Google recently made a significant breakthrough in the field of quantum-resistant security with the release of its first open-source implementation of a quantum-resilient FIDO2 security key. This implementation incorporates a unique ECC/Dilithium hybrid signature schema co-created with ETH Zurich.
The FIDO2 authentication standard is widely used for passwordless authentication and as a multi-factor authentication measure. In light of the increasing advancements in quantum computing, Google emphasizes the importance of developing quantum-resistant security measures to ensure safety and security.
Traditional public key cryptography, which is designed to protect against conventional computers, is not equipped to withstand quantum attacks. With the rapid progress of practical quantum computers, the need to prepare for their potential impact becomes more pressing.
To address this concern, Google has pioneered a new hybrid algorithm by combining the established ECDSA algorithm with the Dilithium algorithm. Dilithium, recognized for its strong security and performance, is a quantum-resistant cryptographic signature scheme that has been proposed for post-quantum cryptography standardization by NIST.
Creating a hybrid signature approach that combines classic and quantum-resistant features was a complex undertaking. Google engineers successfully developed a Rust-based implementation that requires only 20KB of memory, making it feasible for use in security keys while maintaining high-performance capabilities.
The hybrid signature schema gained recognition at the ACNS 2023, where it received the “best workshop paper” award. It has now become a part of Google’s open-source security keys implementation known as OpenSK, which supports the FIDO U2F and FIDO2 standards.
Google aims for its quantum-resistant security proposal to be adopted as a new standard by FIDO2 and supported by major web browsers with substantial user bases. However, the company emphasizes the urgency for all stakeholders to act swiftly in implementing next-generation cryptography at an internet scale to make substantial progress in maintaining online security.
In addition to the quantum-resistant FIDO2 security key implementation, Google has also introduced the X25519Kyber768 cryptography mechanism in Chrome 116. This mechanism encrypts TLS connections and addresses the potential risk of future quantum computers being able to decrypt currently secure data, mitigating the “Harvest Now, Decrypt Later” threat.
FAQ
1. What is FIDO2?
FIDO2 is the second major version of the Fast IDentity Online authentication standard. It is widely used for passwordless authentication and as a multi-factor authentication element.
2. Why is quantum-resistant security important?
As quantum computing advances, the risk of quantum attacks on traditional public key cryptography increases. Implementing quantum-resistant security measures is crucial to ensure the safety and security of sensitive information.
3. What is the hybrid signature schema developed by Google?
The hybrid signature schema combines the established ECDSA algorithm with the Dilithium algorithm, which is a quantum-resistant cryptographic signature scheme proposed for post-quantum cryptography standardization by NIST.
4. What is OpenSK?
OpenSK is Google’s open-source security keys implementation that supports the FIDO U2F and FIDO2 standards. It now includes the newly developed quantum-resilient FIDO2 security key implementation.
5. How does Google address the risk of future quantum computers?
Google has introduced the X25519Kyber768 cryptography mechanism in Chrome 116, which encrypts TLS connections. This mechanism aims to protect against the potential decryption of currently secure data by future quantum computers.