Google and Cloudflare are working together to explore how post-quantum algorithms beat HTTPS connectivity in practice. Cloudflare’s servers and Google’s Chrome browser will use two algorithms that are considered promising candidates for future encryption standards.
As a post-quantum cryptography encryption and signature methods are referred to, in which it is assumed that they can not be attacked by quantum computers. So far, quantum computers that can crack encryption methods exist only in theory. But that could change in the future – and then all public-key methods used today, such as RSA or elliptic curve-based methods, would be uncertain.
Connections slowed down for unclear reasons
Google was already experimenting with post-quantum methods. There were no major issues, however, Google developer Adam Langley reported that in some cases compounds were slowed unexpectedly strong. Cloudflare and Google hope to better understand and analyze such and other issues with the large-scale experiment that has just begun.
The algorithms HRSS-SXY and SIKE are to be used. The algorithm HRSS-SXY is a variant of the Ntru encryption system and belongs to the so-called grid-based encryption methods. SIKE, in turn, is based on supersingular isogenies over elliptic curves. The latter are considered particularly experimental, and only a few years ago this form of mathematical constructions was used for cryptographic methods.
Both methods have advantages and disadvantages. HRSS-SXY is comparatively fast, but the public keys and encrypted data are each more than one kilobyte in size. For comparison: The largest conventional encryption method with similar properties has been either RSA or Diffie-Hellman with 4096 bits – which corresponds to 512 bytes, which is almost half.
SIKE, on the other hand, uses a lot less data: 330 bytes for a public key and 346 bytes for the encrypted data. It is much slower for that. Encryption is 300 times slower than HRSS-SXY, and decryption is 100 times slower. However, there is hope that the gap will be smaller in the future due to improvements in the calculation algorithms.
Combination with elliptic curves
Both algorithms are not yet part of the official TLS standard, but TLS generally foresees that experimental additional algorithms can be used. The new algorithms should not be used alone, they are combined with the X25519 key exchange based on elliptic curves. The advantage: Even if the new algorithms prove to be insecure, there is still the security of the proven elliptic curves.
Specifically, the experiment should run in such a way that the cloudflare servers support both algorithms. Chrome will randomly offer one of the two algorithms for connections. In addition, Chrome will continue to offer classic algorithms, so that in any case a connection comes about. Generally, the new algorithms are only supported with TLS 1.3. Cloudflare will collect data about the connections and hopes to better analyze problems.
Not only Google and Cloudflare are preparing for the future of post-quantum cryptography. The US standardization agency Nist is currently conducting a competition to standardize post-quantum algorithms. SIKE and a slightly different version of HRSS are both part of the competition.