September 16, 2024 at 12:29PM
Google is updating Chrome’s post-quantum cryptography to protect against TLS attacks using quantum computers and mitigate store-now-decrypt-later attacks by switching Kyber to Module Lattice Key Encapsulation Mechanism (ML-KEM). This strategic move to an approved mechanism resolves issues when transitioning to a NIST-approved system. The change will be implemented in Chrome 131 on November 6, 2024.
Based on the meeting notes, here are the clear takeaways:
1. Google is updating the post-quantum cryptography in the Chrome browser to protect against TLS attacks using quantum computers and to mitigate store-now-decrypt-later attacks.
2. The upcoming change will replace Kyber with a newer, slightly modified version called Module Lattice Key Encapsulation Mechanism (ML-KEM) for hybrid key exchanges.
3. This change is not related to previous problems and is a strategic choice to abandon an experimental system for a NIST-approved and fully standardized mechanism.
4. ML-KEM was fully endorsed by the U.S. National Institute of Standards and Technology (NIST) in mid-August.
5. Despite the technical changes from Kyber to ML-KEM being minor, the two are essentially incompatible, so a switch had to be made in the codepoint in TLS for hybrid post-quantum key exchange.
6. Google will abandon support for Kyber entirely due to the much larger data sizes involved in post-quantum cryptography compared to pre-quantum algorithms.
7. A proposed long-term solution is for servers to announce cryptographic algorithms they support via DNS, so the client uses the appropriate key from the start, avoiding extra round trips during the handshake.
8. The update is scheduled to be implemented in Chrome 131, which is set for release on November 6, 2024. Users of development channels like Chrome Canary, Beta, and Dev are expected to see ML-KEM support earlier.