its own solutions.

Conclusion

As quantum computing technology continues to advance, the need for robust post-quantum cryptography becomes increasingly critical. Google’s decision to adopt ML-KEM in Chrome is a significant step towards securing systems against future quantum threats. This transition, while complex, is essential for maintaining the security and integrity of encrypted communications in the quantum era.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it