Google reports the company is already using post-quantum cryptography — PQC — security techniques to ward off steal-now-decrypt-later hacks, according to a post on the Google Cloud blog.
The post, written by Google Senior Cryptography Engineers Stefan Kölbl, Rafael Misoczki and Sophie Schmieg, who are members of the ISE Crypto PQC working group, reports that Google Cloud has enabled an algorithms on Google’s internal internal encryption-in-transit protocol, Application Layer Transport Security — ALTS — protocol, which insures that communication on the company’s internal infrastructure is authenticated and encrypted
The team wrote: “Widely-deployed and vetted public key cryptography algorithms (such as RSA and Elliptic Curve Cryptography) are efficient and secure against today’s adversaries. However, as Google Cloud CISO Phil Venables wrote in July, we expect large-scale quantum computers to completely break these algorithms in the future. The cryptographic community already has developed several alternatives to these algorithms, commonly referred to as post-quantum cryptography (PQC), that we expect will be able to resist quantum computer-driven attacks.”
They say this is necessary for two reasons:
- An attacker might store encrypted data today, and decrypt it when they gain access to a quantum computer (also known as the store-now-decrypt-later attack).
- Product lifetime might overlap with the arrival of quantum computers, and it will be difficult to update systems.
Google’s algorithm of choice is the NTRU-HRSS KEM algorithm, considered one of the more conservative algorithms. They picked the algorithm because of its high performance and because it is a well-known, well-vetted scheme.
According to the team, they are designing a hybrid approach.
“The post-quantum cryptography migration brings unique challenges in scale, scope, and technical complexity which have not been attempted before in the industry, and therefore require additional care,” the team writes. “That’s why we are deploying NTRU-HRSS in ALTS using the hybrid approach. By hybrid we mean combining two schemes into a single mechanism in such a way that an adversary interested in breaking the mechanism needs to break both underlying schemes. Our choice for this setup was: NTRU-HRSS and X25519, thus matching the insightful choice of our Google Chrome 2018’s CECPQ2 experiment and allowing us to reuse BoringSSL’s CECPQ2 implementation.”
Because quantum cryptography is an emerging field and the technologies — as well as threats — are rapidly evolving, Google will continue to explore PQC and develop solutions.
According to the post: “We continue to actively participate in the Post-Quantum Cryptography standardization efforts: Googlers co-authored one of the signature schemes selected for standardization (SPHINCS+), and two proposals currently considered by NIST in the fourth round of their PQC KEM competition (BIKE and Classic McEliece). We may re-evaluate our algorithmic choices when Kyber’s IP status is clarified, and when these fourth round selected standards are published.”