News

# Google Experiments with Post-Quantum Cryptographic Algorithms in Chrome

July 22, 2016 by Donald Krambeck

## Google is experimenting with new post-quantum cryptography— can they prevent quantum computers from cracking modern encryption techniques?

Google is experimenting with new post-quantum cryptography— can they prevent quantum computers from cracking modern encryption techniques?

Cryptography is the study and art of codebreaking, originating millennia ago in the encryption of messages. In modern terms, however, it has a much different connotation.

In the Age of Information, cryptography represents the struggle to share or store data without leaving it vulnerable to infiltration. This data could be health records, banking information, digitalized intellectual property such as music, classified government files, or even simply the lock on a smartphone.

Up until now, cryptography has relied on creating codes with such high levels of computational hardness that it is functionally impossible to break. Even though the code, itself, is capable of being broken, it is simply too complicated for even advanced computers to break.

That is, until the advent of quantum computers.

### What are quantum computers capable of?

Quantum computers are capable of much more than our average classical computers, but only in a few aspects.

For example, a quantum computer utilizes the physics of quantum mechanics to solve strenuous problems with numerous variables. Please refer to my article on the fundamentals of quantum computing for a fuller explanation of how practical quantum computers are, as well as how they read data.

Briefly put, a classical computer codes data into binary bits that are either a "0" or a "1". By contrast, a quantum computer uses quantum bits (or "qubits") that can be "0" and "1" at the same time. Below is a representation of how a classical and quantum computer reads and outputs data, respectively.

##### Image courtesy of the California Institute of Technology (PDF).

The main difference between the two is their massive parallelism. Parallelism essentially means that if you take a problem and divide it properly, the quantum computer will be able to work on each of the divided parts simultaneously. A classical computer would need to work on the divided parts linearly, in sequence.

Questions or problems that relate to weather, aerodynamics, or even logistics could be solved much faster than on a single-processor, classical computer. We won't go into much more detail in this article because of the complexity of the subject.

### Google Investigates the Limitations of Quantum Computers

With all of this said, the question is now: What can't quantum computers do?

This is exactly what Google is curious about and is delving into.

With such extraordinary computing power, a quantum supercomputer could help us solve many issues in math and science.

But such a computer also poses a rather large threat when it comes to cryptography: Any program that uses encryption algorithms to provide safety for its users could theoretically be cracked by a quantum computer.

Google posted this article on their blog on July 7th. In it, they express concern over the possible applications quantum computers could have when it comes to data encryption. They also warn that a sufficiently advanced quantum computer, even one created decades from now, would be able to retroactively decrypt information being exchanged today.

Google is experimenting with post-quantum cryptography in their web browser, Chrome. Essentially, post-quantum cryptography is the art of creating cryptographic algorithms that, as of today, are said to be secure against an attack from a quantum computer such as the D-Wave 2X.

Google is experimenting by utilizing a portion of their connections between the desktop version of Chrome and Google's data servers. Between the connections, a cryptographic algorithm is being used. This means that there's a (relatively small) chance that connections you are using in Chrome are testing a post-quantum algorithm. It's worth noting, however, that this algorithm is being layered overtop of Google's pre-existing security algorithm so that testing can be done with the assurance of complete security for users.

You can tell if the algorithm is presently being tested if you check the dev tool, Security Panel, and look for the key exchange "CECPQ1".

##### An example of the algorithm being used in GooglePlay. Image courtesy of the Google Security Blog.

The algorithm that Google is using for these tests was developed by Erdem Alkim, Léo Ducas, Thomas Pöppelmann, and Peter Schwabe. They named it "New Hope".

The experiment is taking place in Google's Chrome Canary channel. Referring to a "canary in the coal mine", the name "Canary" reflects the channel's purpose: It was built for developers to test the most recent updates for Chrome with the goal of determining which updates could be harmful to their overall browser. If an update sends Canary down, they know that the update should not be used for Chrome overall. This isolated environment is the ideal place for Google's experiments with post-quantum cryptography.

Today's advancements in quantum technologies are still far from being able to break encryption algorithms and decode data from secured servers. There is likely a good deal of time before this technology is created, manufactured, and available in the consumer market. Hopefully, within that time engineers will be able to develop a strong line of defense against this new generation of cryptographical dangers.