Google's Post-Quantum Upgrade Doesn't Mean We're All Protected Yet

Last year, the National Institute of Standards and Technology (NIST) began the process of standardizing the post-quantum cryptography (PQC) algorithms it selected — the final step before making these mathematical tools available so that organizations around the world can integrate them into their encryption infrastructure. Following this, the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and NIST released a joint report containing recommendations for organizations to develop a quantum-readiness roadmap and prepare for future implementation of the PQC standards.

But another story also nabbed the headlines: Google announced it was deploying a hybrid key encapsulation mechanism (KEM) to protect the sharing of encryption secrets during the establishment of secure Transport Layer Security protocol (TLS) network connections. Simply put, the world's most popular browser began the process of quantum-proofing a major part of the public Internet.

Google's announcement was the product of a long chain of events, triggered by NIST choosing Kyber as the candidate for general encryption last year. The NIST process has been ongoing since 2016, established in response to the growing threat a cryptographically relevant quantum computer (CRQC) poses. When a functioning CRQC emerges, the encryption we use widely to secure our Internet sessions will melt away.

As a result, Google has announced that it has added Kyber, beginning with version 116 of its Chrome browser. This was done through a bespoke implementation by Google within TLS, a widely used standard across Internet communications.

Further, Google's implementation of Kyber is hybrid, which means that traditional elliptic curve cryptography has also been left in place alongside Kyber, which helps mitigate risk and provide continued tried-and-tested protection from attacks that use today's classical computers. This step also ensures against someone managing to break the new Kyber algorithm.

Why You're Not Safe Yet

Google's action is significant in many respects: The world's largest Internet browser, used globally by online users everywhere, kick-started its migration to post-quantum cryptographic protection. This is a massive step in migration efforts that are already — if we take harvest now, decrypt later (HNDL) into consideration — behind schedule. But it's still going to be some time before we can truly say users are protected from a quantum attack.

First, Google appears to have upgraded the Chrome browser only on the client side. For any link to be quantum-safe, the server(s) in question also needs to be upgraded to Kyber, but Google doesn't appear to have done this for its own apps yet.

Adding to this is that the surface area we need to protect goes beyond just securing connections — we need to consider the apps beyond the Google environment. Every cloud application provider will also need to work on the server side to ensure that Chrome users can establish a secure connection with them using Kyber, which isn't going to happen anytime soon.

This all gets more complex when we consider that the TLS protocol, within which Google has added Kyber on a bespoke basis, is managed by the Internet Engineering Task Force (IETF). IETF hasn't yet ratified a standard way for companies to add post-quantum algorithms as part of TLS, which also needs to happen for any widespread adoption to take place.

The final caveat is that there is also the question of how communication links deeper behind the scenes, such as how data center to data center links are protected. It's no use securing user-to-application links if the data is harvested en masse as it moves between data centers. This will require a separate solution, such as the quantum-safe virtual private network that NATO uses.

What If You Can't Wait?

It's well documented now that HNDL attacks — where sensitive data with a long shelf life is being harvested by those intending to decrypt it once a sufficiently powerful quantum computer arrives — are already happening. For many, the above shopping list of caveats will not exactly be good news, and even more so for those needing to keep highly sensitive data secure for a long time. That is, mitigating steps need to come far sooner. You can't wait until the new post-quantum algorithms are integrated into shared, public infrastructure because you'll likely be waiting over a decade.

As a result, Google's news emphasizes the urgency for organizations to chart their own migration journeys, rather than waiting to be pushed by others. For example, rather than waiting for public infrastructure to be upgraded, set your sights on, for example, creating bespoke end-to-end infrastructure that's quantum-safe by design, where everything from your business processes to day-to-day internal communications are protected. That way you don't have to wait for others to upgrade or for algorithms to be approved. You can have the protection you need for the next 50 years — today.

The First-Mile/Last-Mile Problem Is Still There

Google's update doesn't relieve the pressure for a lot of people, but it's definitely a milestone if we look at it through the lens of a wider, public infrastructure upgrade. Post-quantum migration is a multiyear journey, and it may be completed only after a functioning CRQC comes into existence, which will be too late.

To borrow a well-worn phrase from the logistics and telecommunications worlds, we still have this first-mile/last-mile problem. While these sectors have perfected their efficiency and speed challenges to get their goods and services to the home, this is where things can go horribly wrong from an end-to-end cybersecurity perspective. For organizations that need the most urgent protection from the quantum threat, a bespoke approach is needed. And it's needed today.

A hybrid approach, where multiple post-quantum and traditional encryption algorithms are combined, offers truly interoperable public-key cryptography that is resistant to quantum and traditional threats. However, this work goes beyond simply deploying algorithms, and it can cause unintended consequences in terms of speed and new risks. An organization will only be truly quantum-safe when it's secure on an end-to-end basis. That means new approaches to identity, access management, and the human risks will all be essential.