Google’s Post-Quantum Cryptography

Post Syndicated from Bruce Schneier original

News has been bubbling about an announcement by Google that it’s starting to experiment with public-key cryptography that’s resistant to by a quantum computer. Specifically, it’s experimenting with the New Hope algorithm.

It’s certainly interesting that Google is thinking about this, and probably okay that it’s available in the Canary version of Chrome, but this algorithm is by no means ready for operational use. Secure public-key are very hard to create, and this one has not had nearly enough analysis to be trusted. Lattice-based public-key cryptosystems such as New Hope are particularly subtle — and we cryptographers are still learning a lot about how they can be broken.

Targets are important in cryptography, and Google has turned New Hope into a good one. Consider this an opportunity to advance our cryptographic knowledge, not an offer of a more-secure option. And this is the right time for this area of research, before quantum computers make discrete-logarithm and factoring algorithms obsolete.