Post-Quantum Cryptography: Regulations and Advancements
The finalized standards for post-quantum cryptography (PQC) recently issued by the National Institute of Standards and Technology (NIST) cover public key encapsulation and two variants of digital signatures. A significant milestone in standards development has been achieved after being underway since 2016, ensuring the security and confidentiality of information on the Internet in the years to follow.
Below is a concise overview of PQC, Google’s utilization of PQC, and how other entities can embrace these new regulations. For additional information on PQC and Google’s involvement in the standardization process, you can refer to the 2022 post by Cloud CISO Phil Venables.
Understanding PQC
The encryption plays a pivotal role in maintaining confidentiality and security on the Internet. Currently, most Internet sessions on modern browsers are encrypted to prevent data eavesdropping or manipulation during transit. Digital signatures are also crucial for fostering online trust, whether it’s for code signing to attest to the integrity of programs or for establishing online identity validation.
While modern encryption technologies are secure due to the extensive computing power required to decipher them, it’s essential to realize that this advantage won’t endure indefinitely. Although practical large-scale quantum computers are still several years away, computer scientists have long been aware that a cryptographically significant quantum computer (CRQC) could potentially infiltrate existing forms of asymmetric key cryptography.
PQC endeavors to mitigate this risk by outlining standards and cooperatively deploying new algorithms that can withstand attacks from both classical and quantum computers.
Adopting post-quantum cryptography does not necessitate the possession of a quantum computer or any prior readiness. All the standards unveiled by NIST operate on the conventional computers that are presently in use.
Assessing Encryption Vulnerabilities
Despite the nonexistence of a CRQC at present, data and devices from our time will still have relevance in the future. Some risks are already apparent:
- Data Storage – Through a tactic known as Store Now, Decrypt Later, encrypted data obtained and stored by malicious actors can be preserved for subsequent decryption with the aid of yet-to-be-developed quantum computers
- Hardware Products – Defenders must ensure that adversaries in the future are unable to falsify a digital signature and insert compromised firmware or software updates into pre-quantum devices that are still in operation
For further insights into CRQC-related risks, please refer to our PQC Threat Model post.
Preparing Organizations for PQC Transitions
Switching to new cryptographic algorithms typically entails a gradual process, even when vulnerabilities arise in extensively used cryptographic systems. This is primarily due to the organizational and logistical complexities involved in entirely transitioning to new technologies. For instance, NIST deprecated SHA-1 hashing algorithms in 2011 and recommends their complete phasing out by 2030.
Therefore, it is imperative to take proactive measures now to enhance organizational readiness, irrespective of PQC, with the objective of streamlining the transition to PQC down the line.
These best practices of crypto agility can be implemented at any time:
- Cryptographic Asset Inventory – Understanding the locations and purposes of cryptography within organizations involves identifying the cryptographic algorithms in use and, crucially, securely managing key materials
- Key Updates – Any new cryptographic system will demand the capability to generate fresh keys and incorporate them into production without incurring service disruptions. Just as the testing of backup recoveries is vital, regularly testing key updates should form part of a robust resilience strategy
- Abstraction Layers – To transition between cryptographic algorithms seamlessly without extensive code rewrites, tools like Tink, Google’s cross-platform open source library for multiple languages can be utilized, ensuring safe and effortless cryptographic utilization even for non-specialists
- End-to-End Testing – PQC algorithms possess distinct characteristics, notably larger public keys, ciphertexts, and signatures. It’s crucial to verify the proper functioning of all layers of the infrastructure
Our 2022 paper “Transitioning organizations to post-quantum cryptography” provides additional recommendations on organizational preparedness, while this recent post on the Google Security Blog offers a deeper dive into cryptographic agility and key updates.
Google’s PQC Initiatives
Google acknowledges and addresses these risks earnestly by undertaking various measures. Google initiated PQC testing in Chrome in 2016 and has been leveraging PQC for safeguarding internal communications since 2022, as detailed in this post. In May 2024, Chrome enabled ML-KEM by default for TLS 1.3 and QUIC on desktop. ML-KEM is also active on Google servers. Currently, experimental protection using post-quantum key exchange is established for connections between Chrome Desktop and Google products such as Cloud Console or Gmail.
Google engineers have contributed to the standards released by NIST and also to the ISO-produced standards. They have submitted Internet Drafts to the IETF concerning Trust Expressions, Merkle Tree Certificates, and state management for hash-based signatures. Google’s open-source library Tink already offers experimental PQC algorithms in C++. Our engineers are collaborating with partners to develop formally verified PQC implementations for use within Google and beyond.
As Google progresses with its PQC transition, continual updates on PQC will be provided for Google services, with forthcoming updates expected from Android, Chrome, Cloud, and other services.
About Author
