Google is experimenting with post-quantum crypto for TLS


#1

When powerful quantum-computers will be possible in the future they will also able to break RSA, Diffie-Hellman and elliptical curves and can even decrypt traffic recorded right in the past (i.e. now e.g.). Therefore there is a need for post-quantum cryptography.

There is still much need for scientific research in this topic, but Google has already began implementing a key exchange, which may be secure against quantum attacks. It’s name is “New Hope”.
As the key exchange may be weaker than though and may turn out to be breakable by current computers Google combines it with a X25519 key exchange, to protect users. They call this hybrid mode CECPQ1 and it is currently implemented BoringSSL and used in Chrome Canary.

BTW also Tor is discussing the use of CECPQ1.

More information:


There is also German article: http://www.golem.de/news/new-hope-google-testet-post-quanten-algorithmus-1607-121989.html


#2

Sounds like an interesting idea, especially the implementation of and fallback to X25519. Are there known patches for CECPQ1 for OpenSSL?

BTW, your link to the googleblog.com article contains an unsecure image, hence this page gets a security warning.


#3

Google implemented it in BoringSSL here. Not sure if that patch can easily be merged in OpenSSL or whether BoringSSL diverged too much for that to work without a lot of extra work.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.