Google is Preparing Chrome for future wave of quantum attacks
On the 7th, Wired reported that Google pushed a Chrome update to a very small number of users that included a new form of encryption alongside the current elliptic curve factorization. Even though only a small users are going to be able to test out this encryption, it points to a new wave of cybersecurity. Wired calls it “preparations to head off a potentially disastrous but still-distant quantum cryptopocalypse” and I think this hit the nail on the head.
Cybersecurity, for the longest time, has been a perpetual cat-and-mouse game between encryption experts and hackers. The news, almost daily, is littered with articles referencing either a new security breach or a security exploit patch. There’s no end in site for complete protection because there will always be individuals trying to bypass what security measures may be in place. For now, the current limitations of how far hardware is capable of going to break encryption is not much of a mystery. While hardware keeps improving in terms of speed and efficiency, the ability to run through any Public-key cryptography that utilizes integer factorization remains almost entirely non-existent. Quantum computing will change everything. If you don’t want to read about the inner workings of quantum computing and encryption, skip to the fifth paragraph.
Public-key encryption – basically the gold standard of current encryption – utilizes an integer factorization. In Chrome, this integer factorization is, in a sense, generated by algorithms rely on the algebraic structure of elliptic curves over finite fields. This specific blend of integer factorization is appropriately called elliptic curve cryptography. In an effort to determine just how safe this encryption is, researchers in 2009 conducted a study where they determined that it would take 200 modern computers nearly 2000 years to be successful. Obviously this makes current public-key encryption basically bulletproof.
Quantum computing, though, is an entirely different story. Running through a 400 character code, with the right algorithm, would only take seconds. A key factor, though, is that they would need the correct algorithm which may or may not be difficult to implement. However, it’s been a growing security concern for major organizations, including both the NSA and the focus of this article, Google. In a brief summary of quantum computing, one should know that our modern computers work in bits that are represented by either a one or zero. True or false. And only one state is permitted per instance. Quantum computers are on a level of their own; they utilize quantum bits, dubbed “qubits.” These qubits are almost infinitely more complex; they can be both the zero, the one, or any quantum superposition of those two states. This sequence continues as two qubits can be quantum superpositions of 4 states, and three can be in a superposition of 8 states. The absurdity just continues like so.
The fear of what quantum computing would do to modern encryption is shared by anyone who is seriously concerned with security, especially organizations that deal with billions of people. Google is obviously one of those organizations and, as such, has been deeply involved in the forefront of quantum computing. In 2013, Google and NASA worked with D-Wave to be one of the first to receive the a “quantum computer.” Although it wasn’t a true quantum computer in the literal interpretation, D-Wave’s statistics on the machine are still hugely impressive. The 1,097 qubits in the D-Wave machine were not completely strung together like a true quantum computer would, but in our current day and age, the machine might as well be considered one. Regardless of qubit stringing, this has helped push Google to focus on a wave, sometime in the future, of quantum attacks.
Adam Langley, a Google security engineer is in agreement when he gives a statement regarding the update:
“The reason we’re doing this experiment is because the possibility that large quantum computers could be built in the future is not zero. We shouldn’t panic about it, but it could happen.” “Ring Learning With Errors could turn out to be complete rubbish, and breaking it could be horribly easy even with existing computers, so we’re using both [systems together] and mixing the answers so you’d have to break both.”
He also points out that one of the largest concerns is that uncrackable data and information will be captured and stored now, only to be completely broken into when quantum computers become a reality. The protocol that Google is testing to prevent this from being an issue, he says, is called Ring Learning With Errors or Ring-LWE. No non-quantum computer should be near capable of cracking it and security researchers are tentatively betting it will throw quantum computers for a loop.
As Google runs this two-year project, Langley says he wants researchers tp be able to find exploits and contribute to the testing. He hopes RLWE fails so that Google is able to see where the problem existed. This encourages security experts worldwide to be excited that world of digital security may be prepared for quantum computers. Cybersecurity, as we know it, is going to completely change and the best chance we have at not being completely exploited is to be one step ahead of the threats. Hopefully other companies that have our private information take the initiative that Google is showing and start security research with the future in mind. Only time will tell.