While quantum computing is still in its infancy, it has the possibility of solving problems — like secure digital communications — dramatically faster than current technology. In order to begin securing against future quantum computers, Google is experimenting with post-quantum cryptography connections to its websites.
Future quantum-based computers could “decrypt any internet communication that was recorded today, and many types of information need to remain confidential for decades.” To address this, post-quantum cryptography is the study of cryptographic primitives that remain secure against quantum computers.
While it’s not even certain that large scale computers will be built on the principles of quantum physics, Google notes that “even the possibility of a future quantum computer is something that we should be thinking about today.”
Starting today, Google is running an experiment where a small fraction of connections between desktop Chrome and its servers will use a post-quantum key-exchange algorithm. Those in Chrome Canary can check if they’re using the new algorithm by looking for CECPQ1 under the Key Exchange in the browser security panel.
In case the post-quantum algorithm is breakable by today’s computers, the connection still uses the HTTPS standard elliptic-curve key-exchange algorithm. According to Google’s blog post, user security will not be affected by this experiment.
Google hopes to gain real-world experience with the large data structures that post-quantum algorithms will likely require. But the company notes that it does not want to make the selected New Hope algorithm the de-facto standard. The experiment will be discontinued and replaced within two years.