Google's bold Move to PQC
In a bold move, Google Chrome announced it is switching to PQC in Chome131 : https://www.dhirubhai.net/pulse/google-chrome-version-131-switching-nist-approved-f1obe/
I was surprised, because IETF did not approve RFCs yet: https://wiki.ietf.org/group/sec/PQCAgility and using non-standard implementations come with the risk of compatibility issues and concerns about the security posture of such implementations.
In a blog post, Google explained: "The changes to the final version of ML-KEM make it incompatible with the previously deployed version of Kyber. We do not want to regress any clients’ post-quantum security, so we are waiting until Chrome 131 to make this change, giving server operators time to update their implementations."
Google's move could make sense from a SW development perspective as prolific use of PQC may cause unexpected hiccups on server side and finding things early enhances our understanding. In other words, this move helps to mature TLS implementations.
On the flip side, such move is questionable from a security perspective. The final version of ML-KEM is quite recent and one could ask why the predecessor, which was vetted for a long time, turned out not to be final? Also, communication standards in form of IETF RFCs are not final either. They may be in an advanced stage but that doesn't mean they are immutable. Protocol implementation come with their own set of vulnerabilities. Here is an example:
On 30 December 2023, Daniel J. Bernstein posted a demo exploiting KyberSlash1 to often recover Kyber's complete secret key from dec timings of the end-of-November-2023 Kyber reference code running under Raspbian (gcc 8.3.0) on a Raspberry Pi 2. This demo succeeded twice in three experiments.
Google's move move to enable ML-KEM in Chrome provides the world with a useful tool to experiment how the use of PQC affects implementation and communication parameters such as memory consumption, CPU cycles, communication overhead and latency. Users valuing security may be better off to wait before jumping on the bandwagon and consider their options.
My 2c
Co-founder and CSO at Quantum Bridge
6 个月A new era of quantum-safe security has come. I very much hope and think that my contributions to DSKE, as well as QKD,will be key contributions to it.
Group VP AI Driven Enterprise-MIST @ Juniper Networks | Investor| Start up Mentor| Board Member
6 个月Incredible progresses in post-quantum cybersecurity.