Google is enhancing its post-quantum encryption protection on Chrome desktop with the new Chrome version 131 release [3], utilizing the ML-KEM standard approved by NIST for cryptographic key exchanges.
Description
Google is upgrading its post-quantum encryption protection on Chrome desktop with the new Chrome version 131 release by transitioning from the KYBER algorithm to the ML-KEM standard approved by NIST for cryptographic key exchanges. The ML-KEM standard [3], derived from CRYSTALS-KYBER KEM [1] [4], provides improved security against quantum computers. NIST has finalized encryption algorithms FIPS 203 (ML-KEM) [4], FIPS 204 (CRYSTALS-Dilithium or ML-DSA) [4], and FIPS 205 (Sphincs+ or SLH-DSA) for post-quantum security [4]. Microsoft is also updating its SymCrypt library to support ML-KEM and XMSS [1] [2] [4]. Additionally, a side-channel attack known as EUCLEAK has been identified, impacting Infineon security microcontrollers and YubiKey devices [1] [4]. Yubico plans to address this vulnerability by deprecating Infineon’s library in YubiKey firmware updates. It is worth noting that Google Titan security keys are also vulnerable to a similar side-channel attack.
Conclusion
The transition to the ML-KEM standard for post-quantum encryption marks a significant advancement in cybersecurity. Mitigating vulnerabilities such as the EUCLEAK side-channel attack is crucial for ensuring the security of devices and systems. Continued efforts to enhance encryption standards and address potential threats will be essential in safeguarding sensitive information in the future.
References
[1] https://www.ihash.eu/2024/09/google-chrome-switches-to-ml-kem-for-post-quantum-cryptography-defense/
[2] https://vulners.com/thn/THN:C340967F1D543716DCE9F1C8DF39B44D
[3] https://siliconfit.com/blog/2024/09/17/chrome-to-adopt-nist-approved-post-quantum-encryption-on-desktop/
[4] https://thehackernews.com/2024/09/google-chrome-switches-to-ml-kem-for.html
