Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
The outdated Kyber algorithm is giving way to advanced security technologies.
Google has announced important changes in the field of post-quantum cryptography that will affect the Chrome browser. The company has previously experimented with a hybrid key exchange that combines the outdated X25519 algorithm and the post-quantum Kyber algorithm. This experiment reached 100% of Chrome users on desktop devices, although the Kyber algorithm was not complete and standardized at the time.
Now Kyber has passed the final stages of standardization, received minor technical changes and a new name - the mechanism for encapsulating the keys of modular lattices (ML-KEM). Google has already implemented this algorithm in its BoringSSL cryptographic library, which will allow it to be used by all services that depend on this library.
With the new changes, ML-KEM became incompatible with the previously used Kyber. In this regard, the TLS protocol will change the code responsible for hybrid post-quantum key exchange: instead of 0x6399 for Kyber768+X25519, the 0x11EC for ML-KEM768+X25519 will be used. These changes will take effect with the release of Chrome 131, after which the browser will no longer support Kyber, switching entirely to ML-KEM. In addition, Chrome will offer a key exchange forecast for hybrid ML-KEM.
This decision was made for several reasons. First, Kyber was just an experiment, and continued support could lead to the consolidation of non-standard algorithms. Second, using two key exchange predictions at once for post-quantum cryptography has proven to be too difficult. However, server operators will be able to temporarily support both algorithms to ensure compatibility with a wider range of clients during the upgrade process.
Moving to ML-KEM will avoid degraded client security, and delaying changes until Chrome 131 is released will give server operators time to adapt their systems.
In the long term, Google plans to address the compatibility issue of post-quantum algorithms with a new IETF draft specification to predict key exchange. This approach will allow servers to transmit supported algorithms over DNS, which will reduce unnecessary latency when using large post-quantum algorithms.
Source
Google has announced important changes in the field of post-quantum cryptography that will affect the Chrome browser. The company has previously experimented with a hybrid key exchange that combines the outdated X25519 algorithm and the post-quantum Kyber algorithm. This experiment reached 100% of Chrome users on desktop devices, although the Kyber algorithm was not complete and standardized at the time.
Now Kyber has passed the final stages of standardization, received minor technical changes and a new name - the mechanism for encapsulating the keys of modular lattices (ML-KEM). Google has already implemented this algorithm in its BoringSSL cryptographic library, which will allow it to be used by all services that depend on this library.
With the new changes, ML-KEM became incompatible with the previously used Kyber. In this regard, the TLS protocol will change the code responsible for hybrid post-quantum key exchange: instead of 0x6399 for Kyber768+X25519, the 0x11EC for ML-KEM768+X25519 will be used. These changes will take effect with the release of Chrome 131, after which the browser will no longer support Kyber, switching entirely to ML-KEM. In addition, Chrome will offer a key exchange forecast for hybrid ML-KEM.
This decision was made for several reasons. First, Kyber was just an experiment, and continued support could lead to the consolidation of non-standard algorithms. Second, using two key exchange predictions at once for post-quantum cryptography has proven to be too difficult. However, server operators will be able to temporarily support both algorithms to ensure compatibility with a wider range of clients during the upgrade process.
Moving to ML-KEM will avoid degraded client security, and delaying changes until Chrome 131 is released will give server operators time to adapt their systems.
In the long term, Google plans to address the compatibility issue of post-quantum algorithms with a new IETF draft specification to predict key exchange. This approach will allow servers to transmit supported algorithms over DNS, which will reduce unnecessary latency when using large post-quantum algorithms.
Source
